IIA IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Exam Practice Test

Resisting both internal and external distractions.

Waiting to review key concepts until the speaker has finished talking.

Tuning out messages that do not seem to fit the meeting purpose.

Factoring in biases in order to evaluate the information being given.

Political.

Financial.

Social.

Tariff.

Set clear objectives.

Engage the various communities of practice within the organization.

Demonstrate support from senior management.

Establish key competencies.

Determining the trends that will influence key factors in the organization's environment.

Selecting the issue or decision that will impact how the organization conducts future business.

Selecting leading indicators to alert the organization of future developments.

Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.

The board has overall responsibility for the internal control processes associated with the CSR program.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with the CSR program.

The internal audit activity is responsible for ensuring that CSR principles are integrated into the

organization's policies and procedures.

Every employee has a responsibility for ensuring the success of the organization's CSR objectives.

Empathetic listening.

Reframing.

Reflective listening.

Dialogue.

1 and 4 only

2 and 3 only

2, 3, and 4 only

1, 2, and 4 only

Cutbacks in preventive maintenance.

An inadequately trained and supervised labor force.

A large number of rush orders.

Production of more units than planned for in the master budget.

Ensuring that payments to the vendor are appropriate and timely for the services delivered.

Ensuring that the vendor has complete management control of the outsourced process.

Ensuring that there are means of monitoring the efficiency of the outsourced process.

Ensuring that there are means of monitoring the effectiveness of the outsourced process.

1 and 3 only

2 and 4 only

1, 2, and 3 only

1, 2, 3, and 4

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

1 and 2 only

1 and 3 only

2 and 4 only

3 and 4 only

Systems-based preventive control.

People-based preventive control.

Systems-based detective control.

People-based detective control.

Standardization.

Global marketing.

Limited exporting.

Domestic marketing.

The average time per customer inquiry should be kept to a minimum.

Customer complaints should be processed promptly.

Employees should maintain a positive attitude when dealing with customers.

All customer inquiries should be answered within seven days of receipt.

Electronic funds transfer.

Knowledge-based systems.

Biometrics.

Standardized graphical user interface.

Joint ventures.

Licensing.

Exporting.

Overseas production.

Firewalls can protect against computer viruses.

Firewalls monitor attacks from the Internet.

Firewalls provide network administrators tools to retaliate against hackers.

Firewalls may be software-based or hardware-based.

Observation.

Inspection.

Original cost.

Vouching.

A sense of achievement.

Promotion.

Recognition.

An incremental increase in salary.

Internal strengths and weaknesses.

Break-even points.

External trends and events.

Internal risk factors.

Increasing complexity over time.

Interface with corporate systems.

Ability to meet user needs.

Hidden data columns or worksheets.

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

Chain.

All-channel.

Circle.

Wheel.

$170,000

$280,000

$300,000

$540,000

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

Tax deductions, exemptions, and tax filings.

Tax deductions, exemptions, and tax brackets.

Tax brackets, tax deductions, and tax payments.

Tax brackets, exemptions, and nominal tax receipts.

Avoidance.

Reduction.

Elimination.

Sharing.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Lost sales, lost customers, and backorder.

Lost sales, safety stock, and backorder.

Lost customers, safety stock, and backorder.

Lost sales, lost customers, and safety stock.

Buying an insurance policy to protect against loss events.

Hedging against natural gas price fluctuations.

Selling a non-strategic business unit.

Outsourcing a high risk process to a third party.

Ensuring that the other party has a personal stake in the agreement.

Focusing on interests rather than on obtaining a winning position.

Considering a few select choices during the settlement phase.

Basing the agreement on negotiating power and positioning leverage.

Risk acceptance.

Risk sharing.

Risk avoidance.

Risk reduction.

Forming stage.

Performing stage.

Norming stage.

Storming stage.

Prior to testing the new application.

During testing of the new application.

During implementation of the new application.

During maintenance of the new application.

Promote closer linkage between organizational strategy and information.

Provide users with greater online access to information systems.

Enhance the functionality of application systems.

Expand the use of automated controls.

Intranet.

Extranet.

Digital subscriber line.

Broadband.

Documentation of each system and its interactions, interfaces, and dependencies with other systems and databases is not gathered and maintained.

Batch processing jobs include key financial data that is not posted to the accounting system until the next day. preventing real-time queries.

The job scheduling tool frequently malfunctions, causing scheduled jobs not to run. An error message is sent to IT personnel when a job fails.

The implementation of a major update for a key application is delayed until any potential

interdependencies are identified and analyzed.

Change management controls

Physical and environmental controls.

System software controls

Organization and management controls

Session hijacking.

Jailbreaking.

Eavesdropping.

Authentication.

Y should be listed as an investment asset on X's balance sheet

X must consolidate the financial statements for both organizations

Y should be reported as a footnote to X's financial statements

Y should not be reported by X as X does not have a controlling interest

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences but cannot be used to identify the absence of differences

A company reports trading and investment securities at their market cost.

A building purchased last year for $1 million is currently worth $1.2 million, but the company still reports the building at $1 million.

A building purchased last year for $1 million is currently worth $1.2 million, and the company adjusts the records to reflect the current value.

A company reports assets at either historical or fair value, depending which is closer to market value.

26 days.

90 days.

100 days.

110 days.

Operating system

Utility software

Firewall

Application software

UDAs are less flexible and more difficult to configure than traditional IT applications.

Updating UDAs may lead to various errors resulting from changes or corrections.

UDAs typically are subjected to application development and change management controls.

Using UDAs typically enhances the organization's ability to comply with regulatory factors.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

Review the password length, frequency of change, and list of users for the workstation's login process.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

Controls that focus on segregation of duties, financial and change management

Personnel policies that define and enforce conditions for staff in sensitive IT areas

Standards that support IT policies by more specifically defining required actions

Controls that focus on data structures and the minimum level of documentation required

A slight increase in carrying costs.

A greater need for inspection of goods as the goods arrive.

A greater need for linkage with a vendor s computerized order entry system.

An increase in the number of suitable suppliers

1 2. and 3 only.

1. 2 and 4 only

1, 3. and 4 only.

1,2. 3, and 4

An offboarding procedure is initiated monthly to determine redundant physical access rights

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns

Requests for additional access rights are sent for approval and validation by direct supervisors

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

A list of trustworthy good traffic and a list of unauthorized blocked traffic.

Monitoring for vulnerabilities based on industry intelligence

Comprehensive service level agreements with vendors.

Firewall and other network penmeter protection tools.

Input controls

Output controls

Processing controls

Integrity controls

Plenum.

Biometric lock.

Identification card.

Electromechanical lock.

Require regular performance appraisals

Perform exit interviews

Encourage periodic rotation of employee duties.

Ensure mandatory vacations

Lower shareholder control.

Lower indebtedness.

Higher company earnings per share.

Higher overall company earnings.

Divesting product lines expected to have negative profitability.

Increasing the diversity of strategic business units.

Increasing investment in research and development for a new product.

Relocating the organization's manufacturing to another country.

Voice recognition and token.

Password and fingerprint.

Fingerprint and voice recognition

Password and token

The cash dividends received increase the investee investment account accordingly.

The investee must adjust the investment account by the ownership interest.

The investment account is adjusted downward by the percentage of ownership.

The investee must record the cash dividends as dividend revenue.

Company goods that were sold during the year free on board shipping point that have been shipped but not yet received by the customer

Goods purchased by the company free on board destination mat have not yet been received

Goods on consignment, which the company is trying to sell for its customers

Company goods tor sale on consignment at a consignment shop

Debit indicates the right side of an account and credit the left side.

Debit means an increase in an account and credit means a decrease.

Credit indicates the right side of an account and debit the left side.

Credit means an increase in an account and debit means a decrease.

The auditor eliminated duplicate information.

The auditor organized data to minimize useless information.

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and corrected.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

Boundary defense

Malware defense

Penetration tests

Wireless access controls

Network

Database

Operating system

Server

Boundary defense.

Malware defense.

Penetration tests.

Wireless access controls.

Initiation phase.

Bidding phase.

Development phase.

Negotiation phase

A traditional key lock

A biometric device.

A card-key system

A proximity device

Full cost

Full cost plus a markup.

Market price of the product

Variable cost plus a markup

Providing fire detection and suppression equipment

Establishing a physical security policy and promoting it throughout the organization

Performing business continuity and disaster recovery planning

Keeping an offsite backup of the organization's critical data

$1.480.000

$1 500 000

$1,610.000

$1650 000

Workflow and data capture technology

Data visualization applications.

Software integrated with central data warehouse

Spreadsheets.

Data is synchronized in real lime

Recovery time is expected to be less than one week

Servers are not available and need to be procured

Recovery resources and data restore processes have not been defined

Conduct a risk assessment regarding the effectiveness of the data analytics process.

Analyze possible and available sources of raw data

Define the purpose and the anticipated value

Select data for cleaning and normalization procedures.