Special Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

IIA IIA-CIA-Part3 Business Knowledge for Internal Auditing Exam Practice Test

Page: 1 / 42
Total 416 questions

Business Knowledge for Internal Auditing Questions and Answers

Question 1

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Options:

A.

Security.

B.

Status.

C.

Recognition.

D.

Relationship with coworkers

Question 2

Which of the following activities best illustrates a user's authentication control?

Options:

A.

Identity requests are approved in two steps.

B.

Logs are checked for misaligned identities and access rights.

C.

Users have to validate their identity with a smart card.

D.

Functions can toe performed based on access rights

Question 3

When determining the level of physical controls required for a workstation, which of the following factors should be considered?

Options:

A.

Ease of use.

B.

Value to the business.

C.

Intrusion prevention.

D.

Ergonomic model.

Question 4

An organization decided to reorganize into a flatter structure. Which of the following changes would be expected with this new structure?

Options:

A.

Lower costs.

B.

Slower decision making at the senior executive level.

C.

Limited creative freedom in lower-level managers.

D.

Senior-level executives more focused on short-term, routine decision making

Question 5

Which of the following represents an inventory costing technique that can be manipulated by management to boost net income by selling units purchased at a low cost?

Options:

A.

First-in. first-out method (FIFO).

B.

Last-in, first-out method (LIFO).

C.

Specific identification method.

D.

Average-cost method

Question 6

A company records income from an investment in common stock when it does which of the following?

Options:

A.

Purchases bonds.

B.

Receives interest.

C.

Receives dividends

D.

Sells bonds.

Question 7

Which of the following inventory costing methods requires the organization to account for the actual cost paid for the unit being sold?

Options:

A.

Last-in-first-Out (LIFO}.

B.

Average cost.

C.

First-in-first-out (FIFO).

D.

Specific identification

Question 8

Which of the following best explains the matching principle?

Options:

A.

Revenues should be recognized when earned.

B.

Revenue recognition is matched with cash.

C.

Expense recognition is tied to revenue recognition.

D.

Expenses are recognized at each accounting period.

Question 9

Which of the following represents a basis for consolidation under the International Financial Reporting Standards?

Options:

A.

Variable entity approach.

B.

Control ownership.

C.

Risk and reward.

D.

Voting interest.

Question 10

Which of the following lists best describes the classification of manufacturing costs?

Options:

A.

Direct materials, indirect materials, raw materials.

B.

Overhead costs, direct labor, direct materials.

C.

Direct materials, direct labor, depreciation on factory buildings.

D.

Raw materials, factory employees' wages, production selling expenses.

Question 11

Employees at an events organization use a particular technique to solve problems and improve processes. The technique consists of five steps: define, measure, analyze,

improve, and control. Which of the following best describes this approach?

Options:

A.

Six Sigma,

B.

Quality circle.

C.

Value chain analysis.

D.

Theory of constraints.

Question 12

Which of the following parties is most likely to be responsible for maintaining the infrastructure required to prevent the failure of a real-time backup of a database?

Options:

A.

IT database administrator.

B.

IT data center manager.

C.

IT help desk function.

D.

IT network administrator.

Question 13

Which of the following IT disaster recovery plans includes a remote site dessgnated for recovery with available space for basic services, such as internet and

telecommunications, but does not have servers or infrastructure equipment?

Options:

A.

Frozen site

B.

Cold site

C.

Warm site

D.

Hot site

Question 14

What is the primary risk associated with an organization adopting a decentralized structure?

Options:

A.

Inability to adapt.

B.

Greater costs of control function.

C.

Inconsistency in decision making.

D.

Lack of resilience.

Question 15

Which of the following IT layers would require the organization to maintain communication with a vendor in a tightly controlled and monitored manner?

Options:

A.

Applications

B.

Technical infrastructure.

C.

External connections.

D.

IT management

Question 16

Which of the following contract concepts is typically given in exchange for the execution of a promise?

Options:

A.

Lawfulness.

B.

Consideration.

C.

Agreement.

D.

Discharge

Question 17

A manufacturer ss deciding whether to sell or process materials further. Which of the following costs would be relevant to this decision?

Options:

A.

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

B.

Joint costs, incremental processing costs, and variable manufacturing expenses.

C.

Incremental revenue, joint costs, and incremental processing costs.

D.

Variable manufacturing expenses, incremental revenue, and joint costs

Question 18

An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data.

What would be the most appropriate directive control in this area?

Options:

A.

Require a Service Organization Controls (SOC) report from the service provider

B.

Include a data protection clause in the contract with the service provider.

C.

Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.

D.

Encrypt the employees ' data before transmitting it to the service provider

Question 19

Which of the following concepts of managerial accounting is focused on achieving a point of low or no inventory?

Options:

A.

Theory of constraints.

B.

Just-in-time method.

C.

Activity-based costing.

D.

Break-even analysis

Question 20

Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized. As such: which of the

following would be a characteristic of the now highly centralized organization?

Options:

A.

Top management does little monitoring of the decisions made at lower levels.

B.

The decisions made at the lower levels of management are considered very important.

C.

Decisions made at lower levels in the organizational structure are few.

D.

Reliance is placed on top management decision making by few of the organization's departments.

Question 21

An organization is considering integration of governance, risk., and compliance (GRC) activities into a centralized technology-based resource. In implementing this GRC

resource, which of the following is a key enterprise governance concern that should be fulfilled by the final product?

Options:

A.

The board should be fully satisfied that there is an effective system of governance in place through accurate, quality information provided.

B.

Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.

C.

Key compliance and risk metrics can be tracked and compared throughout the enterprise, aiding in identifying problem departments.

D.

Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization.

Question 22

An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational capability in the event of a disaster, Which of the following best describes this approach to disaster recovery planning?

Options:

A.

Cold recovery plan,

B.

Outsourced recovery plan.

C.

Storage area network recovery plan.

D.

Hot recovery plan

Question 23

According to 11A guidance on it; which of the following statements is true regarding websites used in e-commerce transactions?

Options:

A.

HTTP sites provide sufficient security to protect customers' credit card information.

B.

Web servers store credit cardholders' information submitted for payment.

C.

Database servers send cardholders’ information for authorization in clear text.

D.

Payment gatewaysauthorizecredit cardonlinepayments.

Question 24

Which of the following describes a third-party network that connects an organization specifically with its trading partners?

Options:

A.

Value-added network (VAN).

B.

Local area network (LAN).

C.

Metropolitan area network (MAN).

D.

Wide area network (WAN).

Question 25

An organization created a formalized plan for a large project. Which of the following should be the first step in the project management plan?

Options:

A.

Estimate time required to complete the whole project.

B.

Determine the responses to expected project risks.

C.

Break the project into manageable components.

D.

Identify resources needed to complete the project

Question 26

An analytical model determined that on Friday and Saturday nights the luxury brands stores should be open for extended hours and with a doubled number of employees

present; while on Mondays and Tuesdays costs can be minimized by reducing the number of employees to a minimum and opening only for evening hours Which of the

following best categorizes the analytical model applied?

Options:

A.

Descriptive.

B.

Diagnostic.

C.

Prescriptive.

D.

Prolific.

Question 27

Which of the following best describes owner's equity?

Options:

A.

Assets minus liabilities.

B.

Total assets.

C.

Total liabilities.

D.

Owners contribution plus drawings.

Question 28

An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team's performance related to how project tasks are completed?

Options:

A.

A balanced scorecard.

B.

A quality audit

C.

Earned value analysis.

D.

Trend analysis

Question 29

Which of the following would an organization execute to effectively mitigate and manage risks created by a crisis or event?

Options:

A.

Only preventive measures.

B.

Alternative and reactive measures.

C.

Preventive and alternative measures.

D.

Preventive and reactive measures.

Question 30

Which of the following controls would be most efficient to protect business data from corruption and errors?

Options:

A.

Controls to ensure data is unable to be accessed without authorization.

B.

Controls to calculate batch totals to identify an error before approval.

C.

Controls to encrypt the data so that corruption is likely ineffective.

D.

Controls to quickly identify malicious intrusion attempts.

Question 31

Which of the following practices circumvents administrative restrictions on smart devices, thereby increasing data security risks?

Options:

A.

Rooting.

B.

Eavesdropping.

C.

Man in the middle.

D.

Session hijacking.

Question 32

Which of the following is the best example of IT governance controls?

Options:

A.

Controls that focus on segregation of duties, financial, and change management,

B.

Personnel policies that define and enforce conditions for staff in sensitive IT areas.

C.

Standards that support IT policies by more specifically defining required actions

D.

Controls that focus on data structures and the minimum level of documentation required

Question 33

Which of the following responsibilities would ordinary fall under the help desk function of an organization?

Options:

A.

Maintenance service items such as production support.

B.

Management of infrastructure services, including network management.

C.

Physical hosting of mainframes and distributed servers

D.

End-to -end security architecture design.

Question 34

Which of the following statements, is true regarding the capital budgeting procedure known as discounted payback period?

Options:

A.

It calculates the overall value of a project.

B.

It ignores the time value of money.

C.

It calculates the time a project takes to break even.

D.

It begins at time zero for the project.

Question 35

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

D.

Use management software scan and then prompt parch reminders when devices connect to the network

Question 36

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

A.

An extranet

B.

A local area network

C.

An Intranet

D.

The internet

Question 37

Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

Clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Question 38

An organization's account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?

Options:

A.

A debit to office supplies on hand for S2.500

B.

A debit to office supplies on hand for $11.500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Question 39

An organization requires an average of 5S days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables. If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?

Options:

A.

26 days.

B.

90 days,

C.

100 days.

D.

110 days

Question 40

According to IIA guidance, which of the following statements is true regarding analytical procedures?

Options:

A.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

B.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

C.

Data relationships cannot include comparisons between operational and statistical data

D.

Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences

Question 41

Which of the following is an example of a physical control?

Options:

A.

Providing fire detection and suppression equipment

B.

Establishing a physical security policy and promoting it throughout the organization

C.

Performing business continuity and disaster recovery planning

D.

Keeping an offsite backup of the organization's critical data

Question 42

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various Junctions.

C.

Authority, responsibility and accountability of the units Involved may vary based on the project's life, or the organization's culture

D.

It is best suited for firms with scattered locations or for multi-line, Large-scale firms.

Question 43

According to IIA guidance, which of the following would be the best first stop to manage risk when a third party is overseeing the organization's network and data?

Options:

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C.

Applying administrative privileges to ensure right to access controls are appropriate.

D.

Creating a standing cyber-security committee to identify and manage risks related to data security

Question 44

According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?

Options:

A.

Hot recovery plan

B.

Warm recovery plan

C.

Cold recovery plan

D.

Absence of recovery plan

Question 45

According to IIA guidance, which of the following links computers and enables them to -communicate with each other?

Options:

A.

Application program code

B.

Database system

C.

Operating system

D.

Networks

Question 46

An internal auditor found the following information while reviewing the monthly financial siatements for a wholesaler of safety

Question # 46

The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?

Options:

A.

Average cost method

B.

First-in, first-out (FIFO) method

C.

Specific identification method

D.

Activity-based costing method

Question 47

Which of the following is a security feature that Involves the use of hardware and software to filter or prevent specific Information from moving between the inside network and the outs de network?

Options:

A.

Authorization

B.

Architecture model

C.

Firewall

D.

Virtual private network

Question 48

A one-time password would most likely be generated in which of the following situations?

Options:

A.

When an employee accesses an online digital certificate

B.

When an employee's biometrics have been accepted.

C.

When an employee creates a unique digital signature,

D.

When an employee uses a key fob to produce a token.

Question 49

Which of the following would be a concern related to the authorization controls utilized for a system?

Options:

A.

Users can only see certain screens in the system.

B.

Users are making frequent password change requests.

C.

Users Input Incorrect passwords and get denied system access

D.

Users are all permitted uniform access to the system.

Question 50

Which of the following scenarios best illustrates a spear phishing attack?

Options:

A.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

B.

A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.

C.

A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

D.

Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.

Question 51

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

Options:

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Question 52

A new manager received computations of the internal fate of return regarding the project proposal. What should the manager compare the computation results to in order to determine whether the project is potentially acceptable?

Options:

A.

Compare to the annual cost of capital

B.

Compare to the annual interest data.

C.

Compare to the required rate of return.

D.

Compare to the net present value.

Question 53

An organization and its trading partner rely on a computer-to-computer exchange of digital business documents. Which of the following best describes this scenario?

Options:

A.

Use of a central processing unit

B.

Use of a database management system

C.

Use of a local area network

D.

Use of electronic data Interchange

Question 54

Which of the following best explains why an organization would enter into a capital lease contract?

Options:

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization's free cash flow from operations

C.

To Improve the organization's free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Question 55

An organization has 10,000 units of a defect item in stock, per unit, market price is $10$; production cost is $4; and defect selling price is $5. What is the carrying amount (inventory value) of defects at your end?

Options:

A.

$0

B.

$4,000

C.

$5,000

D.

$10,000

Question 56

A retail organization mistakenly did have include $10,000 of Inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?

Options:

A.

Cost of sales and net income are understated.

B.

Cost of sales and net income are overstated.

C.

Cost of sales is understated and not income is overstated.

D.

Cost of sales is overstated and net Income is understated.

Question 57

How do data analysis technologies affect internal audit testing?

Options:

A.

They improve the effectiveness of spot check testing techniques.

B.

They allow greater insight into high risk areas.

C.

They reduce the overall scope of the audit engagement,

D.

They increase the internal auditor's objectivity.

Question 58

As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized cate?

Options:

A.

The auditor eliminated duplicate information.

B.

The auditor organized data to minimize useless information.

C.

The auditor made data usable for a specific purpose by ensuring that anomalies were Identified and corrected.

D.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

Question 59

An internal auditor is assessing the risks related to an organization's mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internal

Auditor be most concerned about?

Options:

A.

Compliance.

B.

Privacy

C.

Strategic

D.

Physical security

Question 60

Which of the following principles s shared by both hierarchies and open organizational structures?

1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions.

2. A supervisor's span of control should not exceed seven subordinates.

3. Responsibility should be accompanied by adequate authority.

4. Employees at all levels should be empowered to make decisions.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 61

At one organization, the specific terms of a contract require both the promisor end promise to sign the contract in the presence of an independent witness.

What is the primary role to the witness to these signatures?

Options:

A.

A witness verifies the quantities of the copies signed.

B.

A witness verifies that the contract was signed with the free consent of the promisor and promise.

C.

A witness ensures the completeness of the contract between the promisor and promise.

D.

A witness validates that the signatures on the contract were signed by tire promisor and promise.

Question 62

Which type of bond sells at & discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Options:

A.

High-yield bonds

B.

Commodity-backed bonds

C.

Zero coupon bonds

D.

Junk bonds

Question 63

When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

Options:

A.

Direct product costs

B.

Indirect costs

C.

Direct period costs

D.

Indirect period costs

Question 64

According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Options:

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Question 65

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange (EDI)?

Options:

A.

A just-in-time purchasing environment

B.

A large volume of custom purchases

C.

A variable volume sensitive to material cost

D.

A currently inefficient purchasing process

Question 66

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals

C.

Suboptimal decision-making

D.

Duplication of business activities

Question 67

An organization’s account for office supplies on hand had a balance of $9,000 at the end of year one. During year two, the organization recorded an expense for purchasing office supplies. At the end of year two, a physical count determined that the organization has $11,500 in office supplies on hand. Based on this information, what would be recorded in the adjusting entry at the end of year two?

Options:

A.

A debit to office supplies on hand for $2,500

B.

A debit to office supplies on hand for $11,500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Question 68

According to Herzberg’s Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees?

Options:

A.

Salary and status.

B.

Responsibility and advancement.

C.

Work conditions and security.

D.

Peer relationships and personal life.

Question 69

A retail organization mistakenly did not include $10,000 of inventory in the physical count at the end of the year. What was the impact to the organization’s financial statements?

Options:

A.

Cost of sales and net income are understated

B.

Cost of sales and net income are overstated

C.

Cost of sales is understated and net income is overstated

D.

Cost of sales is overstated and net income is understated

Question 70

Which of the following statements is true regarding the management-by-objectives (MBO) approach?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks

C.

Management by objectives helps organizations to keep employees motivated

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Question 71

Which of the following application controls is the most dependent on the password owner?

Options:

A.

Password selection.

B.

Password aging.

C.

Password lockout.

D.

Password rotation.

Question 72

Which of the following describes the primary advantage of using data analytics in internal auditing?

Options:

A.

It helps support the internal audit conclusions with factual evidence.

B.

It reduces the time and effort needed to prepare the audit report.

C.

It helps prevent internal auditors from unknowingly disregarding key process risks.

D.

It enables internal auditors to meet their responsibility for monitoring controls.

Question 73

Which of the following is an example of a physical control?

Options:

A.

Providing fire detection and suppression equipment

B.

Establishing a physical security policy and promoting it throughout the organization

C.

Performing business continuity and disaster recovery planning

D.

Keeping an offsite backup of the organization’s critical data

Question 74

The head of the research and development department at a manufacturing organization believes that his team lacks expertise in some areas and decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

Favorable labor efficiency variance

Adverse labor rate variance

Adverse labor efficiency variance

Favorable labor rate variance

Options:

A.

1 and 2.

B.

1 and 4.

C.

3 and 4.

D.

2 and 3.

Question 75

Which of the following is a systems software control?

Options:

A.

Restricting server room access to specific individuals.

B.

Housing servers with sensitive software away from environmental hazards.

C.

Ensuring that all user requirements are documented.

D.

Performing intrusion testing on a regular basis.

Question 76

Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

Options:

A.

Requested backup tapes were not returned from the offsite vendor in a timely manner

B.

Returned backup tapes from the offsite vendor contained empty spaces

C.

Critical systems have been backed up more frequently than required

D.

Critical system backup tapes are taken off site less frequently than required

Question 77

Which of the following best explains why an organization would enter into a capital lease contract?

Options:

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization’s free cash flow from operations

C.

To improve the organization’s free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Question 78

During which phase of the contracting process are contracts drafted for a proposed business activity?

Options:

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Management phase.

Question 79

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.

There is a higher reliance on organizational culture.

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed.

D.

There is a defined code for employee behavior.

Question 80

Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of infringement on local regulations, such as copyright or privacy laws?

Options:

A.

Not installing anti-malware software.

B.

Updating operating software in a haphazard manner.

C.

Applying a weak password for access to a mobile device.

D.

Jailbreaking a locked smart device.

Question 81

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization’s network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage

D.

Use management software to scan and then prompt patch reminders when devices connect to the network

Question 82

Which of the following types of data analytics would be used by a hospital to determine which patients are likely to require readmittance for additional treatment?

Options:

A.

Predictive analytics

B.

Prescriptive analytics

C.

Descriptive analytics

D.

Diagnostic analytics

Question 83

During a payroll audit, the internal auditor is assessing the security of the local area network of the payroll department computers. Which of the following IT controls should the auditor test?

Options:

A.

IT application-based controls

B.

IT systems development controls

C.

Environmental controls

D.

IT governance controls

Question 84

Which of the following differentiates a physical access control from a logical access control?

Options:

A.

Physical access controls secure tangible IT resources, whereas logical access controls secure software and data internal to the IT system.

B.

Physical access controls secure software and data internal to the IT system, whereas logical access controls secure tangible IT resources.

C.

Physical access controls include firewalls, user IDs, and passwords, whereas logical access controls include locks and security guards.

D.

Physical access controls include input processing and output controls, whereas logical access controls include locked doors and security guards.

Question 85

What is the primary purpose of an integrity control?

Options:

A.

To ensure data processing is complete, accurate, and authorized

B.

To ensure data being processed remains consistent and intact

C.

To monitor the effectiveness of other controls

D.

To ensure the output aligns with the intended result

Question 86

When using data analytics during a review of the procurement process, what is the first step in the analysis process?

Options:

A.

Identify data anomalies and outliers

B.

Define questions to be answered

C.

Identify data sources available

D.

Determine the scope of the data extract

Question 87

Which of the following lists is comprised of computer hardware only?

Options:

A.

A central processing unit, a scanner, and a value-added network

B.

A computer chip, a data warehouse, and a router

C.

A server, a firewall, and a smartphone

D.

A workstation, a modem, and a disk drive

Question 88

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?

Options:

A.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters

B.

Orders, commands, and advice are sent to the subsidiaries from headquarters

C.

People of local nationality are developed for the best positions within their own country

D.

There is a significant amount of collaboration between headquarters and subsidiaries

Question 89

What kind of strategy would be most effective for an organization to adopt in order to implement a unique advertising campaign for selling identical products across all of its markets?

Options:

A.

Export strategy.

B.

Transnational strategy.

C.

Multi-domestic strategy.

D.

Globalization strategy.

Question 90

An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

Options:

A.

It is particularly helpful to management when the organization is facing rapid change

B.

It is a more successful approach when adopted by mechanistic organizations

C.

It is more successful when goal-setting is performed not only by management, but by all team members, including lower-level staff

D.

It is particularly successful in environments that are prone to having poor employer-employee relations

Question 91

An organization that sells products to a foreign subsidiary wants to charge a price that will decrease import tariffs. Which of the following is the best course of action for the organization?

Options:

A.

Decrease the transfer price.

B.

Increase the transfer price.

C.

Charge at the arm’s length price.

D.

Charge at the optimal transfer price.

Question 92

According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?

Options:

A.

Individual workstation computer controls are not as important as companywide server controls

B.

Particular attention should be paid to housing workstations away from environmental hazards

C.

Cybersecurity issues can be controlled at an enterprise level, making workstation-level controls redundant

D.

With security risks near an all-time high, workstations should not be connected to the company network

Question 93

Which of the following controls refers to requiring employees to use a combination of PINs, passwords, and/or biometrics to access an organization's smart device apps and data?

Options:

A.

Remote wipe.

B.

Software encryption.

C.

Device encryption.

D.

Authentication.

Question 94

A new clerk in the managerial accounting department applied the high-low method and computed the difference between the high and low levels of maintenance costs. Which type of maintenance costs did the clerk determine?

Options:

A.

Fixed maintenance costs.

B.

Variable maintenance costs.

C.

Mixed maintenance costs.

D.

Indirect maintenance costs.

Question 95

Which of the following best describes a potential benefit of using data analyses?

Options:

A.

It easily aligns with existing internal audit competencies to reduce expenses

B.

It provides a more holistic view of the audited area.

C.

Its outcomes can be easily interpreted into audit: conclusions.

D.

Its application increases internal auditors' adherence to the Standards

Question 96

In an organization that produces chocolate, the leadership team decides that the organization will open a milk production facility for its milk chocolate. Which of the following strategies have the organization chosen?

Options:

A.

Vertical integration.

B.

Unrelated diversification.

C.

Differentiation

D.

Focus

Question 97

Which of the following can be classified as debt investments?

Options:

A.

Investments in the capital stock of a corporation

B.

Acquisition of government bonds.

C.

Contents of an investment portfolio,

D.

Acquisition of common stock of a corporation

Question 98

A bond that matures after one year has a face value of S250,000 and a coupon of $30,000. if the market price of the bond is 5265,000, which of the following would be the market interest rate?

Options:

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12 50 percent.

Question 99

Which of the following statements Is true regarding the use of centralized authority to govern an organization?

Options:

A.

Fraud committed through collusion is more likely when authority is centralized.

B.

Centralized managerial authority typically enhances certainty and consistency within an organization.

C.

When authority is centralized, the alignment of activities to achieve business goals typically is decreased.

D.

Using separation of duties to mitigate collusion is reduced only when authority is centralized.

Question 100

An organization buys equity securities for trading purposes and sells them within a short time period. Which of the following is the correct way to value and report those securities at a financial statement date?

Options:

A.

At fair value with changes reported in the shareholders' equity section.

B.

At fair value with changes reported in net income.

C.

At amortized cost in the income statement.

D.

As current assets in the balance sheet

Question 101

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25.000 shirts. Actual sales total S300.000. What is margin of safety sales for the company?

Options:

A.

$100.000

B.

$200,000

C.

$275,000

D.

$500,000

Question 102

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Options:

A.

Relationship with supervisor

B.

Salary

C.

Security.

D.

Achievement

Question 103

An internal auditor was assigned to test for ghost employees using data analytics. The auditor extracted employee data from human resources and payroll. Using spreadsheet functions, the auditor matched data sets by name and assumed that employees who were not present in each data set should be investigated further. However, the results seemed erroneous, as very few employees matched across all data sets. Which of the following data analytics steps has the auditor most likely omitted?

Options:

A.

Data analysis.

B.

Data diagnostics.

C.

Data velocity.

D.

Data normalization.

Question 104

Which of the following is a characteristic of big data?

Options:

A.

Big data is often structured.

B.

Big data analytic results often need to be visualized.

C.

Big data is often generated slowly and is highly variable.

D.

Big data comes from internal sources kept in data warehouses.

Question 105

Which of the following organization structures would most likely be able to cope with rapid changes and uncertainties?

Options:

A.

Decentralized

B.

Centralized

C.

Departmentalized

D.

Tall structure

Question 106

When auditing databases, which of the following risks would an Internal auditor keep In mind In relation to database administrators?

Options:

A.

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

B.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

C.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

D.

The risk that database administrators could make hidden changes using privileged access.

Question 107

Management is pondering the following question:

"How does our organization compete?"

This question pertains to which of the following levels of strategy?

Options:

A.

Functional-level strategy

B.

Corporate-level strategy.

C.

Business-level strategy,

D.

DepartmentsHevet strategy

Question 108

Which of the following networks is suitable for an organization that has operations In multiple cities and countries?

Options:

A.

Wide area network.

B.

Local area network

C.

Metropolitan area network.

D.

Storage area network.

Question 109

When executive compensation is based on the organization's financial results, which of the following situations is most likely to arise?

Options:

A.

The organization reports inappropriate estimates and accruals due to poof accounting controls.

B.

The organization uses an unreliable process forgathering and reporting executive compensation data.

C.

The organization experiences increasing discontent of employees, if executives are eligible for compensation amounts that are deemed unreasonable.

D.

The organization encourages employee behavior that is inconsistent with the interests of relevant stakeholders.

Question 110

While conducting an audit of the accounts payable department, an internal auditor found that 3% of payments made during the period under review did not agree with the submitted invoices. Which of the following key performance indicators (KPIs) for the department would best assist the auditor in determining the significance of the test results?

Options:

A.

A KPI that defines the process owner's tolerance for performance deviations.

B.

A KPI that defines the importance of performance levels and disbursement statistics being measured.

C.

A KPI that defines timeliness with regard to reporting disbursement data errors to authorized personnel.

D.

A KPI that defines operating ratio objectives of the disbursement process.

Question 111

An organization contracted a third-party service provider to plan, design, and build a new facility. Senior management would like to transfer all of the risk to the builder. Which type of procurement contract would the organization use?

Options:

A.

Cost-plus contract.

B.

Turnkey contract.

C.

Service contract.

D.

Solutions contract.

Question 112

Which of the following business practices promotes a culture of high performance?

Options:

A.

Reiterating the importance of compliance with established policies and procedures.

B.

Celebrating employees' individual excellence.

C.

Periodically rotating operational managers.

D.

Avoiding status differences among employees.

Question 113

An organization has an immediate need for servers, but no time to complete capital acquisitions. Which of the following cloud services would assist with this situation?

Options:

A.

Infrastructure as a Service (laaS).

B.

Platform as a Service (PaaS).

C.

Enterprise as a Service (EaaS).

D.

Software as a Service (SaaS).

Question 114

Which of the following is a limitation of the remote wipe for a smart device?

Options:

A.

Encrypted data cannot be locked to prevent further access

B.

Default settings cannot be restored on the device.

C.

All data, cannot be completely removed from the device

D.

Mobile device management software is required for successful remote wipe

Question 115

Which of the following is an example of a physical control designed to prevent security breaches?

Options:

A.

Preventing database administrators from initiating program changes

B.

Blocking technicians from getting into the network room.

C.

Restricting system programmers' access to database facilities

D.

Using encryption for data transmitted over the public internet

Question 116

Which of the following is true of bond financing, compared to common stock, when alJ other variables are equal?

Options:

A.

Lower shareholder control

B.

lower indebtedness

C.

Higher company earnings per share.

D.

Higher overall company earnings

Question 117

Which of the following statements describes the typical benefit of using a flat organizational structure for the internal audit activity, compared to a hierarchical structure?

Options:

A.

A flat structure results in lower operating and support costs than a hierarchical structure.

B.

A flat structure results in a stable and very collaborative environment.

C.

A flat structure enables field auditors to report to and learn from senior auditors.

D.

A flat structure is more dynamic and offers more opportunities for advancement than a hierarchical structure.

Question 118

Which of the following is a distinguishing feature of managerial accounting, which is not applicable to financial accounting?

Options:

A.

Managerial accounting uses double-entry accounting and cost data.

B.

Managerial accounting uses general accepted accounting principles.

C.

Managerial accounting involves decision making based on quantifiable economic events.

D.

Managerial accounting involves decision making based on predetermined standards.

Question 119

During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

Options:

A.

Initiation phase

B.

Bidding phase

C.

Development phase

D.

Negotiation phase

Question 120

A company that supplies medications to large hospitals relies heavily on subcontractors to replenish any shortages within 24 hours. Where should internal auditors look for evidence that subcontractors are held responsible for this obligation?

Options:

A.

The company's code of ethics.

B.

The third-party management risk register.

C.

The signed service-level agreement.

D.

The subcontractors' annual satisfaction survey.

Question 121

Which of the following statements is true regarding the term "flexible budgets" as it is used in accounting?

Options:

A.

The term describes budgets that exclude fixed costs.

B.

Flexible budgets exclude outcome projections, which are hard to determine, and instead rely on the most recent actual outcomes.

C.

The term is a red flag for weak budgetary control activities.

D.

Flexible budgets project data for different levels of activity.

Question 122

A third party who provides payroll services to the organization was asked to create audit or “read-only 1 functionalities in their systems. Which of the following statements is true regarding this request?

Options:

A.

This will support execution of the right-to-audit clause.

B.

This will enforce robust risk assessment practices

C.

This will address cybersecurity considerations and concerns.

D.

This will enhance the third party's ability to apply data analytics

Question 123

A financial institution receives frequent and varied email requests from customers for funds to be wired out of their accounts. Which verification activity would best help the institution avoid falling victim to phishing?

Options:

A.

Reviewing the customer's wire activity to determine whether the request is typical.

B.

Calling the customer at the phone number on record to validate the request.

C.

Replying to the customer via email to validate the sender and request.

D.

Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.

Question 124

Which of the following would be the best method to collect information about employees' job satisfaction?

Options:

A.

Online surveys sent randomly to employees.

B.

Direct onsite observations of employees.

C.

Town hall meetings with employees.

D.

Face-to-face interviews with employees.

Page: 1 / 42
Total 416 questions