IIA IIA-CIA-Part3 Business Knowledge for Internal Auditing Exam Practice Test

Decentralized

Centralized

Departmentalized

Tall structure

Duplicate testing.

Joining data sources.

Gap analysis.

Classification

Perform gap testing.

Join different data sources.

Perform duplicate testing.

Calculate statistical parameters.

Ease of use.

Value to the business.

Intrusion prevention.

Ergonomic model.

To verify that the application meets stated user requirements.

To verify that standalone programs match code specifications.

To verify that the application would work appropriately for the intended number of users.

To verify that all software and hardware components work together as intended.

Risk tolerance

Performance

Threats and opportunities

Governance

Draft separate audit reports for business and IT management.

Conned IT audit findings to business issues.

Include technical details to support IT issues.

Include an opinion on financial reporting accuracy and completeness.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.

It should be reported as an administrative expense on the income statement.

It should be reported as period cost other than a product cost on the management accounts

It should be reported as cost of goods sold on the income statement.

It should be reported on the balance sheet as part of inventory.

Data is synchronized in real time

Recovery time is expected to be less than one week

Servers are not available and need to be procured

Recovery resources end data restore processes have not been defined.

Waterfall.

Projects in Controlled Environments (PRINCE2).

Information Technology Infrastructure Library (ITIL).

COBIT

Testing should not be announced to anyone within the organization to solicit a real-life response.

Testing should take place during heavy operational time periods to test system resilience.

Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.

Testing should address the preventive controls and management's response.

Value-added network (VAN).

Local area network (LAN).

Metropolitan area network (MAN).

Wide area network (WAN).

When there's a dispute between the contracting parties

When ail contractual obligations have been discharged.

When there is a force majenre.

When the termination clause is enacted.

Output controls.

Input controls

Processing controls.

Integrity controls.

Operating system

Control environment

Network.

Application program code

Higher cash flow and treasury balances.

Higher inventory balances

Higher accounts receivable.

Higher accounts payable

Compliance.

Privacy

Strategic

Physical security

Just-in-time delivery plans.

Backup plans.

Contingency plans.

Standing plans.

Project plan development.

Project plan execution

Integrated change control.

Project quality planning

There is a greater need for organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment, compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment

A company reports trading and investment securities at their market cost

A building purchased last year for $1 million is currently worth ©1.2 million, but the company still reports the building at $1 million.

A building purchased last year for ©1 million is currently worth £1,2 million , and the company adjusts the records to reflect the current value

A company reports assets at either historical or fair value, depending which is closer to market value.

Encrypted physical copies of the data, and their encryption keys are stored together at the organization and are readily available upon request.

Encrypted physical copies of the data are stored separately from their encryption keys, and both are held in secure locations a few hours away from the organization.

Encrypted reports on usage and database structure changes are stored on a cloud-based, secured database that is readily accessible.

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readily

available.

Identification of achievable goals and timelines

Analysis of the competitive environment.

Plan for the procurement of resources

Plan for progress reporting and oversight.

The organizational chart shows only formal relationships.

The organizational chart shows only the line of authority.

The organizational chart shows only the senior management positions.

The organizational chart is irrelevant when testing the control environment.

1 and 2

1 and 4

3 and A

2 and 3

The organization will be unable to develop preventative actions based on analytics.

The organization will not be able to trace and monitor the activities of database administers.

The organization will be unable to determine why intrusions and cyber incidents took place.

The organization will be unable to upgrade the system to newer versions.

Initiation.

Planning.

Execution.

Monitoring.

Total tire production labor hours for the operating period.

Total tire production costs for the operating period.

Plant production employee headcount average for the operating period.

The production machinery utilization rates.

A KPI that defines the process owner's tolerance for performance deviations.

A KPI that defines the importance of performance levels and disbursement statistics being measured.

A KPI that defines timeliness with regard to reporting disbursement data errors to authorized personnel.

A KPI that defines operating ratio objectives of the disbursement process.

Understand strategic context and evaluate whether supporting information is reliable and complete.

Ascertain whether governance and approval processes are transparent, documented, and completed.

Perform a due diligence review or asses management's review of provider operations.

Identify key performance measures and data sources.

Requiring users to change their passwords every two years.

Requiring two-step verification for all users

Requiring the use of a virtual private network (VPN) when employees are out of the office.

Requiring the use of up-to-date antivirus, security, and event management tools.

The business continuity management charter.

The business continuity risk assessment plan.

The business Impact analysis plan

The business case for business continuity planning

Verify completeness and accuracy.

Verify existence and accuracy.

Verify completeness and integrity.

Verify existence and completeness.

Data analysis.

Data diagnostics.

Data velocity.

Data normalization.

Application program code.

Database system.

Operating system.

Networks.

To inform the classification of the data population.

To determine the completeness and accuracy of the data.

To identify whether the population contains outliers.

To determine whether duplicates in the data inflate the range.

Predictive analytics.

Prescriptive analytics.

Descriptive analytics.

Diagnostic analytics.

To increase the ability to borrow additional funds from creditors

To reduce the organization's free cash flow from operations

To Improve the organization's free cash flow from operations

To acquire the asset at the end of the lease period at a price lower than the fair market value

The initial investment of each partner should be recorded at book value.

The ownership ratio identifies the basis for dividing net income and net toss.

A partner's capital only changes due to net income or net loss.

The basis for sharing net incomes or net kisses must be fixed.

A warm recovery plan.

A cold recovery plan.

A hot recovery plan.

A manual work processes plan

Shoulder suiting

Pharming,

Phishing.

Social engineering.

Management must ensure information storage systems are appropriately defined and processes to update critical data elements are clear.

External auditors must ensure that analytical models are periodically monitored and maintained.

The board must implement controls around data quality dimensions to ensure that they are effective.

Internal auditors must ensure the quality and security of data, with a heightened focus on the riskiest data elements.

Management by objectives is most helpful in organizations that have rapid changes.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

Management by objectives helps organizations to keep employees motivated.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.

Logical access controls monitor application usage and generate audit trails.

The development process is designed to prevent, detect, and correct errors that may occur.

A record is maintained to track the process of data from Input, to output to storage.

Business users' requirements are documented, and their achievement is monitored

Change management practices to ensure operating system patch documentation is retained.

User role requirements are documented in accordance with appropriate application-level control needs.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

Interfaces reinforce segregation of duties between operations administration and database development.

Infrastructure as a Service (laaS).

Platform as a Service (PaaS).

Enterprise as a Service (EaaS).

Software as a Service (SaaS).

Risk and uncertainty increase over the life of the project.

Costs and staffing levels are typically high as the project draws to a close.

Costs related to making changes increase as the project approaches completion.

The project life cycle corresponds with the life cycle of the product produced by or modified by the project.

Maintenance service items such as production support.

Management of infrastructure services, including network management.

Physical hosting of mainframes and distributed servers

End-to -end security architecture design.

Top management does little monitoring of the decisions made at lower levels.

The decisions made at the lower levels of management are considered very important.

Decisions made at lower levels in the organizational structure are few.

Reliance is placed on top management decision making by few of the organization's departments.

1 and 2 only

2 and 3 only

1, 2 and 4 only

2, 3, and 4 only