IIA-CIA-Part3 Business Knowledge for Internal Auditing Questions and Answers

UDAs arid traditional JT applications typically follow a similar development life cycle

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

Unlike traditional IT applications. UDAs typically are developed with little consideration of controls.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Value-added network (VAN).

Local area network (LAN).

Metropolitan area network (MAN).

Wide area network (WAN).

$100.000

$200,000

$275,000

$500,000

HTTP sites provide sufficient security to protect customers' credit card information.

Web servers store credit cardholders' information submitted for payment.

Database servers send cardholders’ information for authorization in clear text.

Payment gatewaysauthorizecredit cardonlinepayments.

Higher cash flow and treasury balances.

Higher inventory balances

Higher accounts receivable.

Higher accounts payable

Horizontal analysis

Vertical analysis

Ratio analysis

Trend analysis

A debit to office supplies on hand for S2.500

A debit to office supplies on hand for $11.500

A debit to office supplies on hand for $20,500

A debit to office supplies on hand for $42,500

Decrease the transfer price

Increase the transfer price

Charge at the arm's length price

Charge at the optimal transfer price

The user's facial geometry and voice recognition.

The user's password and a separate passphrase.

The user's key fob and a smart card.

The user's fingerprint and a personal Identification number.

It calculates the overall value of a project.

It ignores the time value of money.

It calculates the time a project takes to break even.

It begins at time zero for the project.

Designing and maintaining the database.

Preparing input data and maintaining the database.

Maintaining the database and providing its security,

Designing the database and providing its security

Applications

Technical infrastructure.

External connections.

IT management

Divesting product lines expected to have negative profitability.

Increasing the diversity of strategic business units.

Increasing investment in research and development for a new product.

Relocating the organization's manufacturing to another country.

Data is synchronized in real time

Recovery time is expected to be less than one week

Servers are not available and need to be procured

Recovery resources end data restore processes have not been defined.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

A combination of product and functional departments allows management to utilize personnel from various Junctions.

Authority, responsibility and accountability of the units Involved may vary based on the project's life, or the organization's culture

It is best suited for firms with scattered locations or for multi-line, Large-scale firms.

Theory of constraints.

Just-in-time method.

Activity-based costing.

Break-even analysis

Cold recovery plan,

Outsourced recovery plan.

Storage area network recovery plan.

Hot recovery plan

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

The risk that database administrators could make hidden changes using privileged access.

1 and 2

1 and 3

2 and 4

3 and 4

12-digit password feature.

Security question feature.

Voice recognition feature.

Two-level sign-on feature

To exploit core competence.

To increase market synergy.

To deliver enhanced value.

To reduce costs.

Relationship with supervisor

Salary

Security.

Achievement

The ability to use the software with ease to perform the data analysis to meet the engagement objectives.

The ability to purchase upgraded features of the software that allow for more In-depth analysis of the big data.

The ability to ensure that big data entered into the software is secure from potential compromises or loss.

The ability to download the software onto the appropriate computers for use in analyzing the big data.

Change management practices to ensure operating system patch documentation is retained.

User role requirements are documented in accordance with appropriate application-level control needs.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

Interfaces reinforce segregation of duties between operations administration and database development.

It leads to an increase in risk and often results in rework.

It is an optimization technique where activities are performed in parallel rather than sequentially.

It involves a revaluation of project requirements and/or scope.

It is a compression technique in which resources are added so the project.

Variable entity approach.

Control ownership.

Risk and reward.

Voting interest.

Job complicating

Job rotation

Job enrichment

Job enlargement

IT database administrator.

IT data center manager.

IT help desk function.

IT network administrator.

This will support execution of the right-to-audit clause.

This will enforce robust risk assessment practices

This will address cybersecurity considerations and concerns.

This will enhance the third party's ability to apply data analytics

Collections from customers

Sale of securities.

Purchase of trucks.

Payment of debt, including interest

An incorrect program fix was implemented just prior to the database backup.

The organization is preparing to train all employees on the new self-service benefits system.

There was a data center failure that requires restoring the system at the backup site.

There is a need to access prior year-end training reports for all employees in the human resources database

Input controls

Segregation of duties

Physical controls

Integrity controls

Anti-malware software

Authentication

Spyware

Rooting

The cash dividends received increase the investee investment account accordingly.

The investee must adjust the investment account by the ownership interest

The investment account is adjusted downward by the percentage of ownership.

The investee must record the cash dividends as dividend revenue

Application program code

Database system

Operating system

Networks

Train all employees on bring-your-own-device (BYOD) policies.

Understand what procedures are in place for locking lost devices

Obtain a list of all smart devices in use

Test encryption of all smart devices

It is useful when losses are considered insignificant.

It provides a better alignment with revenue.

It is the preferred method according to The IIA.

It states receivables at net realizable value on the balance sheet.

A risk of spyware and malware.

A risk of corporate espionage.

A ransomware attack risk.

A social engineering risk.

50 units

60 units

70 units

1:20 units

Boundary attack.

Spear phishing attack.

Brute force attack.

Spoofing attack.

Rooting.

Eavesdropping.

Man in the middle.

Session hijacking.

The maximum tolerable downtime after the occurrence of an incident.

The maximum tolerable data loss after the occurrence of an incident.

The maximum tolerable risk related to the occurrence of an incident

The minimum recovery resources needed after the occurrence of an incident

It explains the assumption mat both costs and revenues are linear through the relevant range

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.

Initiation phase

Bidding phase

Development phase

Negotiation phase

Password selection

Password aging

Password lockout

Password rotation

A just-in-time purchasing environment

A Large volume of custom purchases

A variable volume sensitive to material cost

A currently inefficient purchasing process

1 and 2 only

2 and 3 only

1, 2 and 4 only

2, 3, and 4 only