Weekend Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

IIA-CIA-Part3 Internal Audit Function Questions and Answers

Questions 4

During a routine bank branch audit, the internal audit function observed that the sole security guard at the branch only worked part time. The chief audit executive (CAE) believed that this increased the risk of loss of property and life in the event of a robbery. The branch security manager informed the CAE that a full-time guard was not needed because the branch was in close proximity to a police station. Still, the CAE found this to be an unacceptable risk due to the recent increase in robberies in that area. Which of the following is the most appropriate next step for the CAE to take?

Options:

A.

Immediately report the issue to the board to ensure timely corrective actions are taken to resolve the risk

B.

Continue discussions with the security manager until he is persuaded and agrees to increase branch security

C.

Document the security manager’s decision to accept the risk in the audit workpapers

D.

Escalate the issue to the bank’s chief security officer to determine acceptability of the risk

Buy Now
Questions 5

A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software. Copy 1 was solely for backup purposes. Copy 2 was for use by another member of the department. In terms of software licenses and copyright law, which of the following is correct?

Options:

A.

Both copies are legal.

B.

Only Copy 1 is legal.

C.

Only Copy 2 is legal.

D.

Neither copy is legal.

Buy Now
Questions 6

Which of the following issues is a concern that a database administrator may face when integrating an organization’s applications that were once operated separately?

Options:

A.

The integrity of the data created by the applications may be compromised by the integration.

B.

The number of users with access to the applications may decrease as a result of the integration.

C.

The cost of maintaining the integration of the applications may increase at the start of the process.

D.

The implementation of more security protocols on the applications may slow down user productivity.

Buy Now
Questions 7

A one-time password would most likely be generated in which of the following situations?

Options:

A.

When an employee accesses an online digital certificate

B.

When an employee ' s biometrics have been accepted.

C.

When an employee creates a unique digital signature,

D.

When an employee uses a key fob to produce a token.

Buy Now
Questions 8

While auditing an organization ' s customer call center, an internal auditor notices that Key performance indicators show a positive trend, despite the fact that there have been increasing customer complaints over the same period. Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Options:

A.

Review the call center script used by customer service agents to interact with callers, and update the script if necessary.

B.

Be-emphasize the importance of call center employees completing a certain number of calls per hour.

C.

Retrain call center staff on area processes and common technical issues that they will likely be asked to resolve.

D.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Buy Now
Questions 9

Which of the following activities would come last in the development and implementation of a privacy and data protection program?

Options:

A.

Selecting the privacy and data protection framework.

B.

Establishing an assessment and communication format.

C.

Defining the scope of implementation procedures.

D.

Defining the privacy and data protection risks.

Buy Now
Questions 10

A bond that matures after one year has a face value of S250,000 and a coupon of $30,000. if the market price of the bond is 5265,000, which of the following would be the market interest rate?

Options:

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12 50 percent.

Buy Now
Questions 11

Which of the following attributes of data are cybersecurity controls primarily designed to protect?

Options:

A.

Veracity, velocity, and variety.

B.

Integrity, availability, and confidentiality.

C.

Accessibility, accuracy, and effectiveness.

D.

Authorization, logical access, and physical access.

Buy Now
Questions 12

Which of the following borrowing options is an unsecured loan?

Options:

A.

Second-mortgage financing from a bank.

B.

An issue of commercial paper.

C.

Pledged accounts receivable.

D.

Asset-based financing.

Buy Now
Questions 13

Which of the following data security policies is most likely to be the result of a data privacy law?

Options:

A.

Access to personally identifiable information is limited to those who need it to perform their job.

B.

Confidential data must be backed up and recoverable within a 24-hour period.

C.

Updates to systems containing sensitive data must be approved before being moved to production.

D.

A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods.

Buy Now
Questions 14

When granting third parties temporary access to an entity ' s computer systems, which of the following is the most effective control?

Options:

A.

Access is approved by the supervising manager.

B.

User accounts specify expiration dates and are based on services provided.

C.

Administrator access is provided for a limited period.

D.

User accounts are deleted when the work is completed.

Buy Now
Questions 15

Unsecured loans are loans:

Options:

A.

That do not have to be repaid for over one year.

B.

That appear to be too risky for most lenders to consider.

C.

Granted on the basis of a company ' s credit standing.

D.

Backed by mortgaged assets.

Buy Now
Questions 16

Which of the following is true regarding reporting on the quality assurance and improvement program (QAIP)?

Options:

A.

The results of ongoing monitoring must be communicated annually to the board and other appropriate stakeholders

B.

The results of any periodic self-assessment and level of conformance with the Global Internal Audit Standards must be reported to the board before completion

C.

The results of any external assessments and level of conformance with the Standards must be reported to the board before completion

D.

The QAIP and the resulting action plan must be made available to external assessors

Buy Now
Questions 17

Which of the following is an element of effective negotiating?

Options:

A.

Ensuring that the other party has a personal stake in the agreement.

B.

Focusing on interests rather than on obtaining a winning position.

C.

Considering a few select choices during the settlement phase.

D.

Basing the agreement on negotiating power and positioning leverage.

Buy Now
Questions 18

Which of the following is true of bond financing, compared to common stock, when alJ other variables are equal?

Options:

A.

Lower shareholder control

B.

lower indebtedness

C.

Higher company earnings per share.

D.

Higher overall company earnings

Buy Now
Questions 19

A financial institution receives frequent and varied email requests from customers for funds to be wired out of their accounts. Which verification activity would best help the institution avoid falling victim to phishing?

Options:

A.

Reviewing the customer ' s wire activity to determine whether the request is typical.

B.

Calling the customer at the phone number on record to validate the request.

C.

Replying to the customer via email to validate the sender and request.

D.

Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.

Buy Now
Questions 20

All of the following are possible explanations for a significant unfavorable material efficiency variance except:

Options:

A.

Cutbacks in preventive maintenance.

B.

An inadequately trained and supervised labor force.

C.

A large number of rush orders.

D.

Production of more units than planned for in the master budget.

Buy Now
Questions 21

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company ' s network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?

Options:

A.

Monitoring network traffic.

B.

Using whitelists and blacklists to manage network traffic.

C.

Restricting access and blocking unauthorized access to the network

D.

Educating employees throughout the company to recognize phishing attacks.

Buy Now
Questions 22

Which of the following statements about slack time and milestones are true?

    Slack time represents the amount of time a task may be delayed without delaying the entire project.

    A milestone is a moment in time that marks the completion of the project ' s major deliverables.

    Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.

    A milestone requires resource allocation and needs time to be completed.

Options:

A.

1 and 4 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, 3, and 4

Buy Now
Questions 23

Which of the following is generally considered a best practice related to data backup?

    Performing full system backups on weekdays.

    Storing system backups onsite in a secured location.

    Testing system backup media periodically.

    Verifying backup media can be retrieved within seven years.

Options:

A.

2 only.

B.

3 only.

C.

1, 2, and 3 only.

D.

2, 3, and 4 only.

Buy Now
Questions 24

In a final audit report, internal auditors drafted the following management action plan with a due date of the last day of the calendar year:

" Plan: A bank reconciliation template has been updated to address issues with formulas incorrectly calculating variances. "

Which critical element of the action plan is missing?

Options:

A.

The responsible personnel

B.

The status of the action plan

C.

A referral to the policy or procedure

D.

The level of risk

Buy Now
Questions 25

Employees at an events organization use a particular technique to solve problems and improve processes. The technique consists of five steps: define, measure, analyze,

improve, and control. Which of the following best describes this approach?

Options:

A.

Six Sigma,

B.

Quality circle.

C.

Value chain analysis.

D.

Theory of constraints.

Buy Now
Questions 26

An internal auditor reviewed Finance Department records to obtain a list of current vendor addresses. The auditor then compared the vendor addresses to a record of employee addresses maintained by the Payroll Department Which of the following types of data analysis did the auditor perform?

Options:

A.

Duplicate testing.

B.

Joining data sources.

C.

Gap analysis.

D.

Classification

Buy Now
Questions 27

Which of the following is not included in the process of user authentication?

Options:

A.

Authorization.

B.

Identification.

C.

Verification.

D.

Validation.

Buy Now
Questions 28

One change control function that is required in client/server environments, but is not required in mainframe environments, is to ensure that:

Options:

A.

Program versions are synchronized across the network.

B.

Emergency move procedures are documented and followed.

C.

Appropriate users are involved in program change testing.

D.

Movement from the test library to the production library is controlled.

Buy Now
Questions 29

How can the concept of relevant cost help management with behavioral analyses?

Options:

A.

It explains the assumption mat both costs and revenues are linear through the relevant range

B.

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

Buy Now
Questions 30

Which of the following data analytics techniques is used to identify patterns among groups of data elements?

Options:

A.

Stratification of numeric values.

B.

Joining different data sources.

C.

Duplicate testing.

D.

Classification.

Buy Now
Questions 31

Which of the following business practices promotes a culture of high performance?

Options:

A.

Reiterating the importance of compliance with established policies and procedures.

B.

Celebrating employees ' individual excellence.

C.

Periodically rotating operational managers.

D.

Avoiding status differences among employees.

Buy Now
Questions 32

The internal audit function for a large organization has commenced this year’s scheduled accounts payable audit. The annual external audit for the organization is currently being planned. Can the external auditors place reliance on the work performed by the internal audit function?

Options:

A.

Yes, if an external audit manager is assigned to lead the internal audit team

B.

No, the external auditors should do their own substantive testing on accounts payable

C.

Yes, if they believe that the internal audit is going to be performed with due competence and objectivity

D.

No, the internal audit function should not share information relating to its work with external parties

Buy Now
Questions 33

In an effort to increase business efficiencies and improve customer service offered to its major trading partners, management of a manufacturing and distribution company established a secure network, which provides a secure channel for electronic data interchange between the company and its partners. Which of the following network types is illustrated by this scenario?

Options:

A.

A value-added network.

B.

A local area network.

C.

A metropolitan area network.

D.

A wide area network.

Buy Now
Questions 34

While conducting an audit of the accounts payable department, an internal auditor found that 3% of payments made during the period under review did not agree with the submitted invoices. Which of the following key performance indicators (KPIs) for the department would best assist the auditor in determining the significance of the test results?

Options:

A.

A KPI that defines the process owner ' s tolerance for performance deviations.

B.

A KPI that defines the importance of performance levels and disbursement statistics being measured.

C.

A KPI that defines timeliness with regard to reporting disbursement data errors to authorized personnel.

D.

A KPI that defines operating ratio objectives of the disbursement process.

Buy Now
Questions 35

When writing a business memorandum, the writer should choose a writing style that achieves all of the following except:

Options:

A.

Draws positive attention to the writing style.

B.

Treats all receivers with respect.

C.

Suits the method of presentation and delivery.

D.

Develops ideas without overstatement.

Buy Now
Questions 36

Which of the following steps should an internal auditor take during an audit of an organization ' s business continuity plans?

    Evaluate the business continuity plans for adequacy and currency.

    Prepare a business impact analysis regarding the loss of critical business.

    Identify key personnel who will be required to implement the plans.

    Identify and prioritize the resources required to support critical business processes.

Options:

A.

1 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Buy Now
Questions 37

Which of the following job design techniques would most likely be used to increase employee motivation through job responsibility and recognition?

Options:

A.

Job complicating

B.

Job rotation

C.

Job enrichment

D.

Job enlargement

Buy Now
Questions 38

For an engineering department with a total quality management program, important elements of quality management include all of the following except:

Options:

A.

Basing performance evaluations on the number of projects completed.

B.

Comparing results with those of other engineering departments.

C.

Creating a quality council within the engineering department.

D.

Conducting post-project surveys on performance.

Buy Now
Questions 39

An internal auditor is auditing their organization’s termination process. A primary objective of this engagement is to verify that exit interviews were conducted for all terminated employees over the last two years. The auditor discovered that not all employees received exit interviews.

Which of the following risks could this lead to?

Options:

A.

The risk of employee turnover.

B.

The risk of noncompliance with a local labor law.

C.

The risk of incorrect severance payments.

D.

The risk of a confidentiality breach.

Buy Now
Questions 40

Which of the following is an example of a key systems development control typically found in the in-house development of an application system?

Options:

A.

Logical access controls monitor application usage and generate audit trails.

B.

The development process is designed to prevent, detect, and correct errors that may occur.

C.

A record is maintained to track the process of data from input, to output, to storage.

D.

Business users ' requirements are documented, and their achievement is monitored.

Buy Now
Questions 41

Which of the following statements is true with regard to capital budgeting?

Options:

A.

Using the net present value method, a proposal is acceptable when the net present value is negative.

B.

The internal rate of return is the highest interest rate that will cause the present value of the proposed capital expenditure to be less than the present value of expected net annual cash flows.

C.

The cash payback technique is used to determine the period of time required to recover the capital investment, plus the expected return, from the annual cash flow produced by the investment.

D.

The annual rate of return technique is used to estimate the profitability of a capital expenditure by dividing the expected annual net income by the average investment.

Buy Now
Questions 42

Which of the following dimensions relates to the quality of big data?

Options:

A.

Veracity.

B.

Validity.

C.

Value.

D.

Variety.

Buy Now
Questions 43

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.

There is a higher reliance on organizational culture.

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed.

D.

There is a defined code for employee behavior.

Buy Now
Questions 44

Which of the following statements is true regarding outsourced business processes?

Options:

A.

Outsourced business processes should not be considered in the internal audit universe because the controls are owned by the external service provider.

B.

Generally, independence is improved when the internal audit activity reviews outsourced business processes.

C.

The key controls of outsourced business processes typically are more difficult to audit because they are designed and managed externally.

D.

The system of internal controls may be better and more efficient when the business process is outsourced compared to internally sourced.

Buy Now
Questions 45

Which of the following techniques is the most relevant when an internal auditor conducts a valuation of an organization ' s physical assets?

Options:

A.

Observation.

B.

Inspection.

C.

Original cost.

D.

Vouching.

Buy Now
Questions 46

The sole internal auditor of a municipality wants to implement proper supervision over internal audit workpapers. Which of the following would be the most appropriate?

Options:

A.

According to the Global Internal Audit Standards, in this situation the internal auditor can perform a self-review of selected workpapers

B.

Request each engagement client to conduct a review of a sample of workpapers at the end of the engagement

C.

Ask the board or management to sign off on workpapers

D.

Engage peer reviewers from other organizations with legal precautions in place

Buy Now
Questions 47

The market price is the most appropriate transfer price to be charged by one department to another in the same organization for a service provided when:

Options:

A.

There is an external market for that service.

B.

The selling department operates at 50 percent of its capacity.

C.

The purchasing department has more negotiating power than the selling department.

D.

There is no external market for that service.

Buy Now
Questions 48

According to lIA guidance on IT, which of the following plans would pair the identification of critical business processes with recovery time objectives?

Options:

A.

The business continuity management charter.

B.

The business continuity risk assessment plan.

C.

The business Impact analysis plan

D.

The business case for business continuity planning

Buy Now
Questions 49

Which of the following types of data analytics would be used by a hospital to determine which patients are likely to require readmittance for additional treatment?

Options:

A.

Predictive analytics

B.

Prescriptive analytics

C.

Descriptive analytics

D.

Diagnostic analytics

Buy Now
Questions 50

According to UA guidance on IT, at which of the following stages of the project life cycle would the project manager most likely address the need to coordinate project resources?

Options:

A.

Initiation.

B.

Planning.

C.

Execution.

D.

Monitoring.

Buy Now
Questions 51

A supervisor receives a complaint from an employee who is frustrated about having to learn a new software program. The supervisor responds that the new software will enable the employee to work more efficiently and with greater accuracy. This response is an example of:

Options:

A.

Empathetic listening.

B.

Reframing.

C.

Reflective listening.

D.

Dialogue.

Buy Now
Questions 52

According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?

Options:

A.

Access system security.

B.

Policy development.

C.

Change management.

D.

Operations processes.

Buy Now
Questions 53

A small software development firm designs and produces custom applications for businesses. The application development team consists of employees from multiple departments who all report to a single project manager. Which of the following organizational structures does this situation represent?

Options:

A.

Functional departmentalization.

B.

Product departmentalization

C.

Matrix organization.

D.

Divisional organization

Buy Now
Questions 54

An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization ' s needs, in order to quickly recover operational capability in the event of a disaster, Which of the following best describes this approach to disaster recovery planning?

Options:

A.

Cold recovery plan,

B.

Outsourced recovery plan.

C.

Storage area network recovery plan.

D.

Hot recovery plan

Buy Now
Questions 55

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various Junctions.

C.

Authority, responsibility and accountability of the units Involved may vary based on the project ' s life, or the organization ' s culture

D.

It is best suited for firms with scattered locations or for multi-line, Large-scale firms.

Buy Now
Questions 56

Which of the following sites would an Internet service provider most likely use to restore operations after its servers were damaged by a natural disaster?

Options:

A.

On site.

B.

Cold site.

C.

Hot site.

D.

Warm site

Buy Now
Questions 57

Which of the following is a project planning methodology that involves a complex series of required simulations to provide information about schedule risk?

Options:

Buy Now
Questions 58

Which of the following statements is true regarding internal audit methodologies?

Options:

A.

One of the main objectives of internal audit methodologies is to enable audit clients to validate audit observations

B.

IIA guidance states that they should be made available to all stakeholders on the organization’s webpage

C.

One of the main objectives of internal audit methodologies is to ensure the execution of organizational strategy and risk management

D.

Although the content of internal audit methodologies is determined by the chief audit executive, alignment with principles of confidentiality and competency must be demonstrated

Buy Now
Questions 59

Which of the following is a disadvantage of selecting a commercial software package rather than developing an application internally?

Options:

A.

Lack of flexibility.

B.

Incompatibility with client/server technology.

C.

Employee resistance to change.

D.

Inadequate technical support.

Buy Now
Questions 60

How do data analysis technologies affect internal audit testing?

Options:

A.

They improve the effectiveness of spot check testing techniques.

B.

They allow greater insight into high risk areas.

C.

They reduce the overall scope of the audit engagement,

D.

They increase the internal auditor ' s objectivity.

Buy Now
Questions 61

The head of the research arid development department at a manufacturing organization believes that his team lacks expertise in some areas, and he decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

1. Favorable labor efficiency variance.

2. Adverse labor rate variance.

3. Adverse labor efficiency variance.

4. Favorable labor rate variance.

Options:

A.

1 and 2

B.

1 and 4

C.

3 and A

D.

2 and 3

Buy Now
Questions 62

An organization has recorded the following profit and expenses:

Profit before interest and tax: $200,000

Sales: $2,300,000

Purchases of materials: $700,000

Interest expenses: $30,000

If the value-added tax rate is 20 percent and the corporate tax rate is 30 percent, which of the following is the amount of VAT that the organization has to pay?

Options:

A.

$34,000

B.

$51,000

C.

$60,000

D.

$320,000

Buy Now
Questions 63

The internal audit function conducted an engagement on maintenance operations of a construction organization and identified several issues of medium importance. The head of maintenance proposed an improvement plan with deadlines and personnel responsible. The internal audit function issued the final report to senior management. Senior management was dissatisfied with the report as they believed that improvement plan deadlines should be considerably shorter. Which of the following should the internal audit function change in the reporting process?

Options:

A.

Discontinue discussing draft reports with responsible employees, as their input is needed during fieldwork only

B.

Involve senior management at the draft report stage and in the development of action plans

C.

Request senior management to issue a separate memo regarding their changes to deadlines

D.

Invite senior management to the board meeting regarding engagement results so that they can express their concerns

Buy Now
Questions 64

Which of the following are likely indicators of ineffective change management?

    IT management is unable to predict how a change will impact interdependent systems or business processes.

    There have been significant increases in trouble calls or in support hours logged by programmers.

    There is a lack of turnover in the systems support and business analyst development groups.

    Emergency changes that bypass the normal control process frequently are deemed necessary.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4 only

D.

1, 2, 3, and 4

Buy Now
Questions 65

An organization that sells products to a foreign subsidiary wants to charge a price that will decrease import tariffs. Which of the following is the best course of action for the organization?

Options:

A.

Decrease the transfer price.

B.

Increase the transfer price.

C.

Charge at the arm’s length price.

D.

Charge at the optimal transfer price.

Buy Now
Questions 66

At what point during the systems development process should an internal auditor verify that the new application ' s connectivity to the organization ' s other systems has been established correctly?

Options:

A.

Prior to testing the new application.

B.

During testing of the new application.

C.

During implementation of the new application.

D.

During maintenance of the new application.

Buy Now
Questions 67

Which of the following statements is true regarding a project life cycle?

Options:

A.

Risk and uncertainty increase over the life of the project.

B.

Costs and staffing levels are typically high as the project draws to a close.

C.

Costs related to making changes increase as the project approaches completion.

D.

The project life cycle corresponds with the life cycle of the product produced by or modified by the project.

Buy Now
Questions 68

When preparing the annual internal audit plan, which of the following should the chief audit executive (CAE) consider to optimize efficiency and effectiveness?

Options:

A.

The CAE should review the objectives and scope of the external audit plan and consider including audits with the same objectives and scope to ensure thorough coverage of the area

B.

The CAE should review the audit plan prepared by the compliance department and coordinate any audits in the same areas to reduce duplication of objectives and minimize disruption to the area under review

C.

The CAE should avoid reviewing plans by internal or external assurance providers to increase effectiveness and reduce bias in internal audit selection

D.

The CAE should review operational quality assurance audit plans, place reliance on the areas covered, and exclude those areas from final consideration in the annual internal audit plan

Buy Now
Questions 69

An internal auditor identified a database administrator with an incompatible dual role. Which of the following duties should not be performed by the identified administrator?

Options:

A.

Designing and maintaining the database.

B.

Preparing input data and maintaining the database.

C.

Maintaining the database and providing its security,

D.

Designing the database and providing its security

Buy Now
Questions 70

According to IIA guidance, which of the following are typical physical and environmental IT controls?

Options:

A.

Locating servers in locked rooms with restricted admission.

B.

Applying encryption where confidentiality is a stated requirement.

C.

Allocating and controlling access rights according to the organization ' s stated policy.

D.

Ensuring a tightly controlled process for applying all changes and patches to software, systems, network components, and data.

Buy Now
Questions 71

Which of the following activities most significantly increases the risk that a bank will make poor-quality loans to its customers?

Options:

A.

Borrowers may not sign all required mortgage loan documentation.

B.

Fees paid by the borrower at the time of the loan may not be deposited in a timely manner.

C.

The bank ' s loan documentation may not meet the government ' s disclosure requirements.

D.

Loan officers may override the lending criteria established by senior management.

Buy Now
Questions 72

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25.000 shirts. Actual sales total S300.000. What is margin of safety sales for the company?

Options:

A.

$100.000

B.

$200,000

C.

$275,000

D.

$500,000

Buy Now
Questions 73

Which of the following devices best controls both physical and logical access to information systems?

Options:

A.

Plenum.

B.

Biometric lock.

C.

Identification card.

D.

Electromechanical lock.

Buy Now
Questions 74

Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:

January: 5,600 patient days; maintenance cost $7,900

February: 7,100 patient days; maintenance cost $8,500

March: 5,000 patient days; maintenance cost $7,400

April: 6,500 patient days; maintenance cost $8,200

May: 7,300 patient days; maintenance cost $9,100

June: 8,000 patient days; maintenance cost $9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

Options:

A.

Fixed cost.

B.

Variable cost.

C.

Total maintenance cost.

D.

Patient days.

Buy Now
Questions 75

According to IIA guidance on IT, which of the following best describes a logical access control?

Options:

A.

Require complex passwords to be established and changed quarterly

B.

Require swipe cards to control entry into secure data centers.

C.

Monitor access to the data center with closed circuit camera surveillance.

D.

Maintain current role definitions to ensure appropriate segregation of duties

Buy Now
Questions 76

Which of the following IT-related activities is most commonly performed by the second line of defense?

Options:

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide an independent assessment of IT security.

Buy Now
Questions 77

International marketing activities often begin with:

Options:

A.

Standardization.

B.

Global marketing.

C.

Limited exporting.

D.

Domestic marketing.

Buy Now
Questions 78

Which of the following characteristics applies to an organization that adopts a flat structure?

Options:

A.

The structure is dispersed geographically

B.

The hierarchy levels are more numerous.

C.

The span of control is wide

D.

The tower-level managers are encouraged to exercise creativity when solving problems

Buy Now
Questions 79

A rapidly expanding retail organisation continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals

C.

Suboptimal decision making

D.

Duplication of business activities

Buy Now
Questions 80

According to 11A guidance on IT, which of the following are indicators of poor change management?

1. Inadequate control design.

2. Unplanned downtime.

3. Excessive troubleshooting .

4. Unavailability of critical services.

Options:

A.

2 and 3 only.

B.

1, 2, and 3 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Buy Now
Questions 81

Which of the following can be classified as debt investments?

Options:

A.

Investments in the capital stock of a corporation

B.

Acquisition of government bonds.

C.

Contents of an investment portfolio,

D.

Acquisition of common stock of a corporation

Buy Now
Questions 82

Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?

Options:

A.

Anti-malware software

B.

Authentication

C.

Spyware

D.

Rooting

Buy Now
Questions 83

Which of the following factors would reduce dissatisfaction for a management trainee but would not particularly motivate the trainee?

Options:

A.

A sense of achievement.

B.

Promotion.

C.

Recognition.

D.

An incremental increase in salary.

Buy Now
Questions 84

An internal audit engagement team found that the risk register of the project under review did not include significant risks identified by the internal audit function. The project manager explained that risk register preparations are facilitated by risk managers and that each project’s risk review follows the same set of questions. Which of the following recommendations will likely add the greatest value to the project management process of the organization?

Options:

A.

Update the risk register of the project with the newly identified risks

B.

Train senior management on risk management principles

C.

Revise the methodology of the project risk identification process

D.

Reassign the responsibility of risk register completion to risk managers

Buy Now
Questions 85

Which of the following statements is accurate regarding the use of Secure Sockets Layer (SSL) as a control?

Options:

A.

It supports the authentication of information sent to a server.

B.

It prevents phishing attacks that redirect users to malicious sites.

C.

It prevents malware infections.

D.

It identifies each client-server session using temporary tokens.

Buy Now
Questions 86

An organization is planning to outsource its payroll function to an external service provider. The internal auditors advised management of the risks related to outsourcing and the typical controls that should be provided by the external service provider.

Which of the following statements is true regarding the internal auditors’ advice?

Options:

A.

Independence was compromised by recommending internal controls, as the internal auditors will be testing the same controls in the future.

B.

Objectivity was compromised by intervening before the outsourcing procedures and controls were established.

C.

The internal auditors should work directly with the external service provider to ensure basic controls are in place and working as intended.

D.

The external service provider controls recommended by the internal auditors may be insufficient to protect the organization.

Buy Now
Questions 87

Which of the following is a likely result of outsourcing?

Options:

A.

Increased dependence on suppliers.

B.

Increased importance of market strategy.

C.

Decreased sensitivity to government regulation

D.

Decreased focus on costs

Buy Now
Questions 88

An attacker, posing as a bank representative, convinced an employee to release certain, financial information that ultimately resulted in fraud. Which of the following best describes this cybersecurity risk?

Options:

A.

Shoulder suiting

B.

Pharming,

C.

Phishing.

D.

Social engineering.

Buy Now
Questions 89

Which of the following capital budgeting techniques considers the expected total net cash flows from investment?

Options:

A.

Cash payback

B.

Annual rate of return

C.

Incremental analysis

D.

Net present value

Buy Now
Questions 90

Following an evaluation of an organization ' s IT controls, an internal auditor suggested improving the process where results are compared against the input. Which of the following IT controls would the Internal auditor recommend?

Options:

A.

Output controls.

B.

Input controls

C.

Processing controls.

D.

Integrity controls.

Buy Now
Questions 91

An internal auditor observed that the organization ' s disaster recovery solution will make use of a cold site in a town several miles away. Which of the following is likely to be a characteristic of this disaster recover/ solution?

Options:

A.

Data is synchronized in real time

B.

Recovery time is expected to be less than one week

C.

Servers are not available and need to be procured

D.

Recovery resources end data restore processes have not been defined.

Buy Now
Questions 92

Which of the following attributes of data is most likely to be compromised in an organization with a weak data governance culture?

Options:

A.

Variety.

B.

Velocity.

C.

Volume.

D.

Veracity.

Buy Now
Questions 93

A junk bond issued at a premium will result in which of the following entries in the general ledger?

Options:

A.

A credit to non-current liabilities on the balance sheet.

B.

A debit to expenses on the profit and loss statement.

C.

A credit to revenue on the profit and loss statement.

D.

A debit to current assets on the balance sheet.

Buy Now
Questions 94

Which of the following is useful for forecasting the required level of inventory?

    Statistical modeling.

    Information about seasonal variations in demand.

    Knowledge of the behavior of different business cycles.

    Pricing models linked to seasonal demand.

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, 3, and 4

Buy Now
Questions 95

Which of the following risks would involve individuals attacking an oil company’s IT system as a sign of solidarity against drilling in a local area?

Options:

A.

Tampering

B.

Hacking

C.

Phishing

D.

Piracy

Buy Now
Questions 96

According to IIA guidance, which of the following statements is true regarding analytical procedures?

Options:

A.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

B.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

C.

Data relationships cannot include comparisons between operational and statistical data

D.

Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences

Buy Now
Questions 97

According to IIA guidance, which of the following links computers and enables them to -communicate with each other?

Options:

A.

Application program code

B.

Database system

C.

Operating system

D.

Networks

Buy Now
Questions 98

Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

Clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Buy Now
Questions 99

The management of working capital is most crucial for which of the following aspects of business?

Options:

A.

Liquidity

B.

Profitability

C.

Solvency

D.

Efficiency

Buy Now
Questions 100

An organization has adopted a bring-your-own-device (BYOD) policy, and employees can access organizational data via their smart devices.

Which of the following authentication policy requirements is the most advisable?

Options:

A.

Require a virtual private network (VPN).

B.

Require at least an eight-digit passcode or a complicated swipe pattern.

C.

Require the remote wipe function and encryption of local data.

D.

Require a passcode followed by a response requiring verification message.

Buy Now
Questions 101

Which of the following best describes owner ' s equity?

Options:

A.

Assets minus liabilities.

B.

Total assets.

C.

Total liabilities.

D.

Owners contribution plus drawings.

Buy Now
Questions 102

Which of the following statements is true regarding an organization ' s chief audit executive (CAE) when prioritizing the audit universe?

Options:

A.

The CAE uses the risk-factor approach to prioritize the audit universe

B.

The CAE uses risk likelihood scores to prioritize the audit universe

C.

The CAE uses risk impact scores to prioritize the audit universe

D.

The CAE uses heat maps to prioritize the audit universe

Buy Now
Questions 103

An internal auditor discovered that the organization was not in full compliance with a regulatory labeling requirement for one of its products. The responsible manager indicated that the current product labeling has been in use for several years without any problems. If discovered, this regulatory breach could result in significant fines for the organization. What should be the chief audit executive ' s next course of action?

Options:

A.

Discuss the matter with the CEO and other senior management

B.

Recommend that disciplinary action be taken against the manager for exposing the company to such risk

C.

Communicate to the board the current situation, including the risk exposure to the company

D.

Take on the initiative of implementing corrective actions to mitigate the identified risks

Buy Now
Questions 104

Which of the following statements distinguishes a router from a typical switch?

Options:

A.

A router operates at layer two. while a switch operates at layer three of the open systems interconnection model.

B.

A router transmits data through frames, while a switch sends data through packets.

C.

A router connects networks, while a switch connects devices within a network.

D.

A router uses a media access control address during the transmission of data, whie a switch uses an internet protocol address.

Buy Now
Questions 105

The chief audit executive (CAE) and management of the area under review disagree over managing a significant risk item. According to IIA guidance, which of the following actions should the CAE take first?

Options:

A.

Refer the matter to the board for resolution

B.

Consult the approved audit charter on supremacy of internal auditors’ decisions

C.

Record management’s and the internal auditor ' s positions in the audit report

D.

Discuss the issue in question further with senior management

Buy Now
Questions 106

Which of the following is the primary goal of an effective business impact analysis?

Options:

A.

It includes business continuity program governance and risk management.

B.

It identifies key assets, critical processes, resources, and technology.

C.

It sets testing requirements for the organization wide continuity functions.

D.

It outlines and communicates recovery points and objectives.

Buy Now
Questions 107

Which of the following is most influenced by a retained earnings policy?

Options:

A.

Cash.

B.

Dividends.

C.

Gross margin.

D.

Net income.

Buy Now
Questions 108

According to the COSO enterprise risk management framework, which of the following is not a typical responsibility of the chief risk officer?

Options:

A.

Establishing risk category definitions and a common risk language for likelihood and impact measures.

B.

Defining enterprise risk management roles and responsibilities.

C.

Providing the board with an independent, objective risk perspective on financial reporting.

D.

Guiding integration of enterprise risk management with other management activities.

Buy Now
Questions 109

Which of the following would be most likely found in an internal audit procedures manual?

Options:

A.

A summary of the strategic plan of the area under review

B.

Appropriate response options for when findings are disputed by management

C.

An explanation of the resources needed for each engagement

D.

The extent of the auditor ' s authority to collect data from management

Buy Now
Questions 110

The internal audit activity has identified accounting errors that resulted in the organization overstating its net income for the fiscal year. Which of the following is the most likely cause of this overstatement?

Options:

A.

Beginning inventory was overstated for the year.

B.

Cost of goods sold was understated for the year.

C.

Ending inventory was understated for the year.

D.

Cost of goods sold was overstated for the year.

Buy Now
Questions 111

Which of the following actions illustrates the use of electronic data interchange?

Options:

A.

Sending an invoice automatically from the supplier to the customer in a standard format.

B.

Using an accounting software hosted on the cloud.

C.

Transferring money using mobile phones.

D.

Updating vendor master files using online real-time.

Buy Now
Questions 112

The decision to implement enhanced failure detection and backup systems to improve data integrity is an example of which risk response?

Options:

A.

Risk acceptance.

B.

Risk sharing.

C.

Risk avoidance.

D.

Risk reduction.

Buy Now
Questions 113

A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders. Which of the following controls would best address this risk?

Options:

A.

Establish separate vendor creation and approval teams.

B.

Develop and distribute a code of conduct that prohibits conflicts of interest.

C.

Perform a regular review of the vendor master file.

D.

Require submission of a conflict-of-interest declaration.

Buy Now
Questions 114

A capital investment project will have a higher net present value, everything else being equal, if it has:

Options:

A.

A higher initial investment level.

B.

A higher discount rate.

C.

Cash inflows that are larger in the later years of the life of the project.

D.

Cash inflows that are larger in the earlier years of the life of the project.

Buy Now
Questions 115

If an organization has a high amount of working capital compared to the industry average, which of the following is most likely true?

Options:

A.

Settlement of short-term obligations may become difficult.

B.

Cash may be bed up in items not generating financial value.

C.

Collection policies of the organization are ineffective.

D.

The organization is efficient in using assets to generate revenue.

Buy Now
Questions 116

Which of the following is true regarding the use of remote wipe for smart devices?

Options:

A.

It can restore default settings and lock encrypted data when necessary.

B.

It enables the erasure and reformatting of secure digital (SD) cards.

C.

It can delete data backed up to a desktop for complete protection if required.

D.

It can wipe data that is backed up via cloud computing

Buy Now
Questions 117

According to the Standards, the internal audit activity must evaluate risk exposures relating to which of the following when examining an organization ' s risk management process?

    Organizational governance.

    Organizational operations.

    Organizational information systems.

    Organizational structure.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 3 only

D.

1, 2, and 4 only

Buy Now
Questions 118

The profile of an internal auditor ' s personality traits reveals that the auditor is most motivated by self-actualization needs.

Given this, which of the following is likely to serve as the best motivator for this auditor?

Options:

A.

Rotate the auditor to work within a multi-disciplinary audit team.

B.

Assign the auditor to work on complex and challenging audits.

C.

Reassure the auditor that the internal audit budget is stable and the auditor ' s job is secure.

D.

Offer increased benefits in the auditor ' s compensation package.

Buy Now
Questions 119

Which of the following best explains why an organization would enter into a capital lease contract?

Options:

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization ' s free cash flow from operations

C.

To Improve the organization ' s free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Buy Now
Questions 120

An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team ' s performance related to how project tasks are completed?

Options:

A.

A balanced scorecard.

B.

A quality audit

C.

Earned value analysis.

D.

Trend analysis

Buy Now
Questions 121

When reviewing application controls using the four-level model, which of the following processes are associated with level 4 of the business process method?

Options:

A.

Activity

B.

Subprocess

C.

Major process

D.

Mega process

Buy Now
Questions 122

Which mindset promotes the most comprehensive risk management strategy?

Options:

A.

Increase shareholder value.

B.

Maximize market share.

C.

Improve operational efficiency.

D.

Mitigate losses.

Buy Now
Questions 123

Which of the following is most appropriate for the chief audit executive to keep in mind when establishing policies and procedures to guide the internal audit function?

Options:

A.

The nature of the internal audit function

B.

The size of the organization

C.

The size and maturity of the internal audit function

D.

The structure of the organization

Buy Now
Questions 124

Which of the following conditions could lead an organization to enter into a new business through internal development rather than through acquisition?

Options:

A.

It is expected that there will be slow retaliation from incumbents.

B.

The acquiring organization has information that the selling organization is weak.

C.

The number of bidders to acquire the organization for sale is low.

D.

The condition of the economy is poor.

Buy Now
Questions 125

What is the first step an internal audit function should take to define its organizational structure, deliverables, communication protocols, and resourcing model?

Options:

A.

Recommend improvements to the organization’s governance policies, processes, and structures

B.

Define a hiring plan to address competency gaps needed to execute the audit plan

C.

Construct periodic self-assessments, ongoing monitoring, and external assessments to measure quality

D.

Assess the needs and expectations of the board, senior management, and external auditors

Buy Now
Questions 126

Which of the following is a sound network configuration practice to enhance information security?

Options:

A.

Change management practices to ensure operating system patch documentation is retained.

B.

User role requirements are documented in accordance with appropriate application-level control needs.

C.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

D.

Interfaces reinforce segregation of duties between operations administration and database development.

Buy Now
Questions 127

An internal auditor is reviewing the sales and collections processes of an e-commerce organization that is facing budget constraints. The auditor found that the accountant did not perform reconciliations of cash collections in a timely manner. The auditor determined that the reason was timing errors in the interfacing process between the customer payments portal and the accounting system. The current customer payments portal was recently implemented to replace a legacy system. The finance manager is in charge of the customer payments portal. Which of the following recommendations is the most appropriate to address the root cause of this deficiency?

Options:

A.

The accountant, in view of the budget constraints, should consider a manual workaround to include unposted transactions into the accounting system in a timely manner

B.

Management should consider investing in a new customer payments portal, as the existing portal is unable to interface accurately with the accounting system

C.

The finance manager should work with IT and the vendor of the customer payments portal to rectify the interfacing errors

D.

The accountant should perform reconciliations of cash collections to customer payment records and investigate exceptions in a timely manner

Buy Now
Questions 128

Which of the following is a primary driver behind the creation and prloritteation of new strategic Initiatives established by an organization?

Options:

A.

Risk tolerance

B.

Performance

C.

Threats and opportunities

D.

Governance

Buy Now
Questions 129

An organization wants to offer a standard product across all markets but also wants to differentiate the product to fit local demands in different geographic markets and to meet government regulations.

Which of the following strategies may help the organization achieve its goal?

Options:

A.

Globalization strategy.

B.

Transnational strategy.

C.

Multidomestic strategy.

D.

Export strategy.

Buy Now
Questions 130

Which of the following physical access controls often functions as both a preventive and detective control?

Options:

A.

Locked doors.

B.

Firewalls.

C.

Surveillance cameras.

D.

Login IDs and passwords.

Buy Now
Questions 131

An organization buys equity securities for trading purposes and sells them within a short time period. Which of the following is the correct way to value and report those securities at a financial statement date?

Options:

A.

At fair value with changes reported in the shareholders ' equity section.

B.

At fair value with changes reported in net income.

C.

At amortized cost in the income statement.

D.

As current assets in the balance sheet

Buy Now
Questions 132

According to IIA guidance on IT, which of the following plans would pair the identification of critical business processes with recovery time objectives?

Options:

A.

The business continuity management charter

B.

The business continuity risk assessment plan

C.

The business impact analysis plan

D.

The business case for business continuity planning

Buy Now
Questions 133

An organization moving its sales conversion rate from 5% to 12% indicates which of the following?

Options:

A.

Worse sales activity.

B.

Better inventory usage.

C.

Better sales activity.

D.

Worse inventory usage.

Buy Now
Questions 134

An organization ' s internal audit activity is performing an audit of human resources. As part of the audit a survey of employees was conducted. The survey indicated that employees were concerned about IT security when working outside of the office. The IT department suggested implementing a network that allows employees to send and receive data as if they were connected to a private network.

Which of the following networks is IT recommending?

Options:

A.

Global area network (GAN).

B.

Wide area network (WAN).

C.

Virtual private network (VPN).

D.

Local area network (LAN).

Buy Now
Questions 135

Which of the following security controls would be me most effective in preventing security breaches?

Options:

A.

Approval of identity request

B.

Access logging.

C.

Monitoring privileged accounts

D.

Audit of access rights

Buy Now
Questions 136

During which phase of the contracting process are contracts drafted for a proposed business activity?

Options:

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Management phase.

Buy Now
Questions 137

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

A.

An extranet.

B.

A local area network (LAN).

C.

An intranet.

D.

The internet.

Buy Now
Questions 138

A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software that will remotely wipe data in case of theft or other incidents. Which of the following should the organization ensure in exchange for the employees ' consent?

Options:

A.

That those employees who do not consent to MDM software cannot have an email account.

B.

That personal data on the device cannot be accessed and deleted by system administrators.

C.

That monitoring of employees ' online activities is conducted in a covert way to avoid upsetting them.

D.

That employee consent includes appropriate waivers regarding potential breaches to their privacy.

Buy Now
Questions 139

Which of the following is an example of a physical control?

Options:

A.

Providing fire detection and suppression equipment

B.

Establishing a physical security policy and promoting it throughout the organization

C.

Performing business continuity and disaster recovery planning

D.

Keeping an offsite backup of the organization ' s critical data

Buy Now
Questions 140

Which of the following would best prevent unauthorized external changes to an organization ' s data?

Options:

A.

Antivirus software, firewall, data encryption.

B.

Firewall, data encryption, backup procedures.

C.

Antivirus software, firewall, backup procedures.

D.

Antivirus software, data encryption, change logs.

Buy Now
Questions 141

According to Maslow ' s hierarchy of needs theory, which of the following would likely have the most impact on retaining staff, if their lower-level needs are already met?

Options:

A.

Social benefits.

B.

Compensation.

C.

Job safety.

D.

Recognition

Buy Now
Questions 142

Which of the following statements is most accurate concerning the management and audit of a web server?

Options:

A.

The file transfer protocol (FTP) should always be enabled

B.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts

C.

The number of ports and protocols allowed to access the web server should be maximized

D.

Secure protocols for confidential pages should be used instead of clear-text protocols such as HTTP or FTP

Buy Now
Questions 143

An organization uses radio frequency identification (RFID) technology to identify vehicles authorized to enter a gated facility. The RFID reader scans the vehicle ' s license plate number, and if the number is on a pre-authorized list, a green light flashes, indicating to the security guard that he can push a button to open the gate.

Which of the following controls should be added to ensure that a particular vehicle is authorized to enter the facility?

Options:

A.

The security guard should question the vehicle ' s driver, if the guard has any doubts.

B.

Physical characteristics of the vehicle should be described in the system.

C.

The security guard should send each access request to administrative personnel for validation prior to admitting the vehicle into the gated facility.

D.

Video surveillance cameras should be installed to provide a full view of the vehicle.

Buy Now
Questions 144

An organization uses the management-by-objectives method whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

Options:

A.

It is particularly helpful to management when the organization is facing rapid change.

B.

It is a more successful approach when adopted by mechanistic organizations.

C.

It is mere successful when goal setting is performed not only by management, but by all team members, including lower-level staff.

D.

It is particularly successful in environments that are prone to having poor employer-employee relations.

Buy Now
Questions 145

Which of the following statements is true regarding the data dictionary?

Options:

A.

The data dictionary includes system tables and program files of a database.

B.

The data dictionary describes the content of information stored in the database.

C.

The data dictionary specifies objects such as users, permissions, and groups.

D.

The data dictionary includes system backup and encryption keys.

Buy Now
Questions 146

For which of the following scenarios would the most recent backup of the human resources database be the best source of information to use?

Options:

A.

An incorrect program fix was implemented just prior to the database backup.

B.

The organization is preparing to train all employees on the new self-service benefits system.

C.

There was a data center failure that requires restoring the system at the backup site.

D.

There is a need to access prior year-end training reports for all employees in the human resources database

Buy Now
Questions 147

Which of the following contract concepts is typically given in exchange for the execution of a promise?

Options:

A.

Lawfulness.

B.

Consideration.

C.

Agreement.

D.

Discharge

Buy Now
Questions 148

When auditing the account receivables for the first time, an internal auditor noted that the finance team had not—over many accounting periods—reviewed the accounts receivables for debts that could no longer be collected. How should the auditor proceed?

Options:

A.

Escalate the finding to the board, due to the significance of the risk

B.

Recommend that management review the receivables for debts that can no longer be collected and remove them from the cash flow statement

C.

Recommend that management review the receivables for debts that can no longer be collected and write them off

D.

Document the finding and conclude that no immediate action is warranted, as bad debt allowances are merely estimates

Buy Now
Questions 149

Which of the following statements is true regarding cost-volume-profit analysis?

Options:

A.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted

B.

Breakeven is the amount of units sold to cover variable costs

C.

Breakeven occurs when the contribution margin covers fixed costs

D.

Following breakeven, net operating income will increase by the excess of fixed costs less the variable costs per unit sold

Buy Now
Questions 150

If the chief audit executive (CAE) observes that an international wire was approved to transfer funds to a country embargoed by the government, which of the following would be the most appropriate first step for the CAE to take?

Options:

A.

Track the wire and perform ongoing monitoring

B.

Discuss the issue with management

C.

Immediately report the transaction to the regulatory authorities

D.

Report the transaction to the audit committee

Buy Now
Questions 151

An internal audit function did not conform with the Global Internal Audit Standards in only one of many engagements, as the engagement was performed with a lack of adequate knowledge of the subject matter. Which of the following is appropriate in relation to declaring conformance with the Standards?

Options:

A.

The internal audit function can still declare conformance with the Standards for all engagements

B.

The internal audit function can still declare conformance with the Standards for all other engagements that satisfy the requirements

C.

The internal audit function can declare partial conformance with the Standards for all engagements

D.

The internal audit function needs to evaluate the impact of the nonconformance before it can declare nonconformance with the Standards

Buy Now
Questions 152

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

Options:

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Buy Now
Questions 153

According to Maslow’s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?

Options:

A.

Esteem by colleagues

B.

Self-fulfillment

C.

Sense of belonging in the organization

D.

Job security

Buy Now
Questions 154

Which of the following disaster recovery plans includes recovery resources available at the site, but they may need to be configured to support the production system?

Options:

A.

Warm site recovery plan.

B.

Hot site recovery plan.

C.

Cool site recovery plan.

D.

Cold site recovery plan.

Buy Now
Questions 155

All of the following are true with regard to the first-in, first-out inventory valuation method except:

Options:

A.

It values inventory close to current replacement cost.

B.

It generates the highest profit when prices are rising.

C.

It approximates the physical flow of goods.

D.

It minimizes current-period income taxes.

Buy Now
Questions 156

Which of the following represents an example of a physical security control?

Options:

A.

Access rights are allocated according to the organization’s policy

B.

There is confirmation that data output is accurate and complete

C.

Servers are located in locked rooms to which access is restricted

D.

A record is maintained to track the process from data input to storage

Buy Now
Questions 157

A global business organization is selecting managers to post to various international expatriate assignments. In the screening process, which of the following traits would be required to make a manager a successful expatriate?

    Superior technical competence.

    Willingness to attempt to communicate in a foreign language.

    Ability to empathize with other people.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Buy Now
Questions 158

When using the absorption costing approach, which of the following should be categorized as a period cost?

Options:

A.

Selling expenses.

B.

Fixed manufacturing overhead.

C.

Direct labor.

D.

Variable manufacturing overhead.

Buy Now
Questions 159

Which of the following engagement observations would provide the least motivation for management to amend or replace an existing cost accounting system?

Options:

A.

The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition ' s cost.

B.

The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.

C.

The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.

D.

Fifty percent of total organizational cost has been allocated on a volume basis.

Buy Now
Questions 160

Which of the following is the most appropriate way lo record each partner ' s initial Investment in a partnership?

Options:

A.

At the value agreed upon by the partners.

B.

At book value.

C.

At fair value

D.

At the original cost.

Buy Now
Questions 161

If legal or regulatory standards prohibit conformance with certain parts of The IIA ' s Standards, the auditor should do which of the following?

Options:

A.

Conform with all other parts of The IIA ' s Standards and provide appropriate disclosures.

B.

Conform with all other parts of The IIA ' s Standards; there is no need to provide appropriate disclosures.

C.

Continue the engagement without conforming with the other parts of The IIA ' s Standards.

D.

Withdraw from the engagement.

Buy Now
Questions 162

Which of the following statements is accurate when planning for an external quality assurance assessment of the internal audit function?

Options:

A.

The external assessment would include the audit function’s compliance with laws and regulations

B.

The selected qualified assessor can be from the organization’s shared services team

C.

The external assessment team members must work for an accounting firm

D.

The frequency of the performance of assessments should be considered by the assessor

Buy Now
Questions 163

Which of the following best describes the concept of relevant cost?

Options:

A.

A future cost that is the same among alternatives.

B.

A future cost that differs among alternatives.

C.

A past cost that is the same among alternatives.

D.

A past cost that differs among alternatives.

Buy Now
Questions 164

Which of the following best describes a man-in-the-middle cyber-attack?

Options:

A.

The perpetrator is able to delete data on the network without physical access to the device.

B.

The perpetrator is able to exploit network activities for unapproved purposes.

C.

The perpetrator is able to take over control of data communication in transit and replace traffic.

D.

The perpetrator is able to disable default security controls and introduce additional vulnerabilities

Buy Now
Questions 165

Which of the following scenarios would require the chief audit executive (CAE) to change the internal audit plan and seek approval for the changes from the board?

Options:

A.

The CAE meets with the organization ' s new CFO to review the internal audit plan. After reviewing the plan, the CFO is satisfied that the plan addressed the top risks facing the organization

B.

The CAE oversees an internal audit function that has one IT auditor on staff. This auditor left the organization eight months ago and the CAE has been unable to hire a suitable replacement

C.

The effective date of a new government regulation occurs during the internal audit plan year. The new regulation and its effective date have been public for several years

D.

The CAE oversees an internal audit function of 15 auditors. An auditor left the organization and was replaced the following week with an auditor who has similar skills and experience

Buy Now
Questions 166

A major IT project is scheduled to be implemented over a three-month period during the year. The chief audit executive (CAE) scheduled significant audit resources to provide consultation. Due to technical challenges from a supplier, the project is postponed until the following year. What should the CAE do in this case?

Options:

A.

Communicate to the IT project manager that the audit resources are still available to his department for other projects

B.

Reassign the available audit resources to other areas of risk and advise the respective managers in those areas

C.

Amend the plan accordingly and advise the board and senior management for their review and approval

D.

Keep the available resources unassigned so that they are able to take on any ad hoc assignment that may arise

Buy Now
Questions 167

Which of the following analytical techniques would an internal auditor use to verify that none of an organization ' s employees are receiving fraudulent invoice payments?

Options:

A.

Perform gap testing.

B.

Join different data sources.

C.

Perform duplicate testing.

D.

Calculate statistical parameters.

Buy Now
Questions 168

Which of the following lists best describes the classification of manufacturing costs?

Options:

A.

Direct materials, indirect materials, raw materials.

B.

Overhead costs, direct labor, direct materials.

C.

Direct materials, direct labor, depreciation on factory buildings.

D.

Raw materials, factory employees ' wages, production selling expenses.

Buy Now
Questions 169

Which of the following Issues would be a major concern for internal auditors when using a free software to analyze a third-party vendor ' s big data?

Options:

A.

The ability to use the software with ease to perform the data analysis to meet the engagement objectives.

B.

The ability to purchase upgraded features of the software that allow for more In-depth analysis of the big data.

C.

The ability to ensure that big data entered into the software is secure from potential compromises or loss.

D.

The ability to download the software onto the appropriate computers for use in analyzing the big data.

Buy Now
Questions 170

A key advantage of developing a computer application by using the prototyping approach is that it:

Options:

A.

Does not require testing for user acceptance.

B.

Allows applications to be portable across multiple system platforms.

C.

Is less expensive since it is self-documenting.

D.

Better involves users in the design process.

Buy Now
Questions 171

Which of the following is required in effective IT change management?

Options:

A.

The sole responsibility for change management is assigned to an experienced and competent IT team

B.

Change management follows a consistent process and is done in a controlled environment.

C.

Internal audit participates in the implementation of change management throughout the organisation.

D.

All changes to systems must be approved by the highest level of authority within an organization.

Buy Now
Questions 172

Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

Options:

A.

Cost method.

B.

Equity method .

C.

Consolidation method.

D.

Fair value method.

Buy Now
Questions 173

Internal audit discovered that several loads of pellets were deleted from the scaling database and consequently had no sales invoices, significantly affecting financial statements. An investigation revealed that technicians had deleted the pellet loads accidentally, with no evidence of fraud. Which of the following actions should management implement first?

Options:

A.

Address root causes by launching a project to understand and revise the methods for granting database access rights

B.

Address the condition by limiting technicians ' access to live database data

C.

Address potential risks by reconciling all sales invoices against scaling data

D.

Address investigation results by dismissing technicians who caused the disruption

Buy Now
Questions 174

In mergers and acquisitions, which of the following is an example of a horizontal combination?

Options:

A.

Dairy manufacturing company taking over a large dairy farm.

B.

A movie producer acquires movie theaters.

C.

A petroleum processing company acquires an agro-processing firm.

D.

A baker taking over a competitor.

Buy Now
Questions 175

At one organization, the specific terms of a contract require both the promisor and promisee to sign the contract in the presence of an independent witness. What is the primary role to the witness to these signatures?

Options:

A.

A witness verifies the quantities of the copies signed.

B.

A witness verifies that the contract was signed with the free consent of the promisor and promisee.

C.

A witness ensures the completeness of the contract between the promisor and promisee.

D.

A witness validates that the signatures on the contract were signed by the promisor and promisee.

Buy Now
Questions 176

An organization allows employees to use their personal mobile devices to access its database. Which of the following best maintains the confidentiality of different records within the database?

Options:

A.

Regular remote wiping of the mobile devices accessing the database.

B.

Encrypted data transmissions between mobile devices and the database.

C.

Restrictions on the access permissions when mobile devices are used.

D.

The use of two-factor authentication algorithms for those who use remote access.

Buy Now
Questions 177

Capital budgeting involves choosing among various capital projects to find the one(s) that will maximize a company ' s return on its financial investment. Which of the following parties approves the capital budget?

Options:

A.

Board of directors.

B.

Senior management.

C.

Chief financial officer.

D.

Accounting personnel.

Buy Now
Questions 178

An organization ' s chief audit executive scheduled an assurance engagement on the key processes and controls related to organizational culture. Which approach to auditing the organization ' s culture did the CAE use?

Options:

A.

Integrated approach.

B.

Top-down approach.

C.

Targeted approach.

D.

Blended approach.

Buy Now
Questions 179

Which of the following describes the free trade zone in an e-commerce environment?

Options:

A.

Zone that separates an organization ' s servers from outside forces.

B.

Area in which messages are scrutinized to determine if they are authorized.

C.

Area where communication and transactions occur between trusted parties.

D.

Zone where data is encrypted, users are authenticated, and user traffic is filtered.

Buy Now
Questions 180

Which of the following describes a third-party network that connects an organization specifically with its trading partners?

Options:

A.

Value-added network (VAN).

B.

Local area network (LAN).

C.

Metropolitan area network (MAN).

D.

Wide area network (WAN).

Buy Now
Questions 181

The chief audit executive (CAE) identified an unacceptable risk and believes that the risk is not being mitigated to an acceptable level. Which of the following is the CAE ' s next step in this situation?

Options:

A.

Escalate the concern to senior management

B.

Send a letter to responsible management and provide a deadline to accept the risk

C.

Escalate the concern to the board

D.

Discuss the issue with the members of responsible management

Buy Now
Questions 182

Which is the least effective form of risk management?

Options:

A.

Systems-based preventive control.

B.

People-based preventive control.

C.

Systems-based detective control.

D.

People-based detective control.

Buy Now
Questions 183

An analytical model determined that on Friday and Saturday nights the luxury brands stores should be open for extended hours and with a doubled number of employees

present; while on Mondays and Tuesdays costs can be minimized by reducing the number of employees to a minimum and opening only for evening hours Which of the

following best categorizes the analytical model applied?

Options:

A.

Descriptive.

B.

Diagnostic.

C.

Prescriptive.

D.

Prolific.

Buy Now
Questions 184

The economic order quantity for inventory is higher for an organization that has:

Options:

A.

Lower annual unit sales.

B.

Higher fixed inventory ordering costs.

C.

Higher annual carrying costs as a percentage of inventory value.

D.

A higher purchase price per unit of inventory.

Buy Now
Questions 185

An organization prepares a statement of privacy to protect customers ' personal information. Which of the following might violate the privacy principles?

Options:

A.

Customers can access and update personal information when needed.

B.

The organization retains customers ' personal information indefinitely.

C.

Customers reserve the right to reject sharing personal information with third parties.

D.

The organization performs regular maintenance on customers ' personal information.

Buy Now
Questions 186

Which of the following is a necessary action for an internal audit function if senior management chooses not to take action to remediate the finding and accepts the risk?

Options:

A.

The chief audit executive (CAE) must discuss this disagreement with senior management and communicate this information to external stakeholders

B.

The CAE must include this disagreement in the final audit report and conclude the engagement

C.

The CAE must make a judgment regarding the prudence of that decision and report to the board if needed

D.

The CAE must establish a follow-up process to monitor the acceptable risk level as part of the engagement

Buy Now
Questions 187

Which of the following should software auditors do when reporting internal audit findings related to enterprisewide resource planning?

Options:

A.

Draft separate audit reports for business and IT management.

B.

Conned IT audit findings to business issues.

C.

Include technical details to support IT issues.

D.

Include an opinion on financial reporting accuracy and completeness.

Buy Now
Questions 188

Which type of bond sells at & discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Options:

A.

High-yield bonds

B.

Commodity-backed bonds

C.

Zero coupon bonds

D.

Junk bonds

Buy Now
Questions 189

A chief audit executive (CAE) joined an organization in the middle of the financial year. A risk-based annual audit plan has been approved by the board and is already underway. However, after discussions with key stakeholders, the CAE realizes that some significant key risk areas have not been covered in the original audit plan. How should the CAE respond?

Options:

A.

Commit to delivering the original annual audit plan as it has already been approved by the board

B.

Revise the plan to incorporate the newly identified risks, and communicate significant interim changes to senior management and the board for review and approval

C.

Ensure that the newly identified risks are included in the next year ' s annual audit plan

D.

Assign internal auditors to immediately perform assurance engagements in the areas where the new risks have been identified, due to their significance

Buy Now
Questions 190

How should internal auditors respond when the manager of an area under review disagrees with a finding?

Options:

A.

Escalate the disagreements to the CEO

B.

Ignore the manager’s concerns and proceed with finalizing the audit report

C.

Escalate the disagreements to the chief audit executive

D.

Reperform the audit process where there are disagreements

Buy Now
Questions 191

Which of the following is a product-oriented definition of a business rather than a market-oriented definition of a business?

Options:

A.

We are a people-and-goods mover.

B.

We supply energy.

C.

We make movies.

D.

We provide climate control in the home.

Buy Now
Questions 192

According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?

Options:

A.

Esteem by colleagues.

B.

Self-fulfillment

C.

Series of belonging in the organization

D.

Job security

Buy Now
Questions 193

The head of the research and development department at a manufacturing organization believes that his team lacks expertise in some areas and decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

Favorable labor efficiency variance

Adverse labor rate variance

Adverse labor efficiency variance

Favorable labor rate variance

Options:

A.

1 and 2.

B.

1 and 4.

C.

3 and 4.

D.

2 and 3.

Buy Now
Questions 194

An organization selected a differentiation strategy to compete at the business level. Which of the following structures best fits this strategic choice?

Options:

A.

Functional structure.

B.

Divisional structure.

C.

Mechanistic structure.

D.

Functional structure with cross-functional teams.

Buy Now
Questions 195

Which of the following items represents the first thing that should be done with obtained dote in the data analytics process?

Options:

A.

Verify completeness and accuracy.

B.

Verify existence and accuracy.

C.

Verify completeness and integrity.

D.

Verify existence and completeness.

Buy Now
Questions 196

A company records income from an investment in common stock when it does which of the following?

Options:

A.

Purchases bonds.

B.

Receives interest.

C.

Receives dividends

D.

Sells bonds.

Buy Now
Questions 197

As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized data?

Options:

A.

The auditor eliminated duplicate information

B.

The auditor organized data to minimize useless information

C.

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and addressed

D.

The auditor ensured data fields were consistent and that data could be used for a specific purpose

Buy Now
Questions 198

Which of the following describes the most appropriate set of tests for auditing a workstation’s logical access controls?

Options:

A.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room

B.

Review the password length, frequency of change, and list of users for the workstation’s login process

C.

Review the list of people who attempted to access the workstation and failed, as well as error messages

D.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

Buy Now
Questions 199

The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity ' s (lAArs) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA. Which of the following staffing approaches is the CAE most likely lo select?

Options:

A.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

B.

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

C.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

D.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

Buy Now
Questions 200

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?

Options:

A.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.

B.

Orders, commands, and advice are sent to the subsidiaries from headquarters.

C.

Poop o of local nationality are developed for the best positions within their own country.

D.

There is a significant amount of collaboration between headquarters and subs diaries.

Buy Now
Questions 201

Which of the following statements is true regarding an investee that received a dividend distribution from an entity and is presumed to have little influence over the entity?

Options:

A.

The cash dividends received increase the investee investment account accordingly.

B.

The investee must adjust the investment account by the ownership interest

C.

The investment account is adjusted downward by the percentage of ownership.

D.

The investee must record the cash dividends as dividend revenue

Buy Now
Questions 202

Which of the following controls would be the most effective in preventing the disclosure of an organization ' s confidential electronic information?

Options:

A.

Nondisclosure agreements between the firm and its employees.

B.

Logs of user activity within the information system.

C.

Two-factor authentication for access into the information system.

D.

limited access so information, based on employee duties

Buy Now
Questions 203

An organization has outsourced its payroll function to a third-party service provider. Which of the following contract clauses is most important to include in the outsourcing agreement to ensure access to records of the third-party provider?

Options:

A.

A termination clause.

B.

A right-to-audit clause.

C.

A confidentiality clause.

D.

A data security accountability clause.

Buy Now
Questions 204

During which phase of disaster recovery planning should an organization identify the business units, assets, and systems that are critical to continuing an acceptable level of operations?

Options:

A.

Scope and initiation phase.

B.

Business impact analysis.

C.

Plan development.

D.

Testing.

Buy Now
Questions 205

Which of the following key performance indicators would serve as the best measurement of internal audit innovation?

Options:

A.

The number of scheduled and completed audits and percentage of substantial recommendations

B.

The board’s satisfaction index and internal audit staff commitment ratings

C.

Internal audit staff’s application of technology in audit fieldwork and participation in professional organizations and publications

D.

Internal audit staff’s compliance with the audit manual and technical knowledge in auditing, information security, and cloud computing issues

Buy Now
Questions 206

An internal auditor uses a risk and control questionnaire as part of the preliminary survey for an audit of the organization ' s anti-bribery and corruption program. What is the primary purpose of using this approach?

Options:

A.

To compare records from one source to subsequently prepared records about the anti-bribery program

B.

To ascertain the existence of certain controls in the organization ' s anti-bribery program

C.

To obtain testimonial information about certain controls in the organization ' s anti-bribery program

D.

To validate control information through outside parties independent of the anti-bribery program

Buy Now
Questions 207

An organization’s income and retained earnings statement is as follows:

Sales: $3,000

Cost of goods sold: $1,600

Gross profit: $1,400

Operating expenses: $970

Operating income: $430

Interest expense: $30

Income before tax: $400

Income tax: $200

Net income: $200

Plus Jan. 1 retained earnings: $150

Less dividends: $60

Dec. 31 retained earnings: $290

Which of the following is the dividend payout ratio?

Options:

A.

20 percent.

B.

30 percent.

C.

40 percent.

D.

50 percent.

Buy Now
Questions 208

Which of the following is the most appropriate action an internal auditor would perform during an audit of his organization ' s IT change management process?

Options:

A.

Validate that only authorized personnel can migrate changes into the production environment.

B.

Perform a risk assessment to determine the likelihood that risk could occur due to insufficient patch application.

C.

Publish a schedule that lists all approved changes and planned implementation dates.

D.

Update change management processes on a consistent basis to keep up with changing technologies.

Buy Now
Questions 209

Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?

Options:

A.

The risk that users try to bypass controls and do not install required software updates

B.

The risk that smart devices can be lost or stolen due to their mobile nature

C.

The risk that an organization intrusively monitors personal information stored on smart devices

D.

The risk that proprietary information is not deleted from the device when an employee leaves

Buy Now
Questions 210

Which of the following attributes of data analytics relates to the growing number of sources from which data is being generated?

Options:

A.

Volume.

B.

Velocity.

C.

Variety.

D.

Veracity.

Buy Now
Questions 211

An organization has a declining inventory turnover but an increasing gross margin rate. Which of the following statements can best explain this situation?

Options:

A.

he organization ' s operating expenses are increasing.

B.

The organization has adopted just-in-time inventory.

C.

The organization is experiencing inventory theft.

D.

The organization ' s inventory is overstated.

Buy Now
Questions 212

A retail organization mistakenly did have include $10,000 of Inventory in the physical count at the end of the year. What was the impact to the organization ' s financial statements?

Options:

A.

Cost of sales and net income are understated.

B.

Cost of sales and net income are overstated.

C.

Cost of sales is understated and not income is overstated.

D.

Cost of sales is overstated and net Income is understated.

Buy Now
Questions 213

Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?

Options:

A.

Phishing.

B.

Ransomware.

C.

Hacking.

D.

Makvare

Buy Now
Questions 214

An employee ' s mobile device used for work was stolen in a home burglary. Which control, if already implemented by the organization, would best prevent unauthorized access to organizational data stored on the employee ' s device?

Options:

A.

Access control via biometric authentication.

B.

Access control via passcode authentication.

C.

Access control via swipe pattern authentication.

D.

Access control via security question authentication.

Buy Now
Questions 215

The main reason to establish internal controls in an organization is to:

Options:

A.

Encourage compliance with policies and procedures.

B.

Safeguard the resources of the organization.

C.

Ensure the accuracy, reliability, and timeliness of information.

D.

Provide reasonable assurance on the achievement of objectives.

Buy Now
Questions 216

An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed.

Individual product details are as follows:

Product X: Selling price per unit: $10; Materials per unit at $1/kg: 2 kg; Monthly demand: 100 units.

Product Y: Selling price per unit: $13; Materials per unit at $1/kg: 6 kg; Monthly demand: 120 units.

In order to maximize profit, how much of product Y should the organization produce each month?

Options:

A.

50 units.

B.

60 units.

C.

100 units.

D.

120 units.

Buy Now
Questions 217

Which observations should the chief audit executive include in the executive summary of the final engagement communication?

Options:

A.

All observations

B.

Only observations with an action plan

C.

Only significant observations

D.

Only observations agreed with management

Buy Now
Questions 218

Which of the following attributes of data is the most significantly impacted by the internet of things?

Options:

A.

Normalization

B.

Velocity

C.

Structuration

D.

Veracity

Buy Now
Questions 219

A data classification policy would most likely assist in achieving which of the following control objectives?

Options:

A.

Confirming the validity of the data record.

B.

Ensuring the completeness of the data.

C.

Eliminating redundant data records.

D.

Complying with data protection regulations.

Buy Now
Questions 220

Which of the following statements best describes the current state of data privacy regulation?

Options:

A.

Regulations related to privacy are evolving and complex, and the number of laws is increasing

B.

Most privacy laws are prescriptive and focused on organizations’ privacy rights

C.

The concept of data privacy is well established, privacy regulations are mature, and minimal regulatory changes are expected

D.

Because the concept of privacy is different around the world, data privacy is relatively unregulated

Buy Now
Questions 221

Which of the following scenarios best illustrates a spear phishing attack?

Options:

A.

Numerous and consistent attacks on the company ' s website caused the server to crash and service was disrupted.

B.

A person posing as a representative of the company ' s IT help desk called several employees and played a generic prerecorded message requesting password data.

C.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

D.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Buy Now
Questions 222

An internal auditor reviews a data population and calculates the mean, median, and range. What is the most likely purpose of performing this analytic technique?

Options:

A.

To inform the classification of the data population.

B.

To determine the completeness and accuracy of the data.

C.

To identify whether the population contains outliers.

D.

To determine whether duplicates in the data inflate the range.

Buy Now
Questions 223

Which of the following management approaches may help eliminate employee dissatisfaction, but would not necessarily motivate workers to high achievement levels?

Options:

A.

Providing growth opportunities for employees.

B.

Offering employee recognition incentives in the organization.

C.

Offering competitive employee compensation packages.

D.

Assigning more responsibility to successful employees.

Buy Now
Questions 224

A senior payroll accountant was responsible for three business units. When the number of employees increased considerably, another accountant was hired and became responsible for one of the units. However, an access rights attestation from the senior payroll accountant remained the same, despite an internal policy requiring payroll access to be restricted. Which of the following controls most likely failed?

Options:

A.

Reauthorization controls.

B.

Authorization controls.

C.

Authentication controls.

D.

Segregation of duties.

Buy Now
Questions 225

Which of the following best describes the chief audit executive ' s responsibility for assessing the organization ' s residual risk?

Options:

A.

Create an action plan to mitigate the risk

B.

Incorporate management acceptance of risk in the workpapers as internal audit evidence

C.

Report deviations immediately to the board

D.

Communicate the matter with senior management

Buy Now
Questions 226

Which of the following should be included in a data privacy poky?

1. Stipulations for deleting certain data after a specified period of time.

2. Guidance on acceptable methods for collecting personal data.

3. A requirement to retain personal data indefinitely to ensure a complete audit trail,

4. A description of what constitutes appropriate use of personal data.

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 4 only

D.

2, 3, and 4 only

Buy Now
Questions 227

At what stage of project integration management would a project manager and project management team typically coordinate the various technical and organizational interfaces that exist in the project?

Options:

A.

Project plan development.

B.

Project plan execution

C.

Integrated change control.

D.

Project quality planning

Buy Now
Questions 228

A financial technology startup consists of self-managed teams. Although each team can make proposals to other teams, decision-making lies within each individual team.

Which of the following risks could arise from this organizational structure?

Options:

A.

Processes are bureaucratic.

B.

Decision-making is slow.

C.

Resources are duplicated.

D.

Power is overconcentrated.

Buy Now
Questions 229

Which of the following performance measures includes both profits and investment base?

Options:

A.

Residual income

B.

A flexible budget

C.

Variance analysis.

D.

A contribution margin income statement by segment.

Buy Now
Questions 230

Which of the following statements is true regarding user developed applications (UDAs) and traditional IT applications?

Options:

A.

UDAs arid traditional JT applications typically follow a similar development life cycle

B.

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

C.

Unlike traditional IT applications. UDAs typically are developed with little consideration of controls.

D.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Buy Now
Questions 231

An organization ' s account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?

Options:

A.

A debit to office supplies on hand for S2.500

B.

A debit to office supplies on hand for $11.500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Buy Now
Questions 232

Which of the following best describes a detective control designed to protect an organization from cyberthreats and attacks?

Options:

A.

A list of trustworthy, good traffic and a list of unauthorized, blocked traffic.

B.

Monitoring for vulnerabilities based on industry intelligence.

C.

Comprehensive service level agreements with vendors.

D.

Firewall and other network perimeter protection tools.

Buy Now
Questions 233

Which of the following would be the best indicator that the organization is saving money?

Options:

A.

No duplicate payments occurred during the past quarter.

B.

During the past quarter, 95% of invoices were paid by the due date.

C.

During the past quarter, 85% of invoices eligible for early-pay discounts were paid in time to obtain the discount.

D.

During the past quarter, 100% of payments made matched the invoiced amounts.

Buy Now
Questions 234

Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

Options:

A.

A flexible budget.

B.

Variance analysis.

C.

A contribution margin income statement by segment.

D.

Residual income.

Buy Now
Questions 235

Which of the following storage options would give the organization the best chance of recovering data?

Options:

A.

Encrypted physical copies of the data, and their encryption keys are stored together at the organization and are readily available upon request.

B.

Encrypted physical copies of the data are stored separately from their encryption keys, and both are held in secure locations a few hours away from the organization.

C.

Encrypted reports on usage and database structure changes are stored on a cloud-based, secured database that is readily accessible.

D.

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readilyavailable.

Buy Now
Questions 236

When applied to international economics, the theory of comparative advantage proposes that total worldwide output will be greatest when:

Options:

A.

Each nation ' s total imports approximately equal its total exports.

B.

Each good is produced by the nation that has the lowest opportunity cost for that good.

C.

Goods that contribute to a nation ' s balance-of-payments deficit are no longer imported.

D.

International trade is unrestricted and tariffs are not imposed.

Buy Now
Questions 237

A brand manager in a consumer food products organization suspected that several days of the point-of-sale data on the spreadsheet from one grocery chain were missing. The best approach for detecting missing rows in spreadsheet data would be to:

Options:

A.

Sort on product identification code and identify missing product identification codes.

B.

Review store identification code and identify missing product identification codes.

C.

Compare product identification codes for consecutive periods.

D.

Compare product identification codes by store for consecutive periods.

Buy Now
Exam Code: IIA-CIA-Part3
Exam Name: Internal Audit Function
Last Update: Jul 19, 2026
Questions: 791

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99