IIA IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Exam Practice Test

Cold recovery plan

Critical recovery plan

Warm recovery plan

Tested recovery plan

Normalize the data

Obtain the data

identify the risks

Analyze the data

Database review

Data center review

Network configuration review

Operating systems review

Job enlargement.

Job enlargement.

Horizontal loading of the job.

Job rotation

Monitoring access to the online database.

Backing up and maintaining archived data.

Responding to customer inquiries.

Maintaining and assuring network security.

Total manufacturing costs are determined at the end of each period.

Costs are summarized in a production cost repot for each department

Three manufacturing cost elements are tracked direct materials direct labor and manufacturing overhead.

The unit cost can be calculated by dividing the total manufacturing costs for the period by the units produced during the period

Data is synchronized in real lime

Recovery time is expected to be less than one week

Servers are not available and need to be procured

Recovery resources and data restore processes have not been defined

Knowledge/skills gap

Monitoring gap

Accountability/reward failure.

Communication failure.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.

The valuation will be incorrect it the inventory includes goods m transit shipped free on board (FOB) destination to another organization

The valuation will be correct if the inventory includes goods received on consignment from another organization

The valuation will be incorrect it the inventory includes goods in transit shipped FOB shipping point from another organization

The valuation will be correct it the inventory includes goods sent on consignment to another

organization

Develop and enforce change policies to ensure employees are continually trained.

Apply a risk-based approach and impose segregation of duties related to the change management process.

Conduct a high-level threat analysis and implement a compensating control.

Validate authorization, segregation of duties, testing of changes, and approval to move changes into production.

Y should be listed as an investment asset on X's balance sheet

X must consolidate the financial statements for both organizations

Y should be reported as a footnote to X's financial statements

Y should not be reported by X as X does not have a controlling interest

Review the the call center script used by customer service agents to interact with callers and update the script rf necessary

De-emphasize the importance of call center employees completing a certain number of calls per hour

Retrain call center staff on area processes and common technical issues that they will Likely be asked to resolve

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Fixed costs per unit for each additional unit sold

Variable costs per unit for each additional unit sold

Contribution margin per unit for each additional unit sold

Gross margin per unit for each additional unit sold

Boundary defense.

Malware defense.

Penetration tests.

Wireless access controls.

Process analysis.

Process mining.

Data analysis.

Data mining.

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate.

They require significant computer resources.

They are susceptible to supply-chain disruptions.

They require complicated materials-supply contracts.

They prevent manufacturers from scaling up or down to meet changing demands.

Diversification

Vertical integration

Risk avoidance

Differentiation

Divesting product lines expected to have negative profitability.

Increasing the diversity of strategic business units.

Increasing investment in research and development for a new product.

Relocating the organization's manufacturing to another country.

Prestige

Small size.

Competition

Common threat

For plant assets cost includes the purchase price and the cost of design and construction

For intangible assets cost includes the purchase price and development costs

Due to their indefinite nature intangible assets are not subject to amortization

The organization must expense any cost incurred in developing a plant asset

Visibility, validity, vulnerability

Velocity, variety volume.

Complexity completeness constancy

Continuity, control convenience

Internal auditors perform reconciliation procedures to support an external audit of financial reporting.

Internal auditors perform a systems-focused analysis to review relevant controls.

Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan.

Internal auditors test IT general controls with regard to operating effectiveness versus design.

A star

A cash cow

A Question mark

A dog

End-to-end testing

IT systems and application walkthrough

Tabletop or boardroom-style testing

Desk check testing

Cash payback technique.

Annual rate of return technique.

Internal rate of return method.

Net present value method.

Non-disclosure agreements between the firm and its employees

Logs of user activity within the information system

Two-factor authentication for access into the information system

Limited access to information based on employee duties

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process

Institute detection and authentication controls for all devices used for network connectivity and data storage

Use management software to scan and then prompt patch reminders when devices connect to the network

A list of trustworthy good traffic and a list of unauthorized blocked traffic.

Monitoring for vulnerabilities based on industry intelligence

Comprehensive service level agreements with vendors.

Firewall and other network penmeter protection tools.

Operating rate.

Asset efficiency rate.

Resource utilization rate.

Productivity rate.

All personal information, by definition is considered to be sensitive, requiring specialized controls.

Information is not considered personal if it can only be linked to or used to identify an individual indirectly.

Individuals who provide personal information to organizations share in the risk of inappropriate

disclosure.

Good protection controls remove any restrictions on the quantity of personal information that can be collected

To reconstitute systems efficiently following a disruptive event.

To define rules on how devices within the system should communicate after a disaster.

To describe how data should move from one system to another system in case of an emergency.

To establish a protected area of network that is accessible to the public after a disaster

1 and 3

1 and 4

2 and 3

2 and 4

The structure is dispersed geographically.

The hierarchy levels are more numerous.

The span of control is wide.

The lower-level managers are encouraged to exercise creativity when solving problems.

The file transfer protocol (FTP) should always be enabled

The simple mail transfer protocol (SMTP) should be operating under me most privileged accounts

The number of ports and protocols allowed to access the web server should be maximized

Secure protocols for confidential pages should be used instead of clear-text protocol such as HTTP or FTP

Identify redundant controls.

Improve budgeting accuracy.

Enhance assurance provided to management.

Assist in developing audit programs.

The Committee of Sponsoring Organizations of the Treadway Commission.

The Board of Environmental, Health, and Safety Auditor Certifications.

The International Organization of Supreme Audit Institutions.

The International Standards Organization.

1 and 2 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

Businesses must pay a tax only if they make a profit.

The consumer ultimately bears the cost of the tax through higher prices.

Consumer savings are discouraged.

The amount of value added is the difference between an organization's sales and its cost of goods sold.

Program versions are synchronized across the network.

Emergency move procedures are documented and followed.

Appropriate users are involved in program change testing.

Movement from the test library to the production library is controlled.

Use an aging schedule to more closely estimate uncollectible accounts.

Eliminate the need for an allowance for doubtful accounts.

Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.

Use a method that approximates the matching principle.

We are a people-and-goods mover.

We supply energy.

We make movies.

We provide climate control in the home.

A flexible budget.

Variance analysis.

A contribution margin income statement by segment.

Residual income.

In a regressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

In a regressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

In a progressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

In a progressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

Performing a system audit.

Making system changes.

Testing policy compliance.

Conducting system monitoring.

Star network.

Bus network.

Token ring network.

Mesh network.

Identifying risks to the organization's operations.

Observing and analyzing controls.

Prioritizing known risks.

Reviewing organizational objectives.

To keep stock price constant.

To keep shareholders' equity constant.

To increase shareholders' equity.

To enhance the stock liquidity.

Merger.

Strategic fit.

Joint venture.

Strategic goal.

Avoidance.

Reduction.

Elimination.

Sharing.

End users have their read-only applications approved by the information systems department before accessing the database.

Concurrency update controls are in place.

End-user applications are developed on personal computers before being implemented on the

mainframe.

A hierarchical database model is adopted so that multiple users can be served at the same time.

Set clear objectives.

Engage the various communities of practice within the organization.

Demonstrate support from senior management.

Establish key competencies.

Fragmented industries.

Declining industries.

Mature industries.

Emerging industries.

2 only

3 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

Established strategy of players.

Low number of new firms.

High unit costs.

Technical expertise.

Risk acceptance.

Risk sharing.

Risk avoidance.

Risk reduction.

A time-sensitive just-in-time purchase environment.

A large volume of custom purchases.

A variable volume sensitive to material cost.

A currently inefficient purchasing process.

Fixed cost.

Variable cost.

Total maintenance cost.

Patient days.

Promote closer linkage between organizational strategy and information.

Provide users with greater online access to information systems.

Enhance the functionality of application systems.

Expand the use of automated controls.

Decentralized organizations are more focused on organizational goals.

Decentralized organizations streamline organizational structure.

Decentralized organizations tend to be less expensive to operate.

Decentralized organizations tend to be more responsive to market changes.

Determine the optimal amount of resources for the organization to invest in CSR.

Align CSR program objectives with the organization's strategic plan.

Integrate CSR activities into the organization's decision-making process.

Determine whether the organization has an appropriate policy governing its CSR activities.

Invest in marketing.

Invest in research and development.

Control costs.

Shift toward mass production.

The board has overall responsibility for the internal control processes associated with the CSR program.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with the CSR program.

The internal audit activity is responsible for ensuring that CSR principles are integrated into the

organization's policies and procedures.

Every employee has a responsibility for ensuring the success of the organization's CSR objectives.

Functional departmentalization.

Product departmentalization.

Matrix organization.

Divisional organization.

1 only

4 only

1 and 4 only

1, 2, and 3 only

Adequate segregation of duties between data processing controls and file security controls.

Documented procedures for remote job entry and for local data file retention.

Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.

Established procedures to prevent and detect unauthorized changes to data files.

Empathetic listening.

Reframing.

Reflective listening.

Dialogue.

Forming stage.

Norming stage.

Performing stage.

Storming stage.

1 and 3 only

2 and 4 only

1, 2, and 4 only

1, 2, 3, and 4

A transmission control protocol/Internet protocol (TCP/IP).

An operating system.

A web browser.

A web server.

To assess whether an annual control review is necessary.

To determine conformance with requirements and agreements.

To evaluate executive management oversight.

To promote environmental awareness.