Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

IIA IIA-CIA-Part3 Business Knowledge for Internal Auditing Exam Practice Test

Demo: 124 questions
Total 416 questions

Business Knowledge for Internal Auditing Questions and Answers

Question 1

An organization that sells products to a foreign subsidiary wants to charge a price that will decrease import tariffs. Which of the following is the best course of action for the organization?

Options:

A.

Decrease the transfer price.

B.

Increase the transfer price.

C.

Charge at the arm’s length price.

D.

Charge at the optimal transfer price.

Question 2

According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Options:

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Question 3

A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?

Options:

A.

Fixed and variable manufacturing costs are less than the special offer selling price

B.

The manufacturer can fulfill the order without expanding the capacities of the production facilities

C.

Costs related to accepting this offer can be absorbed through the sale of other products

D.

The manufacturer’s production facilities are currently operating at full capacity

Question 4

Which of the following IT-related activities is most commonly performed by the second line of defense?

Options:

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide an independent assessment of IT security.

Question 5

According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?

Options:

A.

Hot recovery plan

B.

Warm recovery plan

C.

Cold plan

D.

Absence of recovery plan

Question 6

Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Options:

A.

High-yield bonds

B.

Commodity-backed bonds

C.

Zero-coupon bonds

D.

Junk bonds

Question 7

During a payroll audit, the internal auditor is assessing the security of the local area network of the payroll department computers. Which of the following IT controls should the auditor test?

Options:

A.

IT application-based controls

B.

IT systems development controls

C.

Environmental controls

D.

IT governance controls

Question 8

Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of infringement on local regulations, such as copyright or privacy laws?

Options:

A.

Not installing anti-malware software.

B.

Updating operating software in a haphazard manner.

C.

Applying a weak password for access to a mobile device.

D.

Jailbreaking a locked smart device.

Question 9

Which of the following is classified as a product cost using the variable costing method?

Direct labor costs.

Insurance on a factory.

Manufacturing supplies.

Packaging and shipping costs.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 10

When using data analytics during a review of the procurement process, what is the first step in the analysis process?

Options:

A.

Identify data anomalies and outliers

B.

Define questions to be answered

C.

Identify data sources available

D.

Determine the scope of the data extract

Question 11

According to IIA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?

Options:

A.

Report identifying data that is outside of system parameters.

B.

Report identifying general ledger transactions by time and individual.

C.

Report comparing processing results with original input.

D.

Report confirming that the general ledger data was processed without error.

Question 12

An internal auditor was asked to review an equal equity partnership. In one sampled transaction, Partner A transferred equipment into the partnership with a self-declared value of $10,000, and Partner B contributed equipment with a self-declared value of $15,000. The capital accounts of each partner were subsequently credited with $12,500. Which of the following statements is true regarding this transaction?

Options:

A.

The capital accounts of the partners should be increased by the original cost of the contributed equipment.

B.

The capital accounts should be increased using a weighted average based on the current percentage of ownership.

C.

No action is necessary as the capital account of each partner was increased by the correct amount.

D.

The capital accounts of the partners should be increased by the fair market value of their contribution.

Question 13

As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized data?

Options:

A.

The auditor eliminated duplicate information

B.

The auditor organized data to minimize useless information

C.

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and addressed

D.

The auditor ensured data fields were consistent and that data could be used for a specific purpose

Question 14

Which of the following lists is comprised of computer hardware only?

Options:

A.

A central processing unit, a scanner, and a value-added network

B.

A computer chip, a data warehouse, and a router

C.

A server, a firewall, and a smartphone

D.

A workstation, a modem, and a disk drive

Question 15

Which of the following risks would involve individuals attacking an oil company’s IT system as a sign of solidarity against drilling in a local area?

Options:

A.

Tampering

B.

Hacking

C.

Phishing

D.

Piracy

Question 16

According to IIA guidance on IT, which of the following plans would pair the identification of critical business processes with recovery time objectives?

Options:

A.

The business continuity management charter

B.

The business continuity risk assessment plan

C.

The business impact analysis plan

D.

The business case for business continuity planning

Question 17

According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?

Options:

A.

Individual workstation computer controls are not as important as companywide server controls

B.

Particular attention should be paid to housing workstations away from environmental hazards

C.

Cybersecurity issues can be controlled at an enterprise level, making workstation-level controls redundant

D.

With security risks near an all-time high, workstations should not be connected to the company network

Question 18

Given the information below, which organization is in the weakest position to pay short-term debts?

Organization A: Current assets constitute $1,200,000; Current liabilities are $400,000

Organization B: Current assets constitute $1,000,000; Current liabilities are $1,000,000

Organization C: Current assets constitute $900,000; Current liabilities are $300,000

Organization D: Current assets constitute $1,000,000; Current liabilities are $250,000

Options:

A.

Organization A

B.

Organization B

C.

Organization C

D.

Organization D

Question 19

An internal auditor found the following information while reviewing the monthly financial statements for a wholesaler of safety glasses: Opening inventory: 1,000 units at $2 per unit; Purchased: 5,000 units at $3 per unit; Sold: 3,000 units at $7 per unit. The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?

Options:

A.

Average cost method

B.

First-in, first-out (FIFO) method

C.

Specific identification method

D.

Activity-based costing method

Question 20

An internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?

Options:

A.

The auditor is normalizing data in preparation for analyzing it.

B.

The auditor is analyzing the data in preparation for communicating the results.

C.

The auditor is cleaning the data in preparation for determining which processes may be involved.

D.

The auditor is reviewing the data prior to defining the question.

Question 21

An organization has 1,000 units of a defective item in stock. Per unit, market price is $10; production cost is $4; and the defect selling price is $5. What is the carrying amount (inventory value) of defects at year-end?

Options:

A.

$0

B.

$4,000

C.

$5,000

D.

$10,000

Question 22

Which of the following authentication controls combines what a user knows with the unique characteristics of the user, respectively?

Options:

A.

Voice recognition and token

B.

Password and fingerprint

C.

Fingerprint and voice recognition

D.

Password and token

Question 23

Which of the following best explains why an organization would enter into a capital lease contract?

Options:

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization’s free cash flow from operations

C.

To improve the organization’s free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Question 24

Which of the following forms of compensation best indicates that an organization’s cost-saving objectives have been targeted?

Options:

A.

Gain sharing

B.

Commission

C.

Profit sharing

D.

Pension

Question 25

An internal auditor observed that the organization's disaster recovery solution will make use of a cold site in a town several miles away. Which of the following is likely to be a characteristic of this disaster recovery solution?

Options:

A.

Data is synchronized in real time.

B.

Recovery time is expected to be less than one week.

C.

Servers are not available and need to be procured.

D.

Recovery resources and data restore processes have been defined.

Question 26

Which of the following describes the primary advantage of using data analytics in internal auditing?

Options:

A.

It helps support the internal audit conclusions with factual evidence.

B.

It reduces the time and effort needed to prepare the audit report.

C.

It helps prevent internal auditors from unknowingly disregarding key process risks.

D.

It enables internal auditors to meet their responsibility for monitoring controls.

Question 27

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

A.

An extranet.

B.

A local area network (LAN).

C.

An intranet.

D.

The internet.

Question 28

Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

Options:

A.

Requested backup tapes were not returned from the offsite vendor in a timely manner

B.

Returned backup tapes from the offsite vendor contained empty spaces

C.

Critical systems have been backed up more frequently than required

D.

Critical system backup tapes are taken off site less frequently than required

Question 29

Which of the following is improved by the use of smart devices?

Options:

A.

Version control

B.

Privacy

C.

Portability

D.

Secure authentication

Question 30

Which of the following statements best describes the current state of data privacy regulation?

Options:

A.

Regulations related to privacy are evolving and complex, and the number of laws is increasing

B.

Most privacy laws are prescriptive and focused on organizations’ privacy rights

C.

The concept of data privacy is well established, privacy regulations are mature, and minimal regulatory changes are expected

D.

Because the concept of privacy is different around the world, data privacy is relatively unregulated

Question 31

A new manager received computations of the internal rate of return regarding his project proposal. What should the manager compare the computation results to in order to determine whether the project is potentially acceptable?

Options:

A.

Compare to the annual cost of capital.

B.

Compare to the annual interest rate.

C.

Compare to the required rate of return.

D.

Compare to the net present value.

Question 32

Which of the following is a likely result of outsourcing?

Options:

A.

Increased dependence on suppliers.

B.

Increased importance of market strategy.

C.

Decreased sensitivity to government regulation

D.

Decreased focus on costs

Question 33

Which of the following would be a concern related to the authorization controls utilized for a system?

Options:

A.

Users can only see certain screens in the system.

B.

Users are making frequent password change requests.

C.

Users Input Incorrect passwords and get denied system access

D.

Users are all permitted uniform access to the system.

Question 34

An organization that soils products to a foreign subsidiary wants to charge a price that wilt decrease import tariffs. Which of the following is the best course of action for the organization?

Options:

A.

Decrease the transfer price

B.

Increase the transfer price

C.

Charge at the arm's length price

D.

Charge at the optimal transfer price

Question 35

Which of the following is a systems software control?

Options:

A.

Restricting server room access to specific individuals

B.

Housing servers with sensitive software away from environmental hazards

C.

Ensuring that all user requirements are documented

D.

Performing of intrusion testing on a regular basis

Question 36

Which type of bond sells at & discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Options:

A.

High-yield bonds

B.

Commodity-backed bonds

C.

Zero coupon bonds

D.

Junk bonds

Question 37

Based on lest results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

Options:

A.

Requested backup tapes were not returned from the offsite vendor In a timely manner.

B.

Returned backup tapes from the offsite vendor contained empty spaces.

C.

Critical systems have boon backed up more frequently than required.

D.

Critical system backup tapes are taken off site less frequently than required

Question 38

Which of the following items represents the first thing that should be done with obtained dote in the data analytics process?

Options:

A.

Verify completeness and accuracy.

B.

Verify existence and accuracy.

C.

Verify completeness and integrity.

D.

Verify existence and completeness.

Question 39

A retail organization mistakenly did have include $10,000 of Inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?

Options:

A.

Cost of sales and net income are understated.

B.

Cost of sales and net income are overstated.

C.

Cost of sales is understated and not income is overstated.

D.

Cost of sales is overstated and net Income is understated.

Question 40

Which of the following statements, is true regarding the capital budgeting procedure known as discounted payback period?

Options:

A.

It calculates the overall value of a project.

B.

It ignores the time value of money.

C.

It calculates the time a project takes to break even.

D.

It begins at time zero for the project.

Question 41

A small software development firm designs and produces custom applications for businesses. The application development team consists of employees from multiple departments who all report to a single project manager. Which of the following organizational structures does this situation represent?

Options:

A.

Functional departmentalization.

B.

Product departmentalization

C.

Matrix organization.

D.

Divisional organization

Question 42

Which of the following is on example of a smart device security control intended to prevent unauthorized users from gaining access to a device's data or applications?

Options:

A.

Anti-malware software

B.

Authentication

C.

Spyware

D.

Rooting

Question 43

Which of the following is the most appropriate way lo record each partner's initial Investment in a partnership?

Options:

A.

At the value agreed upon by the partners.

B.

At book value.

C.

At fair value

D.

At the original cost.

Question 44

Which of the following is a disadvantage in a centralized organizational structure?

Options:

A.

Communication conflicts

B.

Slower decision making.

C.

Loss of economies of scale

D.

Vulnerabilities in sharing knowledge

Question 45

An organization has 10,000 units of a defect item in stock, per unit, market price is $10$; production cost is $4; and defect selling price is $5. What is the carrying amount (inventory value) of defects at your end?

Options:

A.

$0

B.

$4,000

C.

$5,000

D.

$10,000

Question 46

Which of the following is classified as a product cost using the variable costing method?

1. Direct labor costs.

2. Insurance on a factory.

3. Manufacturing supplies.

4. Packaging and shipping costa.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 47

What kind of strategy would be most effective for an organization to adopt in order to Implement a unique advertising campaign for selling identical product lines across all of its markets?

Options:

A.

Export strategy.

B.

Transnational strategy

C.

Multi-domestic strategy

D.

Globalization strategy

Question 48

An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?

Options:

A.

The auditor is normalizing data in preparation for analyzing it.

B.

The auditor is analyzing the data in preparation for communicating the results,

C.

The auditor is cleaning the data in preparation for determining which processes may be involves .

D.

The auditor is reviewing trio data prior to defining the question

Question 49

Which of the following practices impacts copyright issues related to the manufacturer of a smart device?

Options:

A.

Session hijacking.

B.

Jailbreaking

C.

Eavesdropping,

D.

Authentication.

Question 50

Which of the following job design techniques would most likely be used to increase employee motivation through job responsibility and recognition?

Options:

A.

Job complicating

B.

Job rotation

C.

Job enrichment

D.

Job enlargement

Question 51

Which of the following is a security feature that Involves the use of hardware and software to filter or prevent specific Information from moving between the inside network and the outs de network?

Options:

A.

Authorization

B.

Architecture model

C.

Firewall

D.

Virtual private network

Question 52

Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of Infringement on local regulations, such as copyright or privacy laws?

Options:

A.

Not installing anti-malware software

B.

Updating operating software in a haphazard manner,

C.

Applying a weak password for access to a mobile device.

D.

JoIIbreaking a locked smart device

Question 53

An organization uses the management-by-objectives method whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

Options:

A.

It is particularly helpful to management when the organization is facing rapid change.

B.

It is a more successful approach when adopted by mechanistic organizations.

C.

It is mere successful when goal setting is performed not only by management, but by all team members, including lower-level staff.

D.

It is particularly successful in environments that are prone to having poor employer-employee relations.

Question 54

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

D.

Use management software scan and then prompt parch reminders when devices connect to the network

Question 55

Which of the following should be included in a data privacy poky?

1. Stipulations for deleting certain data after a specified period of time.

2. Guidance on acceptable methods for collecting personal data.

3. A requirement to retain personal data indefinitely to ensure a complete audit trail,

4. A description of what constitutes appropriate use of personal data.

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 4 only

D.

2, 3, and 4 only

Question 56

Which of the following is an example of a physical control?

Options:

A.

Providing fire detection and suppression equipment

B.

Establishing a physical security policy and promoting it throughout the organization

C.

Performing business continuity and disaster recovery planning

D.

Keeping an offsite backup of the organization's critical data

Question 57

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?

Options:

A.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.

B.

Orders, commands, and advice are sent to the subsidiaries from headquarters.

C.

Poop o of local nationality are developed for the best positions within their own country.

D.

There is a significant amount of collaboration between headquarters and subs diaries.

Question 58

According to IIA guidance, which of the following links computers and enables them to -communicate with each other?

Options:

A.

Application program code

B.

Database system

C.

Operating system

D.

Networks

Question 59

According to IIA guidance, which of the following would be the best first stop to manage risk when a third party is overseeing the organization's network and data?

Options:

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C.

Applying administrative privileges to ensure right to access controls are appropriate.

D.

Creating a standing cyber-security committee to identify and manage risks related to data security

Question 60

The head of the research arid development department at a manufacturing organization believes that his team lacks expertise in some areas, and he decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

1. Favorable labor efficiency variance.

2. Adverse labor rate variance.

3. Adverse labor efficiency variance.

4. Favorable labor rate variance.

Options:

A.

1 and 2

B.

1 and 4

C.

3 and A

D.

2 and 3

Question 61

Which of the following statements is true regarding cost-volume-profit analysis?

Options:

A.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

B.

Breakeven point is the amount of units sold to cover variable costs.

C.

Breakeven occurs when the contribution margin covers fixed costs.

D.

Following breakover1, he operating income will increase by the excess of fixed costs less the variable costs per units sold.

Question 62

Which of the following statements is true regarding data backup?

Options:

A.

System backups should always be performed real time.

B.

Backups should be stored in a secured location onsite for easy access.

C.

The tape rotation schedule affects how long data is retained

D.

Backup media should be restored only m case of a hardware or software failure

Question 63

Which of the following concepts of managerial accounting is focused on achieving a point of low or no inventory?

Options:

A.

Theory of constraints.

B.

Just-in-time method.

C.

Activity-based costing.

D.

Break-even analysis

Question 64

Which of the following should software auditors do when reporting internal audit findings related to enterprisewide resource planning?

Options:

A.

Draft separate audit reports for business and IT management.

B.

Conned IT audit findings to business issues.

C.

Include technical details to support IT issues.

D.

Include an opinion on financial reporting accuracy and completeness.

Question 65

During her annual performance review, a sales manager admits that she experiences significant stress due to her job but stays with the organization because of the high bonuses she earns. Which of the following best describes her primary motivation to remain in the job?

Options:

A.

Intrinsic reward.

B.

Job enrichment

C.

Extrinsic reward.

D.

The hierarchy of needs.

Question 66

Which of the following contract concepts is typically given in exchange for the execution of a promise?

Options:

A.

Lawfulness.

B.

Consideration.

C.

Agreement.

D.

Discharge

Question 67

Which of the following best describes depreciation?

Options:

A.

It is a process of allocating cost of assets between periods.

B.

It is a process of assets valuation.

C.

It is a process of accumulating adequate funds to replace assets.

D.

It is a process of measuring decline in the value of assets because of obsolescence

Question 68

When would a contract be dosed out?

Options:

A.

When there's a dispute between the contracting parties

B.

When ail contractual obligations have been discharged.

C.

When there is a force majenre.

D.

When the termination clause is enacted.

Question 69

An organization has a declining inventory turnover but an increasing gross margin rate. Which of the following statements can best explain this situation?

Options:

A.

he organization's operating expenses are increasing.

B.

The organization has adopted just-in-time inventory.

C.

The organization is experiencing inventory theft.

D.

The organization's inventory is overstated.

Question 70

Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

Options:

A.

Cost method.

B.

Equity method .

C.

Consolidation method.

D.

Fair value method.

Question 71

Which of the following represents an inventory costing technique that can be manipulated by management to boost net income by selling units purchased at a low cost?

Options:

A.

First-in. first-out method (FIFO).

B.

Last-in, first-out method (LIFO).

C.

Specific identification method.

D.

Average-cost method

Question 72

An organization decided to reorganize into a flatter structure. Which of the following changes would be expected with this new structure?

Options:

A.

Lower costs.

B.

Slower decision making at the senior executive level.

C.

Limited creative freedom in lower-level managers.

D.

Senior-level executives more focused on short-term, routine decision making

Question 73

Which of the following attributes of data are cybersecurity controls primarily designed to protect?

Options:

A.

Veracity, velocity, and variety.

B.

Integrity, availability, and confidentiality.

C.

Accessibility, accuracy, and effectiveness.

D.

Authorization, logical access, and physical access.

Question 74

Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized. As such: which of the

following would be a characteristic of the now highly centralized organization?

Options:

A.

Top management does little monitoring of the decisions made at lower levels.

B.

The decisions made at the lower levels of management are considered very important.

C.

Decisions made at lower levels in the organizational structure are few.

D.

Reliance is placed on top management decision making by few of the organization's departments.

Question 75

A manufacturer ss deciding whether to sell or process materials further. Which of the following costs would be relevant to this decision?

Options:

A.

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

B.

Joint costs, incremental processing costs, and variable manufacturing expenses.

C.

Incremental revenue, joint costs, and incremental processing costs.

D.

Variable manufacturing expenses, incremental revenue, and joint costs

Question 76

Which of the following actions would senior management need to consider as part of new IT guidelines regarding the organization's cybersecurity policies?

Options:

A.

Assigning new roles and responsibilities for senior IT management.

B.

Growing use of bring your own devices for organizational matters.

C.

Expansion of operations into new markets with limited IT access.

D.

Hiring new personnel within the IT department for security purposes.

Question 77

An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational capability in the event of a disaster, Which of the following best describes this approach to disaster recovery planning?

Options:

A.

Cold recovery plan,

B.

Outsourced recovery plan.

C.

Storage area network recovery plan.

D.

Hot recovery plan

Question 78

Which of the following represents a basis for consolidation under the International Financial Reporting Standards?

Options:

A.

Variable entity approach.

B.

Control ownership.

C.

Risk and reward.

D.

Voting interest.

Question 79

Which of the following is most influenced by a retained earnings policy?

Options:

A.

Cash.

B.

Dividends.

C.

Gross margin.

D.

Net income.

Question 80

Which of the following scenarios best illustrates a spear phishing attack?

Options:

A.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

B.

A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.

C.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

D.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Question 81

According to 11A guidance on IT, which of the following spreadsheets is most likely to be considered a high-risk user-developed application?

Options:

A.

A revenue calculation spreadsheet supported with price and volume reports from the production department.

B.

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions.

C.

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantities.

D.

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances

Question 82

Which of the following storage options would give the organization the best chance of recovering data?

Options:

A.

Encrypted physical copies of the data, and their encryption keys are stored together at the organization and are readily available upon request.

B.

Encrypted physical copies of the data are stored separately from their encryption keys, and both are held in secure locations a few hours away from the organization.

C.

Encrypted reports on usage and database structure changes are stored on a cloud-based, secured database that is readily accessible.

D.

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readilyavailable.

Question 83

What relationship exists between decentralization and the degree, importance, and range of lower-level decision making?

Options:

A.

Mutually exclusive relationship.

B.

Direct relationship.

C.

Intrinsic relationship.

D.

Inverse relationship.

Question 84

Which of the following best describes a detective control designed to protect an organization from cyberthreats and attacks?

Options:

A.

A list of trustworthy, good traffic and a list of unauthorized, blocked traffic.

B.

Monitoring for vulnerabilities based on industry intelligence.

C.

Comprehensive service level agreements with vendors.

D.

Firewall and other network perimeter protection tools.

Question 85

An internal auditor is assigned to perform data analytics. Which of the following is the next step the auditor should undertake after she has ascertained the value expected from the review?

Options:

A.

Normalize the data,

B.

Obtain the data

C.

Identify the risks.Analyze the data.

Question 86

An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team's performance related to how project tasks are completed?

Options:

A.

A balanced scorecard.

B.

A quality audit

C.

Earned value analysis.

D.

Trend analysis

Question 87

An organization's technician was granted a role that enables him to prioritize projects throughout the organization. Which type of authority will the technician most likely be exercising?

Options:

A.

Legitimate authority

B.

Coercive authority.

C.

Referent authority.

D.

Expert authority.

Question 88

An organization that relies heavily on IT wants to contain the impact of potential business disruption to a period of approximately four to seven days. Which of the following

business recovery strategies would most efficiently meet this organization's needs?

Options:

A.

A recovery strategy whereby a separate site has not yet been determined, but hardware has been reserved for purchase and data backups.

B.

A recovery strategy whereby a separate site has been secured and is ready for use, with fully configured hardware and real-time synchronized data

C.

A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved.

D.

A recovery strategy whereby a separate site has been secured with configurable hardware and data backups.

Question 89

Which of the following parties is most likely to be responsible for maintaining the infrastructure required to prevent the failure of a real-time backup of a database?

Options:

A.

IT database administrator.

B.

IT data center manager.

C.

IT help desk function.

D.

IT network administrator.

Question 90

A company records income from an investment in common stock when it does which of the following?

Options:

A.

Purchases bonds.

B.

Receives interest.

C.

Receives dividends

D.

Sells bonds.

Question 91

Which of the following IT disaster recovery plans includes a remote site dessgnated for recovery with available space for basic services, such as internet and

telecommunications, but does not have servers or infrastructure equipment?

Options:

A.

Frozen site

B.

Cold site

C.

Warm site

D.

Hot site

Question 92

Which of the following describes a mechanistic organizational structure?

Options:

A.

Primary direction of communication tends to be lateral.

B.

Definition of assigned tasks tends to be broad and general.

C.

Type of knowledge required tends to be broad and professional.

D.

Reliance on self-control tends to be low.

Question 93

Which of the following statements is true regarding user-developed applications (UDAs)?

Options:

A.

UDAs are less flexible and more difficult to configure than traditional IT applications.

B.

Updating UDAs may lead to various errors resulting from changes or corrections.

C.

UDAs typically are subjected to application development and change management controls.

D.

Using UDAs typically enhances the organization's ability to comply with regulatory factors.

Question 94

Which of the following security controls would be me most effective in preventing security breaches?

Options:

A.

Approval of identity request

B.

Access logging.

C.

Monitoring privileged accounts

D.

Audit of access rights

Question 95

Which of the following physical access controls often functions as both a preventive and detective control?

Options:

A.

Locked doors.

B.

Firewalls.

C.

Surveillance cameras.

D.

Login IDs and passwords.

Question 96

Which of the following is an example of a contingent liability that a company should record?

Options:

A.

A potential assessment of additional income tax.

B.

Possible product warranty costs.

C.

The threat of a lawsuit by a competitor.

D.

The remote possibility of a contract breach.

Question 97

Which of the following statements is true regarding user developed applications (UDAs) and traditional IT applications?

Options:

A.

UDAs arid traditional JT applications typically follow a similar development life cycle

B.

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

C.

Unlike traditional IT applications. UDAs typically are developed with little consideration of controls.

D.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Question 98

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?

Options:

A.

Monitoring network traffic.

B.

Using whitelists and blacklists to manage network traffic.

C.

Restricting access and blocking unauthorized access to the network

D.

Educating employees throughout the company to recognize phishing attacks.

Question 99

Which of the following statements Is true regarding the use of centralized authority to govern an organization?

Options:

A.

Fraud committed through collusion is more likely when authority is centralized.

B.

Centralized managerial authority typically enhances certainty and consistency within an organization.

C.

When authority is centralized, the alignment of activities to achieve business goals typically is decreased.

D.

Using separation of duties to mitigate collusion is reduced only when authority is centralized.

Question 100

Which of the following statements is true regarding activity-based costing (ABC)?

Options:

A.

An ABC costing system is similar to conventional costing systems in how it treats the allocation of manufacturing overhead.

B.

An ABC costing system uses a single unit-level basis to allocate overhead costs to products.

C.

An ABC costing system may be used with either a job order or a process cost accounting system.

D.

The primary disadvantage of an ABC costing system is less accurate product costing.

Question 101

Which of following best demonstrates the application of the cost principle?

Options:

A.

A company reports trading and investment securities at their market cost

B.

A building purchased last year for $1 million is currently worth ©1.2 million, but the company still reports the building at $1 million.

C.

A building purchased last year for ©1 million is currently worth £1,2 million , and the company adjusts the records to reflect the current value

D.

A company reports assets at either historical or fair value, depending which is closer to market value.

Question 102

An internal auditor was assigned to test for ghost employees using data analytics. The auditor extracted employee data from human resources and payroll. Using spreadsheet functions, the auditor matched data sets by name and assumed that employees who were not present in each data set should be investigated further. However, the results seemed erroneous, as very few employees matched across all data sets. Which of the following data analytics steps has the auditor most likely omitted?

Options:

A.

Data analysis.

B.

Data diagnostics.

C.

Data velocity.

D.

Data normalization.

Question 103

A bond that matures after one year has a face value of S250,000 and a coupon of $30,000. if the market price of the bond is 5265,000, which of the following would be the market interest rate?

Options:

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12 50 percent.

Question 104

While conducting' audit procedures at the organization's data center an internal auditor noticed the following:

- Backup media was located on data center shelves.

- Backup media was organized by date.

- Backup schedule was one week in duration.

The system administrator was able to present restore logs.

Which of the following is reasonable for the internal auditor to conclude?

Options:

A.

Backup media is not properly stored, as the storage facility should be off-site.

B.

Backup procedures are adequate and appropriate according to best practices.

C.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

D.

Backup schedule is not sufficient, as full backup should be conducted daily.

Question 105

During disaster recovery planning, the organization established a recovery point objective. Which of the following best describes this concept?

Options:

A.

The maximum tolerable downtime after the occurrence of an incident.

B.

The maximum tolerable data loss after the occurrence of an incident.

C.

The maximum tolerable risk related to the occurrence of an incident

D.

The minimum recovery resources needed after the occurrence of an incident

Question 106

Which of the following analytical techniques would an internal auditor use to verify that none of an organization's employees are receiving fraudulent invoice payments?

Options:

A.

Perform gap testing.

B.

Join different data sources.

C.

Perform duplicate testing.

D.

Calculate statistical parameters.

Question 107

Which of the following statements describes the typical benefit of using a flat organizational structure for the internal audit activity, compared to a hierarchical structure?

Options:

A.

A flat structure results in lower operating and support costs than a hierarchical structure.

B.

A flat structure results in a stable and very collaborative environment.

C.

A flat structure enables field auditors to report to and learn from senior auditors.

D.

A flat structure is more dynamic and offers more opportunities for advancement than a hierarchical structure.

Question 108

During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

Options:

A.

Initiation phase

B.

Bidding phase

C.

Development phase

D.

Negotiation phase

Question 109

Management is pondering the following question:

"How does our organization compete?"

This question pertains to which of the following levels of strategy?

Options:

A.

Functional-level strategy

B.

Corporate-level strategy.

C.

Business-level strategy,

D.

DepartmentsHevet strategy

Question 110

When auditing databases, which of the following risks would an Internal auditor keep In mind In relation to database administrators?

Options:

A.

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

B.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

C.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

D.

The risk that database administrators could make hidden changes using privileged access.

Question 111

Which of the following facilitates data extraction from an application?

Options:

A.

Application program code.

B.

Database system.

C.

Operating system.

D.

Networks.

Question 112

Which of the following sites would an Internet service provider most likely use to restore operations after its servers were damaged by a natural disaster?

Options:

A.

On site.

B.

Cold site.

C.

Hot site.

D.

Warm site

Question 113

Which of the following statements distinguishes a router from a typical switch?

Options:

A.

A router operates at layer two. while a switch operates at layer three of the open systems interconnection model.

B.

A router transmits data through frames, while a switch sends data through packets.

C.

A router connects networks, while a switch connects devices within a network.

D.

A router uses a media access control address during the transmission of data, whie a switch uses an internet protocol address.

Question 114

An intruder posing as the organization's CEO sent an email and tricked payroll staff into providing employees' private tax information. What type of attack was perpetrated?

Options:

A.

Boundary attack.

B.

Spear phishing attack.

C.

Brute force attack.

D.

Spoofing attack.

Question 115

Which of the following physical security controls is able to serve as both a detective and preventive control?

Options:

A.

Authentication logs.

B.

Card key readers.

C.

Biometric devices

D.

Video surveillance.

Question 116

Which of the following best describes the type of control provided by a firewall?

Options:

A.

Corrective

B.

Detective

C.

Preventive

D.

Discretionary

Question 117

When examining; an organization's strategic plan, an internal auditor should expect to find which of the following components?

Options:

A.

Identification of achievable goals and timelines

B.

Analysis of the competitive environment.

C.

Plan for the procurement of resources

D.

Plan for progress reporting and oversight.

Question 118

How can the concept of relevant cost help management with behavioral analyses?

Options:

A.

It explains the assumption mat both costs and revenues are linear through the relevant range

B.

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

Question 119

Focus An organization has decided to have all employees work from home. Which of the following network types would securely enable this approach?

Options:

A.

A wireless local area network (WLAN ).

B.

A personal area network (PAN).

C.

A wide area network (WAN).

D.

A virtual private network (VPN)

Question 120

Which of the following information security controls has the primary function of preventing unauthorized outside users from accessing an organization's data through the organization's network?

Options:

A.

Firewall.

B.

Encryption.

C.

Antivirus.

D.

Biometrics.

Question 121

Following an evaluation of an organization's IT controls, an internal auditor suggested improving the process where results are compared against the input. Which of the following IT controls would the Internal auditor recommend?

Options:

A.

Output controls.

B.

Input controls

C.

Processing controls.

D.

Integrity controls.

Question 122

Which of the following business practices promotes a culture of high performance?

Options:

A.

Reiterating the importance of compliance with established policies and procedures.

B.

Celebrating employees' individual excellence.

C.

Periodically rotating operational managers.

D.

Avoiding status differences among employees.

Question 123

The management of working capital is most crucial for which of the following aspects of business?

Options:

A.

Liquidity

B.

Profitability

C.

Solvency

D.

Efficiency

Question 124

The board of directors wants to implement an incentive program for senior management that is specifically tied to the long-term health of the organization. Which of the following methods of compensation would be best to achieve this goal?

Options:

A.

Commissions.

B.

Stock options

C.

Gain-sharing bonuses.

D.

Allowances

Demo: 124 questions
Total 416 questions