IIA IIA-CIA-Part3 Business Knowledge for Internal Auditing Exam Practice Test

To inform the classification of the data population.

To determine the completeness and accuracy of the data.

To identify whether the population contains outliers.

To determine whether duplicates in the data inflate the range.

1 and 3 only

1 and 4 only

2 and 3 only

3 and 4 only

Analysis of the full population of existing data.

Verification of the completeness and integrity of existing data.

Continuous monitoring on a repetitive basis.

Analysis of the databases of partners, such as suppliers.

The risk that users try to bypass controls and do not install required software updates.

The risk that smart devices can be lost or stolen due to their mobile nature..

The risk that an organization intrusively monitors personal Information stored on smart devices.

The risk that proprietary information is not deleted from the device when an employee leaves.

Password selection

Password aging

Password lockout

Password rotation

Income statement accounts.

Balance sheet accounts.

Permanent accounts.

Real accounts.

The sole responsibility for change management is assigned to an experienced and competent IT team

Change management follows a consistent process and is done in a controlled environment.

Internal audit participates in the implementation of change management throughout the organisation.

All changes to systems must be approved by the highest level of authority within an organization.

A sinking fund bond.

A secured bond.

A junk bond.

A debenture bond

A list of trustworthy, good traffic and a list of unauthorized, blocked traffic.

Monitoring for vulnerabilities based on industry intelligence.

Comprehensive service level agreements with vendors.

Firewall and other network perimeter protection tools.

Articulation of the data

Availability of the data.

Measurability of the data

Relevance of the data.

Transaction logs are maintained to capture a history of system processing.

System security settings require the use of strong passwords and access controls.

Failed system login attempts are recorded and analyzed to identify potential security incidents.

System servers are secured by locking mechanisms with access granted to specific individuals.

Functional structure.

Divisional structure.

Mechanistic structure.

Functional structure with cross-functional teams.

Management must ensure information storage systems are appropriately defined and processes to update critical data elements are clear.

External auditors must ensure that analytical models are periodically monitored and maintained.

The board must implement controls around data quality dimensions to ensure that they are effective.

Internal auditors must ensure the quality and security of data, with a heightened focus on the riskiest data elements.

Whether customers are asked to renew their consent for their data processing at least quarterly.

Whether private data is processed in accordance with the purpose for which the consent was obtained?

Whether the organization has established explicit and entitywide policies on data transfer to third parties.

Whether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

The authentication process relies on a simple password only, which is a weak method of authorization.

The system authorization of the user does not correctly reflect the access rights intended.

There was no periodic review to validate access rights.

The application owner apparently did not approve the access request during the provisioning process.

Determining the frequency with which backups will be performed.

Prioritizing the order in which business systems would be restored.

Assigning who in the IT department would be involved in the recovery procedures.

Assessing the resources needed to meet the data recovery objectives.

A supplier of electrical parts analyzed an instances where different types of spare parts were out of stock prior to scheduled deliveries of those parts.

A supplier of electrical parts analyzed sales, applied assumptions related to weather conditions, and identified locations where stock levels would decrease more quickly.

A supplier of electrical parts analyzed all instances of a part being, out of stock poor to its scheduled delivery date and discovered that increases in sales of that part consistently correlated with stormy weather.

A supplier of electrical parts analyzed sales and stock information and modelled different scenarios for making decisions on stock reordering and delivery

Application management

Data center management

Managed security services

Systems integration

Perform gap testing.

Join different data sources.

Perform duplicate testing.

Calculate statistical parameters.

The file transfer protocol (FTP) should always be enabled.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.

The number of ports and protocols allowed to access the web server should be maximized.

Secure protocols for confidential pages should be used instead of dear-text protocols such as HTTP or FTP.

Draft separate audit reports for business and IT management.

Conned IT audit findings to business issues.

Include technical details to support IT issues.

Include an opinion on financial reporting accuracy and completeness.

Annual rate of return.

Incremental analysis.

Discounted cash flow.

Cash payback

Normalize the data,

Obtain the data

Identify the risks.

Analyze the data.

A company reports trading and investment securities at their market cost

A building purchased last year for $1 million is currently worth ©1.2 million, but the company still reports the building at $1 million.

A building purchased last year for ©1 million is currently worth £1,2 million , and the company adjusts the records to reflect the current value

A company reports assets at either historical or fair value, depending which is closer to market value.

Increased dependence on suppliers.

Increased importance of market strategy.

Decreased sensitivity to government regulation

Decreased focus on costs

HTTP sites provide sufficient security to protect customers' credit card information.

Web servers store credit cardholders' information submitted for payment.

Database servers send cardholders’ information for authorization in clear text.

Payment gatewaysauthorizecredit cardonlinepayments.

Job complicating

Job rotation

Job enrichment

Job enlargement

Face or finger recognition equipment,

Radiofrequency identification chips to authenticate employees with cards.

A requirement to clock in and clock out with a unique personal identification number.

A combination of a smart card and a password to clock in and clock out.

Require a Service Organization Controls (SOC) report from the service provider

Include a data protection clause in the contract with the service provider.

Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.

Encrypt the employees ' data before transmitting it to the service provider

Infrastructure as a Service (laaS).

Platform as a Service (PaaS).

Enterprise as a Service (EaaS).

Software as a Service (SaaS).

Analyze invoice payments just under individual authorization limits.

Analyze stratification of inventory adjustments by warehouse location.

Analyze Inventory Invoice amounts and compare with approved contract amounts.

Analyze differences discovered curing duplicate payment testing.

Communication conflicts

Slower decision making.

Loss of economies of scale

Vulnerabilities in sharing knowledge

Shoulder suiting

Pharming,

Phishing.

Social engineering.

Top management does little monitoring of the decisions made at lower levels.

The decisions made at the lower levels of management are considered very important.

Decisions made at lower levels in the organizational structure are few.

Reliance is placed on top management decision making by few of the organization's departments.

Requiring users to change their passwords every two years.

Requiring two-step verification for all users

Requiring the use of a virtual private network (VPN) when employees are out of the office.

Requiring the use of up-to-date antivirus, security, and event management tools.

Providing fire detection and suppression equipment

Establishing a physical security policy and promoting it throughout the organization

Performing business continuity and disaster recovery planning

Keeping an offsite backup of the organization's critical data

Veracity, velocity, and variety.

Integrity, availability, and confidentiality.

Accessibility, accuracy, and effectiveness.

Authorization, logical access, and physical access.

Horizontal analysis

Vertical analysis

Ratio analysis

Trend analysis

The user's facial geometry and voice recognition.

The user's password and a separate passphrase.

The user's key fob and a smart card.

The user's fingerprint and a personal Identification number.

A balanced scorecard.

A quality audit

Earned value analysis.

Trend analysis

Review and monitor security controls.

Dedicate sufficient security resources.

Provide oversight to the security function.

Assess information control environments.

1 and 2

1 and 4

3 and A

2 and 3

Encrypted data cannot be locked to prevent further access

Default settings cannot be restored on the device.

All data, cannot be completely removed from the device

Mobile device management software is required for successful remote wipe

Whether it would be more secure to replace numeric values with characters.

What happens in the situations where users continue using the initial password.

What happens in the period between the creation of the account and the password change.

Whether users should be trained on password management features and requirements.

The auditor is normalizing data in preparation for analyzing it.

The auditor is analyzing the data in preparation for communicating the results,

The auditor is cleaning the data in preparation for determining which processes may be involves .

The auditor is reviewing trio data prior to defining the question

Cash payback

Annual rate of return

Incremental analysis

Net present value

Contracting the work to Foreign Service providers to obtain lower costs

Contracting functions or knowledge-related work with an external service provider.

Contract -ng operation of some business functions with an internal service provider

Contracting a specific external service provider to work with an internal service provider

Acid-test (quick) ratio

Average collection period

Current ratio.

Inventory turnover.

Input controls

Segregation of duties

Physical controls

Integrity controls

Residual income

A flexible budget

Variance analysis.

A contribution margin income statement by segment.

Requested backup tapes were not returned from the offsite vendor In a timely manner.

Returned backup tapes from the offsite vendor contained empty spaces.

Critical systems have boon backed up more frequently than required.

Critical system backup tapes are taken off site less frequently than required