New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > IIA > CIA > IIA-CIA-Part3-3P

IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Question and Answers

Question # 4

Refer to the exhibit.

The figure below shows the network diagram for the activities of a large project. What is the shortest number of days in which the project can be completed?

A.

21 days.

B.

22 days.

C.

27 days.

D.

51 days.

Full Access
Question # 5

Which of the following is the most appropriate test to assess the privacy risks associated with an organization's workstations?

A.

Penetration test.

B.

Social engineering test.

C.

Vulnerability test.

D.

Physical control test.

Full Access
Question # 6

Which of the following is a strategy that organizations can use to stimulate innovation?

1) Source from the most advanced suppliers.

2) Establish employee programs that reward initiative.

3) Identify best practice competitors as motivators.

4) Ensure that performance targets are always achieved.

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 3 only

D.

1, 2, 3, and 4

Full Access
Question # 7

For a multinational organization, which of the following is a disadvantage of an ethnocentric staffing policy?

1) It significantly raises compensation and staffing costs.

2) It produces resentment among the organization's employees in host countries.

3) It limits career mobility for parent-country nationals.

4) It can lead to cultural myopia.

A.

1 and 4 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, and 4 only

Full Access
Question # 8

A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.

Copy 1 was solely for backup purposes.

Copy 2 was for use by another member of the department.

In terms of software licenses and copyright law, which of the following is correct?

A.

Both copies are legal.

B.

Only copy 1 is legal.

C.

Only copy 2 is legal.

D.

Neither copy is legal.

Full Access
Question # 9

According to the Standards, which of the following is based on the assertion that the quality of an organization's risk management process should improve with time?

A.

Process element.

B.

Key principles.

C.

Maturity model.

D.

Assurance.

Full Access
Question # 10

The audit committee of a global corporation has mandated a change in the organization's business ethics policy. Which of the following approaches describes the best way to accomplish the policy's diffusion worldwide?

A.

Deploy the policy in the corporate headquarters' language, so everyone gets an unfiltered version simultaneously.

B.

Introduce the policy region by region, using any lessons learned to change the subsequent version of the policy for the next area.

C.

Consult with legal and operational management in each affected country to ensure the final version can be implemented globally, following audit committee approval.

D.

Send the board-approved version of the policy to each country's senior leadership and empower them to tailor the policy to the local language and culture.

Full Access
Question # 11

Which of the following is an example of a risk avoidance response?

A.

Buying an insurance policy to protect against loss events.

B.

Hedging against natural gas price fluctuations.

C.

Selling a non-strategic business unit.

D.

Outsourcing a high risk process to a third party.

Full Access
Question # 12

Which of the following best describes a market signal?

A.

The bargaining power of buyers is forcing a drop in market prices.

B.

There is pressure from the competitor's substitute products.

C.

Strategic analysis by the organization indicates feasibility of expanding to new market niches.

D.

The competitor announces a new warranty program.

Full Access
Question # 13

Which mindset promotes the most comprehensive risk management strategy?

A.

Increase shareholder value.

B.

Maximize market share.

C.

Improve operational efficiency.

D.

Mitigate losses.

Full Access
Question # 14

A company's financial balance sheet is presented below:

The company has net working capital of:

A.

$160

B.

$210

C.

$350

D.

$490

Full Access
Question # 15

Which of the following application software features is the least effective control to protect passwords?

A.

Suspension of user IDs after a user's repeated attempts to sign on with an invalid password.

B.

Encryption of passwords prior to their transmission or storage.

C.

Forced change of passwords after a designated number of days.

D.

Automatic logoff of inactive users after a specified time period of inactivity.

Full Access
Question # 16

According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?

1) Every employee generally has a responsibility for ensuring the success of CSR objectives.

2) The board has overall responsibility for the effectiveness of internal control processes associated with CSR.

3) Public reporting on the CSR governance process is expected.

4) Organizations generally have flexibility regarding what is included in a CSR program.

A.

1, 2, and 3 only

B.

1, 2, and 4 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Full Access
Question # 17

Which of the following stages of group development is associated with accepting team responsibilities?

A.

Forming stage.

B.

Performing stage.

C.

Norming stage.

D.

Storming stage.

Full Access
Question # 18

A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:

A.

A transmission control protocol/Internet protocol (TCP/IP).

B.

An operating system.

C.

A web browser.

D.

A web server.

Full Access
Question # 19

According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?

A.

Access system security.

B.

Policy development.

C.

Change management.

D.

Operations processes.

Full Access
Question # 20

Which of the following statements regarding program change management is not correct?

A.

The goal of the change management process is to sustain and improve organizational operations.

B.

The degree of risk associated with a proposed change determines if the change request requires authorization.

C.

In order to protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.

D.

All changes should be tested in a non-production environment before migrating to the production environment.

Full Access
Question # 21

Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)?

A.

PKI uses an independent administrator to manage the public key.

B.

The public key is authenticated against reliable third-party identification.

C.

PKI's public accessibility allows it to be used readily for e-commerce.

D.

The private key uniquely authenticates each party to a transaction.

Full Access
Question # 22

In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?

A.

It uses the same products in all countries.

B.

It centralizes control with little decision-making authority given to the local level.

C.

It is an effective strategy when large differences exist between countries.

D.

It provides cost advantages, improves coordinated activities, and speeds product development.

Full Access
Question # 23

Which of the following are typical responsibilities for operational management within a risk management program?

1) Implementing corrective actions to address process deficiencies.

2) Identifying shifts in the organization's risk management environment.

3)( Providing guidance and training on risk management processes.

4) Assessing the impact of mitigation strategies and activities.

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Full Access
Question # 24

Which of the following best describes the concept of relevant cost?

A.

A future cost that is the same among alternatives.

B.

A future cost that differs among alternatives.

C.

A past cost that is the same among alternatives.

D.

A past cost that differs among alternatives.

Full Access
Question # 25

Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?

1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.

2) The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.

3) The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.

4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.

A.

1 only

B.

4 only

C.

2 and 4

D.

3 and 4

Full Access
Question # 26

In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?

A.

Giving assurance that risks are evaluated correctly.

B.

Developing the risk management strategy for the board's approval.

C.

Facilitating the identification and evaluation of risks.

D.

Coaching management in responding to risk.

Full Access
Question # 27

Which of the following are typical audit considerations for a review of authentication?

1) Authentication policies and evaluation of controls transactions.

2) Management of passwords, independent reconciliation, and audit trail.

3) Control self-assessment tools used by management.

4) Independent verification of data integrity and accuracy.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 28

An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function. Which of the following is true regarding the supporting application software used by that provider compared to an in-house developed system?

1) Updating documentation is always a priority.

2) System availability is usually more reliable.

3) Data security risks are lower.

4) Overall system costs are lower.

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 4 only

D.

3 and 4 only

Full Access
Question # 29

Which of the following statements is true regarding the use of public key encryption to secure data while it is being transmitted across a network?

A.

Both the key used to encrypt the data and the key used to decrypt the data are made public.

B.

The key used to encrypt the data is kept private but the key used to decrypt the data is made public.

C.

The key used to encrypt the data is made public but the key used to decrypt the data is kept private.

D.

Both the key used to encrypt the data and the key used to decrypt the data are made private.

Full Access
Question # 30

A retail organization is considering acquiring a composite textile company. The retailer's due diligence team determined the value of the textile company to be $50 million. The financial experts forecasted net present value of future cash flows to be $60 million. Experts at the textile company determined their company's market value to be $55 million if purchased by another entity. However, the textile company could earn more than $70 million from the retail organization due to synergies. Therefore, the textile company is motivated to make the negotiation successful. Which of the following approaches is most likely to result in a successful negotiation?

A.

Develop a bargaining zone that lies between $50 million and $70 million and create sets of outcomes between $50 million and $70 million.

B.

Adopt an added-value negotiating strategy, develop a bargaining zone between $50 million and $70 million, and create sets of outcomes between $50 million and $70 million.

C.

Involve a mediator as a neutral party who can work with the textile company's management to determine a bargaining zone.

D.

Develop a bargaining zone that lies between $55 million and $60 million and create sets of outcomes between $55 million and $60 million.

Full Access
Question # 31

Which of the following strategies is most appropriate for an industry that is in decline?

A.

Invest in marketing.

B.

Invest in research and development.

C.

Control costs.

D.

Shift toward mass production.

Full Access
Question # 32

In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?

A.

Identifying the processes at the activity level.

B.

Analyzing the organization's strategic plan where the business processes are defined.

C.

Analyzing the organization's objectives and identifying the processes needed to achieve the objectives.

D.

Identifying the risks affecting the organization, the objectives, and then the processes concerned.

Full Access
Question # 33

What are the objectives of governance as defined by the Standards?

A.

Inform, direct, manage, and monitor.

B.

Identify, assess, manage, and control.

C.

Organize, assign, authorize, and implement.

D.

Add value, improve, assure, and conform.

Full Access
Question # 34

Which of the following would not impair the objectivity of internal auditor?

A.

Management assurance on risks.

B.

Implementing risk responses on behalf of management.

C.

Providing assurance that risks assessed are correctly evaluated.

D.

Setting the risk appetite.

Full Access
Question # 35

Which stage in the industry life cycle is characterized by many different product variations?

A.

Introduction.

B.

Growth.

C.

Maturity.

D.

Decline.

Full Access
Question # 36

Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?

A.

Increasing complexity over time.

B.

Interface with corporate systems.

C.

Ability to meet user needs.

D.

Hidden data columns or worksheets.

Full Access
Question # 37

Which of the following application-based controls is an example of a programmed edit check?

A.

Reasonableness check.

B.

Transaction log.

C.

Input error correction.

D.

Authorization for access.

Full Access
Question # 38

Which of the following should software auditors do when reporting internal audit findings related to enterprise wide resource planning?

A.

Draft separate audit reports for business and IT management

B.

Connect IT audit findings to business issues

C.

Include technical details to support IT issues

D.

Include an opinion on financial reporting accuracy and completeness

Full Access
Question # 39

When using data analytics during a review of the procurement process, what is the first step in the analysis process?

A.

Identify data anomalies and outliers

B.

Define questions to be answered

C.

Identify data sources available

D.

Determine the scope of the data extract.

Full Access
Question # 40

Based on lest results an IT auditor concluded that the organization would suffer unacceptable toss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

A.

Requested backup tapes were not returned from the offsite vendor in a timely manner

B.

Returned backup tapes from the offsite vendor contained empty spaces

C.

Critical systems have been Backed up more frequently than required.

D.

Critical system backup tapes are taken off site less frequently than required.

Full Access
Question # 41

Which of the following best describes a transformational leader, as opposed to a transactional leader?

A.

The leader searches for deviations from the rules and standards and intervenes when deviations exist.

B.

The leader intervenes only when performance standards are not met.

C.

The leader intervenes to communicate high expectations.

D.

The leader does not intervene to promote problem-solving.

Full Access
Question # 42

An internal auditor was asked to review an equal equity partnership In one sampled transaction Partner A transferred equipment into the partnership with a self-declared value of $10,000 and Partner B contributed equipment with a self-declared value of $15 000 The capital accounts of each partner were subsequently credited with S12,500. Which of the following statements is true regarding this transaction?

A.

The capital accounts of the partners should be increased by the original cost of the contributed equipment.

B.

The capital accounts should be increased using a weighted average based on the current percentage of ownership

C.

No action is needed as the capital account of each partner was increased by the correct amount

D.

The capital accounts of the partners should be increased by the fair market value of their contribution

Full Access
Question # 43

In the years after the mind-service point of a depreciable asset which of the following depreciation methods will result in the highest depreciation expense?

A.

Sum of the years' digits

B.

Declining balance

C.

Double-declining balance

D.

Straight line

Full Access
Question # 44

During an audit of the organization's annual financial statements, the internal auditor notes that the current cost of goods sold percentage is substantially higher than in prior years. Which of the following is the most likely explanation for this increase?

A.

Cost of raw material inventory items is decreasing.

B.

Process to manufacture goods is more efficient.

C.

Labor productivity to produce goods is increasing.

D.

Write-off of inventory is increasing.

Full Access
Question # 45

While auditing an organization's customer call center, an internal auditor notices that key performance indicators show a positive trend despite the fact that there have been increasing customer complaints over the same period Which of the following audit recommendations would most likely correct the cause of this inconsistency?

A.

Review the the call center script used by customer service agents to interact with callers and update the script rf necessary

B.

De-emphasize the importance of call center employees completing a certain number of calls per hour

C.

Retrain call center staff on area processes and common technical issues that they will Likely be asked to resolve

D.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Full Access
Question # 46

According to MA guidance, which of the following would indicate poor change management control?

1) Low change success rate

2) Occasional planned outages

3) Low number of emergency changes.

4) Instances of unauthorized changes

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Full Access
Question # 47

A bond that matures after one year has a face value of $250,000 and a coupon of $30,000. If the market price of the bond is $265,000, which of the following would be the market interest rate?

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12.50 percent.

Full Access
Question # 48

Which of the following devices best controls both physical and logical access to information systems?

A.

Plenum.

B.

Biometric lock.

C.

Identification card.

D.

Electromechanical lock.

Full Access
Question # 49

Division A produces a product with a variable cost of $5 per unit and an allocated fixed cost of $3 per unit The market price of the product is $15 plus 20% selling cost. Division B currently purchases this product from an external supplier but is going to purchase it from division A for $18 Which of the following methods of transfer pricing is being used?

A.

Market price.

B.

Negotiation-based.

C.

Full absorption cost

D.

Variable cost

Full Access
Question # 50

Which of the following situations best applies to an organization that uses a project rather man a process to accomplish its business activities?

A.

A clothing company designs makes and sells a new item.

B.

A commercial constructor company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Full Access
Question # 51

During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Negotiation phase

Full Access
Question # 52

Operational management in the IT department has introduced performance evaluation policies that are linked to employees achieving continuing education hours. This activity is designed to prevent which of the following conditions?

A.

Knowledge/skills gap

B.

Monitoring gap

C.

Accountability/reward failure.

D.

Communication failure.

Full Access
Question # 53

According to IIA guidance, which of the following statements is true regarding analytical procedures?

A.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

B.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

C.

Data relationships cannot include comparisons between operational and statistical data

D.

Analytical procedures can be used to identify unexpected differences but cannot be used to identify the absence of differences

Full Access
Question # 54

Which of the following factors is most likely to lead to a lack of cohesiveness in a project team?

A.

Prestige

B.

Small size.

C.

Competition

D.

Common threat

Full Access
Question # 55

An internal auditor reviewed Finance Department records to obtain a list of current vendor addresses The auditor then compared the vendor addresses to a record of employee addresses maintained by the Payroll Department Which of the following types of data analysis did the auditor perform?

A.

Duplicate testing.

B.

Joining data sources

C.

Gap analysis

D.

Classification

Full Access
Question # 56

A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?

A.

Community institutional and agricultural banking.

B.

Mortgages credit cards and savings

C.

South southwest and east.

D.

Teller manager and IT specialist

Full Access
Question # 57

During a review of the accounts payable process, an internal auditor gathered all of the vendor payment transactions for the past 24 months. The auditor then used an analytics tool to identify the top five vendors that received the highest sum of payments.

Which of the following analytics techniques did the auditor apply?

A.

Process analysis.

B.

Process mining.

C.

Data analysis.

D.

Data mining.

Full Access
Question # 58

Senior management is trying to decide whether to use the direct write-off or allowance method for recording bad debt on accounts receivables.

Which of the following would be the best argument for using the direct write-off method?

A.

It is useful when losses are considered insignificant.

B.

It provides a better alignment with revenue.

C.

It is the preferred method according to The IIA.

D.

It states receivables at net realizable value on the balance sheet.

Full Access
Question # 59

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

A.

An extranet

B.

A local area network.

C.

An intranet

D.

The internet

Full Access
Question # 60

Which of the following statements is true regarding an organization's servers?

A.

Servers optimize data processing by sharing it with other computers on the information system

B.

Servers manage the interconnectivity of system hardware devices in the information system.

C.

Servers manage the data stored in databases residing on the information system.

D.

Servers enforce access controls between networks transmitting data on the information system

Full Access
Question # 61

When would a contract be closed out?

A.

When there's a dispute between the contracting parties.

B.

When all contractual obligations have been discharged.

C.

When there is a force majeure.

D.

When the termination clause is enacted.

Full Access
Question # 62

Which of the following is a primary objective of the theory of constraints?

A.

Full or near capacity in processes.

B.

Smooth workflow among processes.

C.

Few or no defects.

D.

Lowered inventory levels.

Full Access
Question # 63

An internal audit activity is piloting a data analytics model, which aims to identify anomalies in payments to vendors and potential fraud indicators Which of the following would be the most appropriate criteria for assessing the success of the piloted model?

A.

The percentage of cases flagged by the model and confirmed as positives.

B.

The development and maintenance costs associated with the model

C.

The feedback of auditors involved with developing the model

D.

The number of criminal investigations initiated based on the outcomes of the model

Full Access
Question # 64

According to HerzBerg's Two-Factor Theory of Motivation, which of the following factors ate mentioned most often By satisfied employees?

A.

Salary and status

B.

Responsibility and advancement

C.

Work conditions and security

D.

Peer relationships and personal life

Full Access
Question # 65

When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?

A.

When a manufacturing organization has stable demand for its products.

B.

When an organization is subjected to strong political and social pressures

C.

When a manufacturer has reliable resources and suppliers

D.

When an organization is infrequently affected by technological advances

Full Access
Question # 66

Which of the following statements is true regarding cybersecurity risk?

A.

Cybersecurity risks are identical across all organizations regardless of industry

B.

Installation of antivirus and malware software prevents cybersecurity risks

C.

Deployment of proper cybersecurity measures assures business success

D.

Information value extends the emergence of cybersecurity risks

Full Access
Question # 67

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?

A.

Determining the frequency with which backups will be performed.

B.

Prioritizing the order in which business systems would be restored.

C.

Assigning who in the IT department would be involved in the recovery procedures.

D.

Assessing the resources needed to meet the data recovery objectives

Full Access
Question # 68

Which of the following assists in ensuring mat information exchanged over IT systems is encrypted?

A.

Operating system

B.

Utility software

C.

Firewall

D.

Application software

Full Access
Question # 69

A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.

Which of the following controls would best address this risk?

A.

Establish separate vendor creation and approval teams.

B.

Develop and distribute a code of conduct that prohibits conflicts of interest.

C.

Perform a regular review of the vendor master file.

D.

Require submission of a conflict-of-interest declaration.

Full Access
Question # 70

Which component of an organization's cybersecurity risk assessment framework would allow management to implement user controls based on a user's role?

A.

Prompt response and remediation policy.

B.

Inventory of information assets.

C.

Information access management.

D.

Standard security configurations.

Full Access
Question # 71

Which of the following statements is true regarding the "management-by-objectives" method?

A.

Management by objectives is most helpful in organizations that nave rapid changes.

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Full Access
Question # 72

What is the most significant potential problem introduced by just-in-time inventory systems?

A.

They require significant computer resources.

B.

They are susceptible to supply-chain disruptions.

C.

They require complicated materials-supply contracts.

D.

They prevent manufacturers from scaling up or down to meet changing demands.

Full Access
Question # 73

The leadership of an organization encourages employees to form voluntary problem-solving groups whereby several employees from the same work area meet regularity during work hours to discuss improvements and creative ways to reduce costs. Which of the following best describes this approach?

A.

Open-book management

B.

Quality control circles

C.

Self-managed teams

D.

Cross-functional teams

Full Access