Which of the following statements is true regarding internal audit methodologies?
According to 11A guidance on IT, which of the following spreadsheets is most likely to be considered a high-risk user-developed application?
A company produces water buckets with the following costs per bucket:
Direct labor = 82
Direct material = $5
Fixed manufacturing = 83.50
Variable manufacturing = 82.50
The water buckets are usually sold for $15. However, the company received a special order for 50.000 water buckets at 311 each.
Assuming there is adequate manufacturing capacity and ail other variables are constant , what is the relevant cost per unit to consider when deciding whether to accept this special order at the reduced price?
An organization requires an average of 5S days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables. If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?
Which of the following is an indicator of liquidity that is more dependable than working capital?
Which of the following financial statements provides the best disclosure of how a company ' s money was used during a particular period?
An internal auditor is auditing their organization’s termination process. A primary objective of this engagement is to verify that exit interviews were conducted for all terminated employees over the last two years. The auditor discovered that not all employees received exit interviews.
Which of the following risks could this lead to?
Which of the following security controls focuses most on prevention of unauthorized access to the power plant?
An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income. Which of the following terms would the investor most likely label this investment in her portfolio?
Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?
According to UA guidance on IT, at which of the following stages of the project life cycle would the project manager most likely address the need to coordinate project resources?
Which of the following is an example of a physical control designed to prevent security breaches?
Which of the following best explains why an organization would enter into a capital lease contract?
The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity ' s (lAArs) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA. Which of the following staffing approaches is the CAE most likely lo select?
Which of the following is the most appropriate way to record each partner’s initial investment in a partnership?
If a bank ' s activities are categorized under such departments as community banking, institutional banking, and agricultural banking, what kind of departmentalization is being utilized?
An internal auditor found that several employees of a vendor were authorized to remotely access the internal assets management system.
Which of the following should the auditor determine next?
Which of the following should internal auditors be attentive of when reviewing personal data consent and opt-in/opt-out management process?
Which of the following would best prevent unauthorized external changes to an organization ' s data?
Which of following best demonstrates the application of the cost principle?
For employees, the primary value of implementing job enrichment is which of the following?
For an engineering department with a total quality management program, important elements of quality management include all of the following except:
According to IIA guidance, which of the following links computers and enables them to -communicate with each other?
Which of the following data analytics techniques is used to identify patterns among groups of data elements?
Which of the following data security policies is most likely to be the result of a data privacy law?
An organization and its trading partner rely on a computer-to-computer exchange of digital business documents. Which of the following best describes this scenario?
Which of the following is an example of a contingent liability that a company should record?
When initiating international ventures, an organization should consider cultural dimensions in order to prevent misunderstandings. Which of the following does not represent a recognized cultural dimension in a work environment?
Which of the following principles is shared by both hierarchical and open organizational structures?
A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions.
A supervisor ' s span of control should not exceed seven subordinates.
Responsibility should be accompanied by adequate authority.
Employees at all levels should be empowered to make decisions.
Multinational organizations generally spend more time and effort to identify and evaluate:
The internal audit activity has identified accounting errors that resulted in the organization overstating its net income for the fiscal year. Which of the following is the most likely cause of this overstatement?
An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team ' s performance related to how project tasks are completed?
Which of the following best describes the type of control provided by a firewall?
Which of the following employee survey questions would be most effective to measure organizational commitment?
Which of the following is a characteristic of just-in-time inventory management systems?
The internal audit function conducted an engagement on maintenance operations of a construction organization and identified several issues of medium importance. The head of maintenance proposed an improvement plan with deadlines and personnel responsible. The internal audit function issued the final report to senior management. Senior management was dissatisfied with the report as they believed that improvement plan deadlines should be considerably shorter. Which of the following should the internal audit function change in the reporting process?
Which of the following conditions could lead an organization to enter into a new business through internal development rather than through acquisition?
A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:
Which of the following attributes of data are cybersecurity controls primarily designed to protect?
Which of the following is an advantage of a decentralized organizational structure, as opposed to a centralized structure?
An organization selected a differentiation strategy to compete at the business level. Which of the following structures best fits this strategic choice?
Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?
Which of the following is a security feature that Involves the use of hardware and software to filter or prevent specific Information from moving between the inside network and the outs de network?
To assess the effectiveness of an organization ' s privacy program, which of the following approaches should an internal auditor take?
Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized. As such: which of the
following would be a characteristic of the now highly centralized organization?
Which of the following describes a typical desktop workstation used by most employees in their daily work?
Which of the following should be the primary consideration of a right-to-audit clause in a contract?
An organization decided to invest in new office equipment for $320,000. The estimated useful life of the equipment is four years. The residual value will be $40,000. The depreciation method is straight-line. The new equipment will allow the organization to save $150,000 per year. The estimated tax rate used in the organization is 30 percent. The required rate of return is 15 percent.
The following are present values of $1 during four years for 15 percent:
Year 1 = $0.87
Year 2 = $0.76
Year 3 = $0.66
Year 4 = $0.57
What is net present value of this investment?
Which of the following security controls would be me most effective in preventing security breaches?
Which of the following IT layers would require the organization to maintain communication with a vendor in a tightly controlled and monitored manner?
In mergers and acquisitions, which of the following is an example of a horizontal combination?
A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software that will remotely wipe data in case of theft or other incidents. Which of the following should the organization ensure in exchange for the employees ' consent?
An organization contracted a third-party service provider to plan, design, and build a new facility. Senior management would like to transfer all of the risk to the builder. Which type of procurement contract would the organization use?
Management is designing its disaster recovery plan. In the event that there is significant damage to the organization ' s IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration. Which of the following is the ideal solution for management in this scenario?
A chief audit executive (CAE) is calculating the available internal audit resource hours while planning the annual internal audit plan. The CAE needs to calculate the total number of hours available for audits. Which of the following should be deducted in order to have time available only for engagements?
Which of the following is a potential risk for an organization that allows employees to use their personal devices to conduct business?
According to IIA guidance, whose input must be considered when developing the annual internal audit plan?
During an internal audit engagement, it was found that several vendors were on a government sanctions list and must no longer be traded with. Which of the following would most effectively mitigate the risk of noncompliance with sanctions lists that are updated regularly?
An internal audit team is trialing a data analytics tool. An extract from accounts payable was loaded into the tool and as a result, the tool flagged most of the transactions, thus yielding no meaningful results. After investigating, the audit team determined that the extract contained duplicate entries and spelling issues.
Which of the following should have been performed prior to loading the data into the analytics tool?
Which of the following types of budgets will best provide the basis for evaluating the organization ' s performance?
The head of the research arid development department at a manufacturing organization believes that his team lacks expertise in some areas, and he decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?
1. Favorable labor efficiency variance.
2. Adverse labor rate variance.
3. Adverse labor efficiency variance.
4. Favorable labor rate variance.
An internal auditor is assessing the risks related to an organization’s mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internal auditor be most concerned about?
Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?
A data classification policy would most likely assist in achieving which of the following control objectives?
Which of the following is a key factor in the development of a production budget for a manufacturing organization?
After identifying and reporting a control deficiency, which of the following actions should an internal auditor perform next?
An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization ' s needs, in order to quickly recover operational capability in the event of a disaster, Which of the following best describes this approach to disaster recovery planning?
Employees at an events organization use a particular technique to solve problems and improve processes. The technique consists of five steps: define, measure, analyze,
improve, and control. Which of the following best describes this approach?
Which of the following inventory costing methods requires the organization to account for the actual cost paid for the unit being sold?
Which of the following is a security feature that involves the use of hardware and software to filter or prevent specific information from moving between the inside network and the outside network?
Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organizations systems?
Which of the following best describes a potential benefit of using data analyses?
Which of the following statements is true regarding outsourced business processes?
A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?
A motivational technique generally used to overcome monotony and job-related boredom is:
Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?
Which of the following forms of compensation best indicates that an organization’s cost-saving objectives have been targeted?
Which of the following would provide the most relevant assurance that the application under development will provide maximum value to the organization?
If the chief audit executive (CAE) observes that an international wire was approved to transfer funds to a country embargoed by the government, which of the following would be the most appropriate first step for the CAE to take?
Which of the following statements Is true regarding the use of centralized authority to govern an organization?
Which of the following describes a third-party network that connects an organization specifically with its trading partners?
Senior management has decided to implement the Three Lines of Defense model for risk management. Which of the following best describes senior management ' s duties with regard to this model?
Which of the following statements is accurate when planning for an external quality assurance assessment of the internal audit function?
An organization has outsourced its payroll function to a third-party service provider. Which of the following contract clauses is most important to include in the outsourcing agreement to ensure access to records of the third-party provider?
At what stage of project integration management would a project manager and project management team typically coordinate the various technical and organizational interfaces that exist in the project?
Which of the following is classified as a product cost using the variable costing method?
Direct labor costs.
Insurance on a factory.
Manufacturing supplies.
Packaging and shipping costs.
A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software. Copy 1 was solely for backup purposes. Copy 2 was for use by another member of the department. In terms of software licenses and copyright law, which of the following is correct?
At an organization that uses a periodic inventory system, the accountant accidentally understated the organization s beginning inventory. How would the accountant ' s accident impact the income statement?
A bond that matures after one year has a face value of S250,000 and a coupon of $30,000. if the market price of the bond is 5265,000, which of the following would be the market interest rate?
Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange?
An organization produces products X and Y. The materials used for the production of both products are limited to 500 Kilograms
(kg ) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows in order to maximize profit, how much of product Y should the organization produce each month?
$10 $13
2 kg
70 units
6 kg
120 units
Which of the following statements is true regarding an investee that received a dividend distribution from an entity and is presumed to have little influence over the entity?
Which of the following corporate social responsibility strategies is likely to be most effective in minimizing confrontations with influential activists and lobbyists?
Which of the following conflict resolution methods should be applied when the intention of the parties is to solve the problem by clarifying differences and attaining everyone ' s objectives?
Which of the following responsibilities would ordinarily fall under the help desk function of an organization?
An organization has decided to allow its managers to use their own smart phones at work. With this change, which of the following is most important to Include In the IT department ' s comprehensive policies and procedures?
Which of the following analytical techniques would an internal auditor use to verify that none of an organization ' s employees are receiving fraudulent invoice payments?
While performing an audit of a car tire manufacturing plant, an internal auditor noticed a significant decrease in the number of tires produced from the previous operating
period. To determine whether worker inefficiency caused the decrease, what additional information should the auditor request?
Which of the following serves as a safeguard to protect the confidentiality of information being transmitted from an internal network to an external network?
Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?
An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data.
What would be the most appropriate directive control in this area?
Which of the following statements is most accurate concerning the management and audit of a web server?
Which of the following would be the strongest control to prevent unauthorized wireless network access?
An organization wants to offer a standard product across all markets but also wants to differentiate the product to fit local demands in different geographic markets and to meet government regulations.
Which of the following strategies may help the organization achieve its goal?
If an organization has a high amount of working capital compared to the industry average, which of the following is most likely true?
Internal audit discovered that several loads of pellets were deleted from the scaling database and consequently had no sales invoices, significantly affecting financial statements. An investigation revealed that technicians had deleted the pellet loads accidentally, with no evidence of fraud. Which of the following actions should management implement first?
Which of the following is a disadvantage of selecting a commercial software package rather than developing an application internally?
Which of the following statements is true with regard to capital budgeting?
Which of the following risks would Involve individuals attacking an oil company ' s IT system as a sign of solidarity against drilling in a local area?
What would be the most relevant risk related to a bring-your-own-device policy?
Internal auditors want to increase the likelihood of identifying very small control and transaction anomalies in their testing that could potentially be exploited to cause material breaches. Which of the following techniques would best meet this objective?
Which of the following functions of a quality assurance and improvement program (QAIP) must be performed by personnel independent of the internal audit function?
Which of the following Issues would be a major concern for internal auditors when using a free software to analyze a third-party vendor ' s big data?
Which of the following best describes the chief audit executive ' s responsibility for assessing the organization ' s residual risk?
An organization ' s IT systems can only be accessed using the organization ' s virtual private network. However, organizational emails, videoconferencing, and file-sharing tools are cloud-based and can be accessed using multi-factor authentication via any device. Which of the following risks should the organization acknowledge?
As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized cate?
In an organization that produces chocolate, the leadership team decides that the organization will open a milk production facility for its milk chocolate. Which of the following strategies have the organization chosen?
Which of the following situations best illustrates a " false positive " in the performance of a spam filter?
When auditing databases, which of the following risks would an Internal auditor keep In mind In relation to database administrators?
With increased cybersecurity threats, which of the following should management consider to ensure that there is strong security governance in place?
The internal audit function is instructed by the audit committee to assess and give an opinion annually on risk management process effectiveness. However, lacking in-house expertise, the chief audit executive (CAE) initially appoints an independent consultant to assist with this engagement. Which of the following approaches is the most appropriate?
Which of the following statements is in accordance with COBIT?
Pervasive controls are general while detailed controls are specific.
Application controls are a subset of pervasive controls.
Implementation of software is a type of pervasive control.
Disaster recovery planning is a type of detailed control.
Employees of an organization noticed that an exterior surface of the office building was deteriorating. Upon investigation, it was found that the deterioration was caused by harsh cleaning chemicals used to remove excessive bird droppings, and that the birds were drawn to the building to feed from a spider infestation. Which of the following best represents a root cause-based recommendation for this situation?
Which of the following information security controls has the primary function of preventing unauthorized outside users from accessing an organization ' s data through the organization ' s network?
Which of the following control techniques would minimize the risk of interception during transmission in an electronic data interchange system?
Encryption.
Traffic padding.
Edit checks.
Structured data format.
During a review of the tendering process, an internal auditor observes that unusual bidding requirements for IT hardware across several tenders appears to consistently favor one supplier. The internal auditor suspects that a bid-rigging scheme is occurring. Which of the following best describes the methodology used by the internal auditor?
Which of the following is a project planning methodology that involves a complex series of required simulations to provide information about schedule risk?
Which of the following would be most likely included in the internal audit procedures manual?
A company that supplies medications to large hospitals relies heavily on subcontractors to replenish any shortages within 24 hours. Where should internal auditors look for evidence that subcontractors are held responsible for this obligation?
Which of the following best describes a competitive strategy in which the organization focuses on attempts to be more efficient than competitors?
Which of the following price adjustment strategies encourages prompt payment?
A newly appointed board member received an email that appeared to be from the company ' s CEO. The email stated:
“Good morning. As you remember, the closure of projects is our top priority. Kindly organize prompt payment of the attached invoice for our new solar energy partners.†The board member quickly replied to the email and asked under which project the expense should be accounted. Only then did he realize that the sender ' s mail domain was different from the company ' s. Which of the following cybersecurity risks nearly occurred in the situation described?
Which of the following represents an example of a physical security control?
Which of the following is an indicator of robust cost control of a project?
Which of the following is the most appropriate way lo record each partner ' s initial Investment in a partnership?
Which of the following accurately describes the proper order of steps for an internal auditor to use when analyzing data?
An internal audit uncovered high-risk issues that needed to be addressed by the organization. During the exit conference, the audit team discussed the high-risk issues with the manager responsible for addressing them. How should the chief audit executive respond if the manager agrees to correct the issues identified during the audit?
Which of the following physical access control is most likely to be based on ’’something you have " concept?
According to IIA guidance, which of the following statements is true regarding the chief audit executive ' s (CAE’s) responsibility for following up on management action plans?
Which of the following is not a common feature of cumulative preferred stock?
A small chain of grocery stores made a reporting error and understated its ending inventory. What effect would this have on the income statement for the following year?
Which of the following are appropriate functions for an IT steering committee?
Assess the technical adequacy of standards for systems design and programming.
Continually monitor the adequacy and accuracy of software and hardware in use.
Assess the effects of new technology on the organization ' s IT operations.
Provide broad oversight of implementation, training, and operation of new systems.
An internal auditor found the following information while reviewing the monthly financial statements for a wholesaler of safety glasses: Opening inventory: 1,000 units at $2 per unit; Purchased: 5,000 units at $3 per unit; Sold: 3,000 units at $7 per unit. The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?
Which of the following concepts of managerial accounting is focused on achieving a point of low or no inventory?
Which of the following parties is most likely to be responsible for maintaining the infrastructure required to prevent the failure of a real-time backup of a database?
The chief audit executive hired a consultant to update the internal audit function’s methodologies. Which of the following would best ensure that the internal audit function will adhere to the updated methodologies?
A manufacturer ss deciding whether to sell or process materials further. Which of the following costs would be relevant to this decision?
Which approach should a chief audit executive take when preparing the internal audit plan?
Which of the following statements best describes the concept of Internet of Things?
Which of the following is the best reason for considering the acquisition of a nondomestic organization?
Which of the following are appropriate functions for an IT steering committee?
Assess the technical adequacy of standards for systems design and programming.
Continually monitor the adequacy and accuracy of software and hardware in use.
Assess the effects of new technology on the organization ' s IT operations.
Provide broad oversight of implementation, training, and operation of new systems.
As part of internal audit ' s risk assessment, a chief audit executive is determining certain factors as part of planning the areas to audit within an organization that makes silicon chips. Which of the following would be considered a subjective factor as part of the risk assessment?
Focus An organization has decided to have all employees work from home. Which of the following network types would securely enable this approach?
A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company ' s network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?
Which of the following statements about slack time and milestones are true?
Slack time represents the amount of time a task may be delayed without delaying the entire project.
A milestone is a moment in time that marks the completion of the project ' s major deliverables.
Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.
A milestone requires resource allocation and needs time to be completed.
Given the information below, which organization is in the weakest position to pay short-term debts?
Organization A: Current assets constitute $1,200,000; Current liabilities are $400,000
Organization B: Current assets constitute $1,000,000; Current liabilities are $1,000,000
Organization C: Current assets constitute $900,000; Current liabilities are $300,000
Organization D: Current assets constitute $1,000,000; Current liabilities are $250,000
Which of the following activities would come last in the development and implementation of a privacy and data protection program?
Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?
Which of the following would be most effective in preventing phishing attacks from impacting business systems?
At a manufacturing plant, how would using Internet of Things during the production process benefit the organization?
According to IIA guidance, which of the following is a broad collection of integrated policies, standards, and procedures used to guide the planning and execution of a project?
Which of the following lists best describes the classification of manufacturing costs?
Which of the following business practices promotes a culture of high performance?
Which of the following assumptions regarding cost-volume-profit analysis is true?
Which of the following methods has the lowest risk of inaccurate authentication?
According to IIA guidance, which of the following would be the best first stop to manage risk when a third party is overseeing the organization ' s network and data?
When auditing an application change control process, which of the following procedures should be included in the scope of the audit?
Ensure system change requests are formally initiated, documented, and approved.
Ensure processes are in place to prevent emergency changes from taking place.
Ensure changes are adequately tested before being placed into the production environment.
Evaluate whether the procedures for program change management are adequate.
Which of the following controls would be the most effective in preventing the disclosure of an organization ' s confidential electronic information?
Which of the following best describes the purpose of fixed manufacturing costs?
An organization ' s account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?
What must be monitored in order to manage the risk of consumer product inventory obsolescence?
Inventory balances.
Market share forecasts.
Sales returns.
Sales trends.
The head of the research and development department at a manufacturing organization believes that his team lacks expertise in some areas and decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?
Favorable labor efficiency variance
Adverse labor rate variance
Adverse labor efficiency variance
Favorable labor rate variance
Which of the following controls helps protect externally stored sensitive or confidential data from cyberthreats?
An internal auditor found the following information while reviewing the monthly financial siatements for a wholesaler of safety
The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?
An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization’s network incurred by this environment?
An investor has acquired an organization that has a dominant position in a mature. slew-growth Industry and consistently creates positive financial income.
Which of the following terms would the investor most likely label this investment in her portfolio?
Which of the following cost of capital methods identifies the time period required to recover She cost of the capital investment from the annual inflow produced?
Which of the following would be the best method to collect information about employees ' job satisfaction?
Which of the following is a primary driver behind the creation and prloritteation of new strategic Initiatives established by an organization?
A major IT project is scheduled to be implemented over a three-month period during the year. The chief audit executive (CAE) scheduled significant audit resources to provide consultation. Due to technical challenges from a supplier, the project is postponed until the following year. What should the CAE do in this case?
Which of the following management approaches may help eliminate employee dissatisfaction, but would not necessarily motivate workers to high achievement levels?
Which of the following best describes the benefit of an organization adopting a business continuity and disaster recovery plan for responding to natural disasters?
An internal auditor discovered that several unauthorized modifications were made to the production version of an organization ' s accounting application. Which of the following best describes this deficiency?
Which of the following strategies is most appropriate for an industry that is in decline?
Which of the following data privacy concerns can be attributed specifically to blockchain technologies?
Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?
Which of the following is a sound network configuration practice to enhance information security?
An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?
An internal auditor identified a database administrator with an incompatible dual role. Which of the following duties should not be performed by the identified administrator?
Which of the following is a true statement regarding the primary functionality of firewalls?
Which of the following performance measures disincentives engaging in earnings management?
Which of the following key performance indicators would serve as the best measurement of internal audit innovation?
Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?
Which of the following is likely to have an expiration date and may contain stored clear text passwords?
During an audit of the payroll system, the internal auditor identifies and documents the following condition:
" Once a user is logged into the system, the user has access to all functionality within the system. "
What is the most likely root cause for tins issue?
An organization sells 1,000 shares of its treasury stock at $15 per share previously acquired at $10 per share.
Which of the following statements is true?
Which of the following is true of bond financing, compared to common stock, when alJ other variables are equal?
Which of the following capital budgeting techniques considers the tune value of money?
A newly established organization wants to use the email service offered by a cloud email provider for its own official email. The organization will use its own domain name for a monthly fee, paid to the cloud provider.
What type of cloud service will fit this organization’s requirements?
Which of the following attributes of data is most likely to be compromised in an organization with a weak data governance culture?
An employee was promoted within the organization and relocated to a new office in a different building. A few months later, security personnel discovered that the employee ' s smart card was being used to access the building where she previously worked. Which of the following security controls could prevent such an incident from occurring?
The chief audit executive (CAE) identified an unacceptable risk and believes that the risk is not being mitigated to an acceptable level. Which of the following is the CAE ' s next step in this situation?
Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?
Which of the following statements regarding flat and hierarchical internal audit functions is true?
A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made. The most likely structure for this organization would be:
Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?
An organization upgraded to a new accounting software. Which of the following activities should be performed by the IT software vendor immediately following the upgrade?
Which of the following is a limitation of the remote wipe for a smart device?
Which of the following IT-related activities is most commonly performed by the second line of defense?
An organization decided to install a motion detection system in its warehouse to protect against after-hours theft. According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?
An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?
Which of the following describes the primary advantage of using data analytics in internal auditing?
According to Maslow ' s hierarchy of needs theory, which of the following would likely have the most impact on retaining staff, if their lower-level needs are already met?