Weekend Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > IIA > CIA > IIA-CIA-Part3

IIA-CIA-Part3 Internal Audit Function Question and Answers

Question # 4

Which of the following statements is true regarding internal audit methodologies?

A.

One of the main objectives of internal audit methodologies is to enable audit clients to validate audit observations

B.

IIA guidance states that they should be made available to all stakeholders on the organization’s webpage

C.

One of the main objectives of internal audit methodologies is to ensure the execution of organizational strategy and risk management

D.

Although the content of internal audit methodologies is determined by the chief audit executive, alignment with principles of confidentiality and competency must be demonstrated

Full Access
Question # 5

According to 11A guidance on IT, which of the following spreadsheets is most likely to be considered a high-risk user-developed application?

A.

A revenue calculation spreadsheet supported with price and volume reports from the production department.

B.

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions.

C.

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantities.

D.

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances

Full Access
Question # 6

A company produces water buckets with the following costs per bucket:

Direct labor = 82

Direct material = $5

Fixed manufacturing = 83.50

Variable manufacturing = 82.50

The water buckets are usually sold for $15. However, the company received a special order for 50.000 water buckets at 311 each.

Assuming there is adequate manufacturing capacity and ail other variables are constant , what is the relevant cost per unit to consider when deciding whether to accept this special order at the reduced price?

A.

$9.50

B.

$10.50

C.

$11

D.

$13

Full Access
Question # 7

An organization requires an average of 5S days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables. If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?

A.

26 days.

B.

90 days,

C.

100 days.

D.

110 days

Full Access
Question # 8

Which of the following is an indicator of liquidity that is more dependable than working capital?

A.

Acid-test (quick) ratio

B.

Average collection period

C.

Current ratio.

D.

Inventory turnover.

Full Access
Question # 9

Which of the following financial statements provides the best disclosure of how a company ' s money was used during a particular period?

A.

Income statement.

B.

Owner ' s equity statement.

C.

Balance sheet.

D.

Statement of cash flows.

Full Access
Question # 10

An internal auditor is auditing their organization’s termination process. A primary objective of this engagement is to verify that exit interviews were conducted for all terminated employees over the last two years. The auditor discovered that not all employees received exit interviews.

Which of the following risks could this lead to?

A.

The risk of employee turnover.

B.

The risk of noncompliance with a local labor law.

C.

The risk of incorrect severance payments.

D.

The risk of a confidentiality breach.

Full Access
Question # 11

Which of the following security controls focuses most on prevention of unauthorized access to the power plant?

A.

An offboarding procedure is initiated monthly to determine redundant physical access rights.

B.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

C.

Requests for additional access rights are sent for approval and validation by direct supervisors.

D.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Full Access
Question # 12

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income. Which of the following terms would the investor most likely label this investment in her portfolio?

A.

A star

B.

A cash cow

C.

A question mark

D.

A dog

Full Access
Question # 13

Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?

A.

Anti-malware software

B.

Authentication

C.

Spyware

D.

Rooting

Full Access
Question # 14

According to UA guidance on IT, at which of the following stages of the project life cycle would the project manager most likely address the need to coordinate project resources?

A.

Initiation.

B.

Planning.

C.

Execution.

D.

Monitoring.

Full Access
Question # 15

Which of the following is an example of a physical control designed to prevent security breaches?

A.

Preventing database administrators from initiating program changes

B.

Blocking technicians from getting into the network room.

C.

Restricting system programmers ' access to database facilities

D.

Using encryption for data transmitted over the public internet

Full Access
Question # 16

Which of the following best explains why an organization would enter into a capital lease contract?

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization’s free cash flow from operations

C.

To improve the organization’s free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Full Access
Question # 17

The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity ' s (lAArs) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA. Which of the following staffing approaches is the CAE most likely lo select?

A.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

B.

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

C.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

D.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

Full Access
Question # 18

Which of the following is an example of two-factor authentication?

A.

The user ' s facial geometry and voice recognition.

B.

The user ' s password and a separate passphrase.

C.

The user ' s key fob and a smart card.

D.

The user ' s fingerprint and a personal Identification number.

Full Access
Question # 19

Which of the following is the most appropriate way to record each partner’s initial investment in a partnership?

A.

At the value agreed upon by the partners

B.

At book value

C.

At fair value

D.

At the original cost

Full Access
Question # 20

If a bank ' s activities are categorized under such departments as community banking, institutional banking, and agricultural banking, what kind of departmentalization is being utilized?

A.

Product departmentalization.

B.

Process departmentalization.

C.

Functional departmentalization.

D.

Customer departmentalization.

Full Access
Question # 21

An internal auditor found that several employees of a vendor were authorized to remotely access the internal assets management system.

Which of the following should the auditor determine next?

A.

Whether there is a documented business need for the access.

B.

Whether access rights granted to vendor employees are read-only.

C.

Who to inform regarding the need to remove vendor employees’ access rights.

D.

Who manages vendor employees’ devices used to access the system.

Full Access
Question # 22

Which of the following should internal auditors be attentive of when reviewing personal data consent and opt-in/opt-out management process?

A.

Whether customers are asked to renew their consent for their data processing at least quarterly.

B.

Whether private data is processed in accordance with the purpose for which the consent was obtained?

C.

Whether the organization has established explicit and entitywide policies on data transfer to third parties.

D.

Whether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

Full Access
Question # 23

Which of the following would best prevent unauthorized external changes to an organization ' s data?

A.

Antivirus software, firewall, data encryption.

B.

Firewall, data encryption, backup procedures.

C.

Antivirus software, firewall, backup procedures.

D.

Antivirus software, data encryption, change logs.

Full Access
Question # 24

Which of following best demonstrates the application of the cost principle?

A.

A company reports trading and investment securities at their market cost

B.

A building purchased last year for $1 million is currently worth ©1.2 million, but the company still reports the building at $1 million.

C.

A building purchased last year for ©1 million is currently worth £1,2 million , and the company adjusts the records to reflect the current value

D.

A company reports assets at either historical or fair value, depending which is closer to market value.

Full Access
Question # 25

For employees, the primary value of implementing job enrichment is which of the following?

A.

Validation of the achievement of their goals and objectives

B.

Increased knowledge through the performance of additional tasks

C.

Support for personal growth and a meaningful work experience

D.

An increased opportunity to manage better the work done by their subordinates

Full Access
Question # 26

For an engineering department with a total quality management program, important elements of quality management include all of the following except:

A.

Basing performance evaluations on the number of projects completed.

B.

Comparing results with those of other engineering departments.

C.

Creating a quality council within the engineering department.

D.

Conducting post-project surveys on performance.

Full Access
Question # 27

Which of the following is a systems software control?

A.

Restricting server room access to specific individuals.

B.

Housing servers with sensitive software away from environmental hazards.

C.

Ensuring that all user requirements are documented.

D.

Performing intrusion testing on a regular basis.

Full Access
Question # 28

According to IIA guidance, which of the following links computers and enables them to -communicate with each other?

A.

Application program code

B.

Database system

C.

Operating system

D.

Networks

Full Access
Question # 29

Which of the following data analytics techniques is used to identify patterns among groups of data elements?

A.

Stratification of numeric values.

B.

Joining different data sources.

C.

Duplicate testing.

D.

Classification.

Full Access
Question # 30

Which of the following data security policies is most likely to be the result of a data privacy law?

A.

Access to personally identifiable information is limited to those who need it to perform their job.

B.

Confidential data must be backed up and recoverable within a 24-hour period.

C.

Updates to systems containing sensitive data must be approved before being moved to production.

D.

A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods.

Full Access
Question # 31

An organization and its trading partner rely on a computer-to-computer exchange of digital business documents. Which of the following best describes this scenario?

A.

Use of a central processing unit

B.

Use of a database management system

C.

Use of a local area network

D.

Use of electronic data Interchange

Full Access
Question # 32

Which of the following statements is true regarding change management?

A.

The degree of risk associated with a proposed change determines whether the change request requires authorization

B.

Program changes generally are developed and tested in the production environment.

C.

Changes are only required by software programs

D.

To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner

Full Access
Question # 33

Which of the following is an example of a contingent liability that a company should record?

A.

A potential assessment of additional income tax.

B.

Possible product warranty costs.

C.

The threat of a lawsuit by a competitor.

D.

The remote possibility of a contract breach.

Full Access
Question # 34

When initiating international ventures, an organization should consider cultural dimensions in order to prevent misunderstandings. Which of the following does not represent a recognized cultural dimension in a work environment?

A.

Self-control.

B.

Power distance.

C.

Masculinity versus femininity.

D.

Uncertainty avoidance.

Full Access
Question # 35

Which of the following principles is shared by both hierarchical and open organizational structures?

A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions.

A supervisor ' s span of control should not exceed seven subordinates.

Responsibility should be accompanied by adequate authority.

Employees at all levels should be empowered to make decisions.

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Full Access
Question # 36

Multinational organizations generally spend more time and effort to identify and evaluate:

A.

Internal strengths and weaknesses.

B.

Break-even points.

C.

External trends and events.

D.

Internal risk factors.

Full Access
Question # 37

The first stage in the development of a crisis management program is to:

A.

Formulate contingency plans.

B.

Conduct a risk analysis.

C.

Create a crisis management team.

D.

Practice the response to a crisis.

Full Access
Question # 38

The internal audit activity has identified accounting errors that resulted in the organization overstating its net income for the fiscal year. Which of the following is the most likely cause of this overstatement?

A.

Beginning inventory was overstated for the year.

B.

Cost of goods sold was understated for the year.

C.

Ending inventory was understated for the year.

D.

Cost of goods sold was overstated for the year.

Full Access
Question # 39

An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team ' s performance related to how project tasks are completed?

A.

A balanced scorecard.

B.

A quality audit

C.

Earned value analysis.

D.

Trend analysis

Full Access
Question # 40

Which of the following best describes the type of control provided by a firewall?

A.

Corrective

B.

Detective

C.

Preventive

D.

Discretionary

Full Access
Question # 41

Which of the following employee survey questions would be most effective to measure organizational commitment?

A.

How would you rate the development and training opportunities you receive at the organization?

B.

How satisfied are you with your manager ' s attitude and behavior?

C.

How content are you with the amount of pay you receive for your work?

D.

How likely are you to recommend the organization as an employer to your friends?

Full Access
Question # 42

Which of the following is a characteristic of just-in-time inventory management systems?

A.

Users determine the optimal level of safety stocks.

B.

They are applicable only to large organizations.

C.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

D.

They rely heavily on high-quality materials.

Full Access
Question # 43

The internal audit function conducted an engagement on maintenance operations of a construction organization and identified several issues of medium importance. The head of maintenance proposed an improvement plan with deadlines and personnel responsible. The internal audit function issued the final report to senior management. Senior management was dissatisfied with the report as they believed that improvement plan deadlines should be considerably shorter. Which of the following should the internal audit function change in the reporting process?

A.

Discontinue discussing draft reports with responsible employees, as their input is needed during fieldwork only

B.

Involve senior management at the draft report stage and in the development of action plans

C.

Request senior management to issue a separate memo regarding their changes to deadlines

D.

Invite senior management to the board meeting regarding engagement results so that they can express their concerns

Full Access
Question # 44

Which of the following conditions could lead an organization to enter into a new business through internal development rather than through acquisition?

A.

It is expected that there will be slow retaliation from incumbents.

B.

The acquiring organization has information that the selling organization is weak.

C.

The number of bidders to acquire the organization for sale is low.

D.

The condition of the economy is poor.

Full Access
Question # 45

A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:

A.

A transmission control protocol/Internet protocol (TCP/IP).

B.

An operating system.

C.

A web browser.

D.

A web server.

Full Access
Question # 46

Which of the following attributes of data are cybersecurity controls primarily designed to protect?

A.

Veracity, velocity, and variety.

B.

Integrity, availability, and confidentiality.

C.

Accessibility, accuracy, and effectiveness.

D.

Authorization, logical access, and physical access.

Full Access
Question # 47

Which of the following is an advantage of a decentralized organizational structure, as opposed to a centralized structure?

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Full Access
Question # 48

An organization selected a differentiation strategy to compete at the business level. Which of the following structures best fits this strategic choice?

A.

Functional structure.

B.

Divisional structure.

C.

Mechanistic structure.

D.

Functional structure with cross-functional teams.

Full Access
Question # 49

Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?

A.

Forming stage.

B.

Norming stage.

C.

Performing stage.

D.

Storming stage.

Full Access
Question # 50

Which of the following is a security feature that Involves the use of hardware and software to filter or prevent specific Information from moving between the inside network and the outs de network?

A.

Authorization

B.

Architecture model

C.

Firewall

D.

Virtual private network

Full Access
Question # 51

To assess the effectiveness of an organization ' s privacy program, which of the following approaches should an internal auditor take?

A.

Conduct a series of employee interviews.

B.

Conduct penetration tests.

C.

Review privacy policies and procedures.

D.

Analyze the life cycle of sensitive data.

Full Access
Question # 52

Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized. As such: which of the

following would be a characteristic of the now highly centralized organization?

A.

Top management does little monitoring of the decisions made at lower levels.

B.

The decisions made at the lower levels of management are considered very important.

C.

Decisions made at lower levels in the organizational structure are few.

D.

Reliance is placed on top management decision making by few of the organization ' s departments.

Full Access
Question # 53

Which of the following describes a typical desktop workstation used by most employees in their daily work?

A.

Workstation contains software that prevents unauthorized transmission of information into and out of the organization ' s network.

B.

Workstation contains software that controls information flow between the organization ' s network and the Internet.

C.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization ' s network.

D.

Workstation contains software that manages user ' s access and processing of stored data on the organization ' s network.

Full Access
Question # 54

Which of the following should be the primary consideration of a right-to-audit clause in a contract?

A.

It should be a simple statement to give the contracting organization the right to conduct an audit.

B.

It should clearly state the conditions and criteria necessary to conduct an audit under reasonable and acceptable conditions.

C.

It should be a detailed statement to give the contracted organization the right to conduct an audit.

D.

It should clearly and concisely describe the conditions and criteria to prohibit an organization ' s ability to conduct an audit.

Full Access
Question # 55

An organization decided to invest in new office equipment for $320,000. The estimated useful life of the equipment is four years. The residual value will be $40,000. The depreciation method is straight-line. The new equipment will allow the organization to save $150,000 per year. The estimated tax rate used in the organization is 30 percent. The required rate of return is 15 percent.

The following are present values of $1 during four years for 15 percent:

Year 1 = $0.87

Year 2 = $0.76

Year 3 = $0.66

Year 4 = $0.57

What is net present value of this investment?

A.

$71,140

B.

$63,160

C.

$40,360

D.

$3,100

Full Access
Question # 56

Which of the following security controls would be me most effective in preventing security breaches?

A.

Approval of identity request

B.

Access logging.

C.

Monitoring privileged accounts

D.

Audit of access rights

Full Access
Question # 57

Which of the following IT layers would require the organization to maintain communication with a vendor in a tightly controlled and monitored manner?

A.

Applications

B.

Technical infrastructure.

C.

External connections.

D.

IT management

Full Access
Question # 58

In mergers and acquisitions, which of the following is an example of a horizontal combination?

A.

Dairy manufacturing company taking over a large dairy farm.

B.

A movie producer acquires movie theaters.

C.

A petroleum processing company acquires an agro-processing firm.

D.

A baker taking over a competitor.

Full Access
Question # 59

A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software that will remotely wipe data in case of theft or other incidents. Which of the following should the organization ensure in exchange for the employees ' consent?

A.

That those employees who do not consent to MDM software cannot have an email account.

B.

That personal data on the device cannot be accessed and deleted by system administrators.

C.

That monitoring of employees ' online activities is conducted in a covert way to avoid upsetting them.

D.

That employee consent includes appropriate waivers regarding potential breaches to their privacy.

Full Access
Question # 60

An organization contracted a third-party service provider to plan, design, and build a new facility. Senior management would like to transfer all of the risk to the builder. Which type of procurement contract would the organization use?

A.

Cost-plus contract.

B.

Turnkey contract.

C.

Service contract.

D.

Solutions contract.

Full Access
Question # 61

Management is designing its disaster recovery plan. In the event that there is significant damage to the organization ' s IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration. Which of the following is the ideal solution for management in this scenario?

A.

A warm recovery plan.

B.

A cold recovery plan.

C.

A hot recovery plan.

D.

A manual work processes plan

Full Access
Question # 62

A chief audit executive (CAE) is calculating the available internal audit resource hours while planning the annual internal audit plan. The CAE needs to calculate the total number of hours available for audits. Which of the following should be deducted in order to have time available only for engagements?

A.

Time spent on coaching the internal audit function on new engagement procedures

B.

Time spent on the preliminary risk assessment of the engagement

C.

Time spent for the documentation of supporting files for the engagement

D.

Time spent on reporting the results of the engagement

Full Access
Question # 63

Which of the following is a potential risk for an organization that allows employees to use their personal devices to conduct business?

A.

Less efficiency.

B.

Lower employee satisfaction.

C.

Higher organizational costs on devices.

D.

Increased exposure to malware attacks.

Full Access
Question # 64

According to IIA guidance, whose input must be considered when developing the annual internal audit plan?

A.

Operational management

B.

External auditors

C.

The CEO

D.

Internal assurance providers

Full Access
Question # 65

During an internal audit engagement, it was found that several vendors were on a government sanctions list and must no longer be traded with. Which of the following would most effectively mitigate the risk of noncompliance with sanctions lists that are updated regularly?

A.

Agreements with sanctioned vendors discovered by internal audit will be placed on hold until further notice from the government

B.

A new procedure of vendor onboarding will be implemented to ensure that all new vendors undergo screenings against the sanctions list

C.

Controls will be embedded in the vendor management processes to ensure that new and existing vendors are compliant with changes to the sanctions list

D.

The legal team will be asked to prepare counter arguments to dispute audit findings and potential inquiries from the governmental authority

Full Access
Question # 66

An internal audit team is trialing a data analytics tool. An extract from accounts payable was loaded into the tool and as a result, the tool flagged most of the transactions, thus yielding no meaningful results. After investigating, the audit team determined that the extract contained duplicate entries and spelling issues.

Which of the following should have been performed prior to loading the data into the analytics tool?

A.

Data segregation.

B.

Data stratification.

C.

Data normalization.

D.

Data quantification.

Full Access
Question # 67

Which of the following types of budgets will best provide the basis for evaluating the organization ' s performance?

A.

Cash budget.

B.

Budgeted balance sheet.

C.

Selling and administrative expense budget.

D.

Budgeted income statement.

Full Access
Question # 68

The head of the research arid development department at a manufacturing organization believes that his team lacks expertise in some areas, and he decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

1. Favorable labor efficiency variance.

2. Adverse labor rate variance.

3. Adverse labor efficiency variance.

4. Favorable labor rate variance.

A.

1 and 2

B.

1 and 4

C.

3 and A

D.

2 and 3

Full Access
Question # 69

An internal auditor is assessing the risks related to an organization’s mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internal auditor be most concerned about?

A.

Compliance.

B.

Privacy.

C.

Strategic.

D.

Physical security.

Full Access
Question # 70

Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?

A.

The risk that users try to bypass controls and do not install required software updates

B.

The risk that smart devices can be lost or stolen due to their mobile nature

C.

The risk that an organization intrusively monitors personal information stored on smart devices

D.

The risk that proprietary information is not deleted from the device when an employee leaves

Full Access
Question # 71

A data classification policy would most likely assist in achieving which of the following control objectives?

A.

Confirming the validity of the data record.

B.

Ensuring the completeness of the data.

C.

Eliminating redundant data records.

D.

Complying with data protection regulations.

Full Access
Question # 72

Which of the following is a key factor in the development of a production budget for a manufacturing organization?

A.

Direct materials units required.

B.

Estimated ending unit inventory.

C.

Projected sales revenue.

D.

Variable overhead costs.

Full Access
Question # 73

After identifying and reporting a control deficiency, which of the following actions should an internal auditor perform next?

A.

Ensure full documentation of the control deficiency and close out the audit file

B.

Follow up on the remediation status with business management periodically

C.

Note this control area “audited” and mark it as out-of-scope for the following year

D.

Design a remediation plan and ensure operational management follows through

Full Access
Question # 74

An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization ' s needs, in order to quickly recover operational capability in the event of a disaster, Which of the following best describes this approach to disaster recovery planning?

A.

Cold recovery plan,

B.

Outsourced recovery plan.

C.

Storage area network recovery plan.

D.

Hot recovery plan

Full Access
Question # 75

Employees at an events organization use a particular technique to solve problems and improve processes. The technique consists of five steps: define, measure, analyze,

improve, and control. Which of the following best describes this approach?

A.

Six Sigma,

B.

Quality circle.

C.

Value chain analysis.

D.

Theory of constraints.

Full Access
Question # 76

Which of the following inventory costing methods requires the organization to account for the actual cost paid for the unit being sold?

A.

Last-in-first-Out (LIFO}.

B.

Average cost.

C.

First-in-first-out (FIFO).

D.

Specific identification

Full Access
Question # 77

Which of the following is a security feature that involves the use of hardware and software to filter or prevent specific information from moving between the inside network and the outside network?

A.

Authorization

B.

Architecture model

C.

Firewall

D.

Virtual private network

Full Access
Question # 78

Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organizations systems?

A.

Boundary defense

B.

Malware defense.

C.

Penetration tests

D.

Wireless access controls

Full Access
Question # 79

Which of the following best describes a potential benefit of using data analyses?

A.

It easily aligns with existing internal audit competencies to reduce expenses

B.

It provides a more holistic view of the audited area.

C.

Its outcomes can be easily interpreted into audit: conclusions.

D.

Its application increases internal auditors ' adherence to the Standards

Full Access
Question # 80

Which of the following statements is true regarding outsourced business processes?

A.

Outsourced business processes should not be considered in the internal audit universe because the controls are owned by the external service provider.

B.

Generally, independence is improved when the internal audit activity reviews outsourced business processes.

C.

The key controls of outsourced business processes typically are more difficult to audit because they are designed and managed externally.

D.

The system of internal controls may be better and more efficient when the business process is outsourced compared to internally sourced.

Full Access
Question # 81

Which of the following best describes the concept of relevant cost?

A.

A future cost that is the same among alternatives.

B.

A future cost that differs among alternatives.

C.

A past cost that is the same among alternatives.

D.

A past cost that differs among alternatives.

Full Access
Question # 82

A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?

A.

Fixed and variable manufacturing costs are less than the special offer selling price

B.

The manufacturer can fulfill the order without expanding the capacities of the production facilities

C.

Costs related to accepting this offer can be absorbed through the sale of other products

D.

The manufacturer’s production facilities are currently operating at full capacity

Full Access
Question # 83

A motivational technique generally used to overcome monotony and job-related boredom is:

A.

Job specification.

B.

Job objectives.

C.

Job rotation.

D.

Job description.

Full Access
Question # 84

Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

A.

A flexible budget.

B.

Variance analysis.

C.

A contribution margin income statement by segment.

D.

Residual income.

Full Access
Question # 85

Which of the following forms of compensation best indicates that an organization’s cost-saving objectives have been targeted?

A.

Gain sharing

B.

Commission

C.

Profit sharing

D.

Pension

Full Access
Question # 86

Which of the following would provide the most relevant assurance that the application under development will provide maximum value to the organization?

A.

Use of a formal systems development lifecycle.

B.

End-user involvement.

C.

Adequate software documentation.

D.

Formalized non-regression testing phase.

Full Access
Question # 87

If the chief audit executive (CAE) observes that an international wire was approved to transfer funds to a country embargoed by the government, which of the following would be the most appropriate first step for the CAE to take?

A.

Track the wire and perform ongoing monitoring

B.

Discuss the issue with management

C.

Immediately report the transaction to the regulatory authorities

D.

Report the transaction to the audit committee

Full Access
Question # 88

Which of the following statements Is true regarding the use of centralized authority to govern an organization?

A.

Fraud committed through collusion is more likely when authority is centralized.

B.

Centralized managerial authority typically enhances certainty and consistency within an organization.

C.

When authority is centralized, the alignment of activities to achieve business goals typically is decreased.

D.

Using separation of duties to mitigate collusion is reduced only when authority is centralized.

Full Access
Question # 89

Which of the following describes a third-party network that connects an organization specifically with its trading partners?

A.

Value-added network (VAN).

B.

Local area network (LAN).

C.

Metropolitan area network (MAN).

D.

Wide area network (WAN).

Full Access
Question # 90

Which of the following is an example of a phishing attack?

A.

An organization’s website becomes flooded with malicious traffic on the first day of the online shopping season, causing the website to crash and preventing customers from purchasing deals online

B.

The employees of a retail organization responded to emails with a link to malware that enabled a hacker to access the point-of-sale system and obtain customers’ credit card information

C.

An organization’s employees clicked on a link that allowed a worm to infiltrate and encrypt the organization’s operating system, rendering it unusable. A group of hackers is demanding payment to unlock the encryption

D.

A group of online activists hacked into the private email and confidential records of the local police department and released the information online to expose the corrupt practices of the department

Full Access
Question # 91

Senior management has decided to implement the Three Lines of Defense model for risk management. Which of the following best describes senior management ' s duties with regard to this model?

A.

Ensure compliance with the model.

B.

Identify management functions.

C.

Identify emerging issues.

D.

Set goals for implementation.

Full Access
Question # 92

When would a contract be dosed out?

A.

When there ' s a dispute between the contracting parties

B.

When ail contractual obligations have been discharged.

C.

When there is a force majenre.

D.

When the termination clause is enacted.

Full Access
Question # 93

Which of the following statements is accurate when planning for an external quality assurance assessment of the internal audit function?

A.

The external assessment would include the audit function’s compliance with laws and regulations

B.

The selected qualified assessor can be from the organization’s shared services team

C.

The external assessment team members must work for an accounting firm

D.

The frequency of the performance of assessments should be considered by the assessor

Full Access
Question # 94

An organization has outsourced its payroll function to a third-party service provider. Which of the following contract clauses is most important to include in the outsourcing agreement to ensure access to records of the third-party provider?

A.

A termination clause.

B.

A right-to-audit clause.

C.

A confidentiality clause.

D.

A data security accountability clause.

Full Access
Question # 95

At what stage of project integration management would a project manager and project management team typically coordinate the various technical and organizational interfaces that exist in the project?

A.

Project plan development.

B.

Project plan execution

C.

Integrated change control.

D.

Project quality planning

Full Access
Question # 96

Which of the following is classified as a product cost using the variable costing method?

Direct labor costs.

Insurance on a factory.

Manufacturing supplies.

Packaging and shipping costs.

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Full Access
Question # 97

A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software. Copy 1 was solely for backup purposes. Copy 2 was for use by another member of the department. In terms of software licenses and copyright law, which of the following is correct?

A.

Both copies are legal.

B.

Only Copy 1 is legal.

C.

Only Copy 2 is legal.

D.

Neither copy is legal.

Full Access
Question # 98

At an organization that uses a periodic inventory system, the accountant accidentally understated the organization s beginning inventory. How would the accountant ' s accident impact the income statement?

A.

Cost of goods sold will be understated and net income will be overstated.

B.

Cost of goods sold will be overstated and net income will be understated

C.

Cost of goods sold will be understated and there Wi-Fi be no impact on net income.

D.

There will be no impact on cost of goods sold and net income will be overstated

Full Access
Question # 99

A bond that matures after one year has a face value of S250,000 and a coupon of $30,000. if the market price of the bond is 5265,000, which of the following would be the market interest rate?

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12 50 percent.

Full Access
Question # 100

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange?

A.

A time-sensitive just-in-time purchase environment.

B.

A large volume of custom purchases.

C.

A variable volume sensitive to material cost.

D.

A currently inefficient purchasing process.

Full Access
Question # 101

Which of the following is a key characteristic of a zero-based budget?

A.

A zero-based budget provides estimates of costs that would be incurred under different levels of activity.

B.

A zero-based budget maintains focus on the budgeting process.

C.

A zero-based budget is prepared each year and requires each item of expenditure to be justified.

D.

A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.

Full Access
Question # 102

An organization produces products X and Y. The materials used for the production of both products are limited to 500 Kilograms

(kg ) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows in order to maximize profit, how much of product Y should the organization produce each month?

$10 $13

2 kg

70 units

6 kg

120 units

A.

50 units

B.

60 units

C.

70 units

D.

1:20 units

Full Access
Question # 103

Which of the following statements is true regarding an investee that received a dividend distribution from an entity and is presumed to have little influence over the entity?

A.

The cash dividends received increase the investee investment account accordingly.

B.

The investee must adjust the investment account by the ownership interest

C.

The investment account is adjusted downward by the percentage of ownership.

D.

The investee must record the cash dividends as dividend revenue

Full Access
Question # 104

Which of the following corporate social responsibility strategies is likely to be most effective in minimizing confrontations with influential activists and lobbyists?

A.

Continually evaluate the needs and opinions of all stakeholder groups.

B.

Ensure strict compliance with applicable laws and regulations to avoid incidents.

C.

Maintain a comprehensive publicity campaign that highlights the organization ' s efforts.

D.

Increase goodwill through philanthropic activities among stakeholder communities.

Full Access
Question # 105

Which of the following conflict resolution methods should be applied when the intention of the parties is to solve the problem by clarifying differences and attaining everyone ' s objectives?

A.

Accommodating.

B.

Compromising.

C.

Collaborating.

D.

Competing.

Full Access
Question # 106

Which of the following responsibilities would ordinarily fall under the help desk function of an organization?

A.

Maintenance service items such as production support

B.

Management of infrastructure services, including network management

C.

Physical hosting of mainframes and distributed servers

D.

End-to-end security architecture design

Full Access
Question # 107

An organization has decided to allow its managers to use their own smart phones at work. With this change, which of the following is most important to Include In the IT department ' s comprehensive policies and procedures?

A.

Required documentation of process for discontinuing use of the devices

B.

Required removal of personal pictures and contacts.

C.

Required documentation of expiration of contract with service provider.

D.

Required sign-off on conflict of interest statement.

Full Access
Question # 108

Which of the following analytical techniques would an internal auditor use to verify that none of an organization ' s employees are receiving fraudulent invoice payments?

A.

Perform gap testing.

B.

Join different data sources.

C.

Perform duplicate testing.

D.

Calculate statistical parameters.

Full Access
Question # 109

Listening effectiveness is best increased by:

A.

Resisting both internal and external distractions.

B.

Waiting to review key concepts until the speaker has finished talking.

C.

Tuning out messages that do not seem to fit the meeting purpose.

D.

Factoring in biases in order to evaluate the information being given.

Full Access
Question # 110

Which of the following best describes owner ' s equity?

A.

Assets minus liabilities.

B.

Total assets.

C.

Total liabilities.

D.

Owners contribution plus drawings.

Full Access
Question # 111

While performing an audit of a car tire manufacturing plant, an internal auditor noticed a significant decrease in the number of tires produced from the previous operating

period. To determine whether worker inefficiency caused the decrease, what additional information should the auditor request?

A.

Total tire production labor hours for the operating period.

B.

Total tire production costs for the operating period.

C.

Plant production employee headcount average for the operating period.

D.

The production machinery utilization rates.

Full Access
Question # 112

Which of the following serves as a safeguard to protect the confidentiality of information being transmitted from an internal network to an external network?

A.

A cloud network.

B.

A mobile network.

C.

An intranet.

D.

A virtual private network.

Full Access
Question # 113

Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?

A.

Promote closer linkage between organizational strategy and information.

B.

Provide users with greater online access to information systems.

C.

Enhance the functionality of application systems.

D.

Expand the use of automated controls.

Full Access
Question # 114

An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data.

What would be the most appropriate directive control in this area?

A.

Require a Service Organization Controls (SOC) report from the service provider

B.

Include a data protection clause in the contract with the service provider.

C.

Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.

D.

Encrypt the employees ' data before transmitting it to the service provider

Full Access
Question # 115

Which of the following best describes a man-in-the-middle cyber-attack?

A.

The perpetrator is able to delete data on the network without physical access to the device.

B.

The perpetrator is able to exploit network activities for unapproved purposes.

C.

The perpetrator is able to take over control of data communication in transit and replace traffic.

D.

The perpetrator is able to disable default security controls and introduce additional vulnerabilities

Full Access
Question # 116

Which of the following statements is most accurate concerning the management and audit of a web server?

A.

The file transfer protocol (FTP) should always be enabled

B.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts

C.

The number of ports and protocols allowed to access the web server should be maximized

D.

Secure protocols for confidential pages should be used instead of clear-text protocols such as HTTP or FTP

Full Access
Question # 117

Which of the following would be the strongest control to prevent unauthorized wireless network access?

A.

Allowing access to the organization ' s network only through a virtual private network.

B.

Logging devices that access the network, including the date. time, and identity of the user.

C.

Tracking all mobile device physical locations and banning access from non-designated areas.

D.

Permitting only authorized IT personnel to have administrative control of mobile devices.

Full Access
Question # 118

An organization wants to offer a standard product across all markets but also wants to differentiate the product to fit local demands in different geographic markets and to meet government regulations.

Which of the following strategies may help the organization achieve its goal?

A.

Globalization strategy.

B.

Transnational strategy.

C.

Multidomestic strategy.

D.

Export strategy.

Full Access
Question # 119

Which of the following facilitates data extraction from an application?

A.

Application program code.

B.

Database system.

C.

Operating system.

D.

Networks.

Full Access
Question # 120

If an organization has a high amount of working capital compared to the industry average, which of the following is most likely true?

A.

Settlement of short-term obligations may become difficult.

B.

Cash may be bed up in items not generating financial value.

C.

Collection policies of the organization are ineffective.

D.

The organization is efficient in using assets to generate revenue.

Full Access
Question # 121

Internal audit discovered that several loads of pellets were deleted from the scaling database and consequently had no sales invoices, significantly affecting financial statements. An investigation revealed that technicians had deleted the pellet loads accidentally, with no evidence of fraud. Which of the following actions should management implement first?

A.

Address root causes by launching a project to understand and revise the methods for granting database access rights

B.

Address the condition by limiting technicians ' access to live database data

C.

Address potential risks by reconciling all sales invoices against scaling data

D.

Address investigation results by dismissing technicians who caused the disruption

Full Access
Question # 122

Which of the following is a disadvantage of selecting a commercial software package rather than developing an application internally?

A.

Lack of flexibility.

B.

Incompatibility with client/server technology.

C.

Employee resistance to change.

D.

Inadequate technical support.

Full Access
Question # 123

Which of the following statements is true with regard to capital budgeting?

A.

Using the net present value method, a proposal is acceptable when the net present value is negative.

B.

The internal rate of return is the highest interest rate that will cause the present value of the proposed capital expenditure to be less than the present value of expected net annual cash flows.

C.

The cash payback technique is used to determine the period of time required to recover the capital investment, plus the expected return, from the annual cash flow produced by the investment.

D.

The annual rate of return technique is used to estimate the profitability of a capital expenditure by dividing the expected annual net income by the average investment.

Full Access
Question # 124

Which mindset promotes the most comprehensive risk management strategy?

A.

Increase shareholder value.

B.

Maximize market share.

C.

Improve operational efficiency.

D.

Mitigate losses.

Full Access
Question # 125

Which of the following risks would Involve individuals attacking an oil company ' s IT system as a sign of solidarity against drilling in a local area?

A.

Tampering

B.

Hacking

C.

Phishing

D.

Piracy

Full Access
Question # 126

What would be the most relevant risk related to a bring-your-own-device policy?

A.

Data leakage due to the devices having access to the network.

B.

Lack of understanding of the technology and concept of the tool.

C.

Missing noncurrent assets capitalization.

D.

Financial losses due to smart device theft.

Full Access
Question # 127

Which of the following are the most common characteristics of big data?

A.

Visibility, validity, vulnerability

B.

Velocity, variety, volume

C.

Complexity, completeness, constancy

D.

Continuity, control, convenience

Full Access
Question # 128

Internal auditors want to increase the likelihood of identifying very small control and transaction anomalies in their testing that could potentially be exploited to cause material breaches. Which of the following techniques would best meet this objective?

A.

Analysis of the full population of existing data.

B.

Verification of the completeness and integrity of existing data.

C.

Continuous monitoring on a repetitive basis.

D.

Analysis of the databases of partners, such as suppliers.

Full Access
Question # 129

Which of the following functions of a quality assurance and improvement program (QAIP) must be performed by personnel independent of the internal audit function?

A.

External assessments

B.

Communication of QAIP results to the board

C.

Disclosure of nonconformance

D.

Internal assessments

Full Access
Question # 130

Which of the following Issues would be a major concern for internal auditors when using a free software to analyze a third-party vendor ' s big data?

A.

The ability to use the software with ease to perform the data analysis to meet the engagement objectives.

B.

The ability to purchase upgraded features of the software that allow for more In-depth analysis of the big data.

C.

The ability to ensure that big data entered into the software is secure from potential compromises or loss.

D.

The ability to download the software onto the appropriate computers for use in analyzing the big data.

Full Access
Question # 131

Which of the following best describes the chief audit executive ' s responsibility for assessing the organization ' s residual risk?

A.

Create an action plan to mitigate the risk

B.

Incorporate management acceptance of risk in the workpapers as internal audit evidence

C.

Report deviations immediately to the board

D.

Communicate the matter with senior management

Full Access
Question # 132

An organization ' s IT systems can only be accessed using the organization ' s virtual private network. However, organizational emails, videoconferencing, and file-sharing tools are cloud-based and can be accessed using multi-factor authentication via any device. Which of the following risks should the organization acknowledge?

A.

The risk that internal data can be leaked via unapproved applications

B.

The risk that virtual private networks are not secure

C.

The risk that remote access controls are usually ineffective in cloud solutions

D.

The risk that employees may read organizational emails outside of business hours

Full Access
Question # 133

What is the primary purpose of data and systems backup?

A.

To restore all data and systems immediately after the occurrence of an incident.

B.

To set the maximum allowable downtime to restore systems and data after the occurrence of an incident.

C.

To set the point in time to which systems and data must be recovered after the occurrence of an incident.

D.

To restore data and systems to a previous point in time after the occurrence of an incident

Full Access
Question # 134

As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized cate?

A.

The auditor eliminated duplicate information.

B.

The auditor organized data to minimize useless information.

C.

The auditor made data usable for a specific purpose by ensuring that anomalies were Identified and corrected.

D.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

Full Access
Question # 135

In an organization that produces chocolate, the leadership team decides that the organization will open a milk production facility for its milk chocolate. Which of the following strategies have the organization chosen?

A.

Vertical integration.

B.

Unrelated diversification.

C.

Differentiation

D.

Focus

Full Access
Question # 136

Which of the following situations best illustrates a " false positive " in the performance of a spam filter?

A.

The spam filter removed Incoming communication that included certain keywords and domains.

B.

The spam filter deleted commercial ads automatically, as they were recognized as unwanted.

C.

The spam filter routed to the " junk|r folder a newsletter that appeared to include links to fake websites.

D.

The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.

Full Access
Question # 137

When auditing databases, which of the following risks would an Internal auditor keep In mind In relation to database administrators?

A.

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

B.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

C.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

D.

The risk that database administrators could make hidden changes using privileged access.

Full Access
Question # 138

With increased cybersecurity threats, which of the following should management consider to ensure that there is strong security governance in place?

A.

Inventory of information assets

B.

Limited sharing of data files with external parties.

C.

Vulnerability assessment

D.

Clearly defined policies

Full Access
Question # 139

The internal audit function is instructed by the audit committee to assess and give an opinion annually on risk management process effectiveness. However, lacking in-house expertise, the chief audit executive (CAE) initially appoints an independent consultant to assist with this engagement. Which of the following approaches is the most appropriate?

A.

The engagement is wholly performed by the independent consultant and the CAE forms the opinion

B.

The independent consultant accomplishes the entire engagement and forms the opinion

C.

Internal auditors work with the independent consultant and the CAE forms the opinion

D.

Internal auditors carry out the entire engagement and the independent consultant forms the opinion

Full Access
Question # 140

Which of the following statements is in accordance with COBIT?

    Pervasive controls are general while detailed controls are specific.

    Application controls are a subset of pervasive controls.

    Implementation of software is a type of pervasive control.

    Disaster recovery planning is a type of detailed control.

A.

1 and 4 only

B.

2 and 3 only

C.

2, 3, and 4 only

D.

1, 2, and 4 only

Full Access
Question # 141

Employees of an organization noticed that an exterior surface of the office building was deteriorating. Upon investigation, it was found that the deterioration was caused by harsh cleaning chemicals used to remove excessive bird droppings, and that the birds were drawn to the building to feed from a spider infestation. Which of the following best represents a root cause-based recommendation for this situation?

A.

Repair the surface of the building

B.

Discontinue the use of the cleaning chemicals

C.

Scare the birds away by installing scarecrows

D.

Enhance cleaning of the building to displace spiders

Full Access
Question # 142

Which of the following information security controls has the primary function of preventing unauthorized outside users from accessing an organization ' s data through the organization ' s network?

A.

Firewall.

B.

Encryption.

C.

Antivirus.

D.

Biometrics.

Full Access
Question # 143

Which of the following control techniques would minimize the risk of interception during transmission in an electronic data interchange system?

    Encryption.

    Traffic padding.

    Edit checks.

    Structured data format.

A.

1 and 2 only

B.

2 and 3 only

C.

3 and 4 only

D.

1, 2, and 3 only

Full Access
Question # 144

During a review of the tendering process, an internal auditor observes that unusual bidding requirements for IT hardware across several tenders appears to consistently favor one supplier. The internal auditor suspects that a bid-rigging scheme is occurring. Which of the following best describes the methodology used by the internal auditor?

A.

Diagnostic analysis.

B.

Predictive analysis.

C.

Textual analysis.

D.

Network analysis.

Full Access
Question # 145

Which of the following is a project planning methodology that involves a complex series of required simulations to provide information about schedule risk?

Full Access
Question # 146

Which of the following would be most likely included in the internal audit procedures manual?

A.

The internal audit charter

B.

The annual audit plan

C.

The engagement results

D.

The quality assurance and improvement program

Full Access
Question # 147

A company that supplies medications to large hospitals relies heavily on subcontractors to replenish any shortages within 24 hours. Where should internal auditors look for evidence that subcontractors are held responsible for this obligation?

A.

The company ' s code of ethics.

B.

The third-party management risk register.

C.

The signed service-level agreement.

D.

The subcontractors ' annual satisfaction survey.

Full Access
Question # 148

Which of the following best describes a competitive strategy in which the organization focuses on attempts to be more efficient than competitors?

A.

Differentiation strategy.

B.

Cost leadership strategy.

C.

Focus strategy.

D.

Portfolio strategy.

Full Access
Question # 149

Which of the following price adjustment strategies encourages prompt payment?

A.

Cash discounts.

B.

Quantity discounts.

C.

Functional discounts.

D.

Seasonal discounts.

Full Access
Question # 150

A newly appointed board member received an email that appeared to be from the company ' s CEO. The email stated:

“Good morning. As you remember, the closure of projects is our top priority. Kindly organize prompt payment of the attached invoice for our new solar energy partners.” The board member quickly replied to the email and asked under which project the expense should be accounted. Only then did he realize that the sender ' s mail domain was different from the company ' s. Which of the following cybersecurity risks nearly occurred in the situation described?

A.

A risk of spyware and malware.

B.

A risk of corporate espionage.

C.

A ransomware attack risk.

D.

A social engineering risk.

Full Access
Question # 151

Which of the following represents an example of a physical security control?

A.

Access rights are allocated according to the organization’s policy

B.

There is confirmation that data output is accurate and complete

C.

Servers are located in locked rooms to which access is restricted

D.

A record is maintained to track the process from data input to storage

Full Access
Question # 152

Which of the following is an indicator of robust cost control of a project?

A.

The budget of the project has been compiled and approved.

B.

The project costs are precisely within the planned budget.

C.

Positive and negative variances are researched and explained.

D.

Cost estimates are allocated to specific activities correctly.

Full Access
Question # 153

Which of the following is the most appropriate way lo record each partner ' s initial Investment in a partnership?

A.

At the value agreed upon by the partners.

B.

At book value.

C.

At fair value

D.

At the original cost.

Full Access
Question # 154

Which of the following accurately describes the proper order of steps for an internal auditor to use when analyzing data?

A.

Obtain the data, clean and normalize the data, define the question, analyze the data.

B.

Define the question, obtain the data, analyze the data, clean and normalize the data.

C.

Define the question, obtain the data, clean and normalize the data, analyze the data.

D.

Obtain the data, analyze the data, clean and normalize the data, define the question.

Full Access
Question # 155

An internal audit uncovered high-risk issues that needed to be addressed by the organization. During the exit conference, the audit team discussed the high-risk issues with the manager responsible for addressing them. How should the chief audit executive respond if the manager agrees to correct the issues identified during the audit?

A.

Include in the report that management has agreed to address the issue and set a date for follow-up

B.

Include an assignment in the annual internal audit plan to perform a follow-up audit

C.

Discuss the audit observation with senior management

D.

Solicit input from management and create the action plan

Full Access
Question # 156

Which of the following physical access control is most likely to be based on ’’something you have " concept?

A.

A retina characteristics reader

B.

A P3M code reader

C.

A card-key scanner

D.

A fingerprint scanner

Full Access
Question # 157

According to IIA guidance, which of the following statements is true regarding the chief audit executive ' s (CAE’s) responsibility for following up on management action plans?

A.

Follow-up activities must be performed on an ongoing basis, such as quarterly, rather than being scheduled as specific assignments in the internal audit plan

B.

The primary purpose of the CAE’s follow-up activities is to verify whether the audit issues raised in the audit report are valid

C.

The CAE may plan follow-up activities on a selective basis, depending on risk significance, to verify whether management action plans were completed

D.

Where management believes certain action plans are no longer necessary, the CAE must resolve the matter with the board and if the matter remains unresolved, communicate to senior management

Full Access
Question # 158

Which of the following is not a common feature of cumulative preferred stock?

A.

Priority over common stock with regard to dilution of shares.

B.

Priority over common stock with regard to earnings.

C.

Priority over common stock with regard to dividend payment.

D.

Priority over common stock with regard to assets.

Full Access
Question # 159

A small chain of grocery stores made a reporting error and understated its ending inventory. What effect would this have on the income statement for the following year?

A.

Net income would be understated.

B.

Net income would not be affected.

C.

Net income would be overstated.

D.

Net income would be negative.

Full Access
Question # 160

Which of the following are appropriate functions for an IT steering committee?

    Assess the technical adequacy of standards for systems design and programming.

    Continually monitor the adequacy and accuracy of software and hardware in use.

    Assess the effects of new technology on the organization ' s IT operations.

    Provide broad oversight of implementation, training, and operation of new systems.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 161

An internal auditor found the following information while reviewing the monthly financial statements for a wholesaler of safety glasses: Opening inventory: 1,000 units at $2 per unit; Purchased: 5,000 units at $3 per unit; Sold: 3,000 units at $7 per unit. The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?

A.

Average cost method

B.

First-in, first-out (FIFO) method

C.

Specific identification method

D.

Activity-based costing method

Full Access
Question # 162

Which of the following concepts of managerial accounting is focused on achieving a point of low or no inventory?

A.

Theory of constraints.

B.

Just-in-time method.

C.

Activity-based costing.

D.

Break-even analysis

Full Access
Question # 163

Which of the following parties is most likely to be responsible for maintaining the infrastructure required to prevent the failure of a real-time backup of a database?

A.

IT database administrator.

B.

IT data center manager.

C.

IT help desk function.

D.

IT network administrator.

Full Access
Question # 164

The chief audit executive hired a consultant to update the internal audit function’s methodologies. Which of the following would best ensure that the internal audit function will adhere to the updated methodologies?

A.

Placing the updated methodologies in an easily accessible location for reference

B.

Requiring a signed acknowledgment that each auditor will comply with the updated methodologies

C.

Preparing a recorded training that reviews the updated methodologies

D.

Sharing a one-page summary of the updated methodologies during an internal audit function meeting

Full Access
Question # 165

The main reason to establish internal controls in an organization is to:

A.

Encourage compliance with policies and procedures.

B.

Safeguard the resources of the organization.

C.

Ensure the accuracy, reliability, and timeliness of information.

D.

Provide reasonable assurance on the achievement of objectives.

Full Access
Question # 166

A manufacturer ss deciding whether to sell or process materials further. Which of the following costs would be relevant to this decision?

A.

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

B.

Joint costs, incremental processing costs, and variable manufacturing expenses.

C.

Incremental revenue, joint costs, and incremental processing costs.

D.

Variable manufacturing expenses, incremental revenue, and joint costs

Full Access
Question # 167

Which approach should a chief audit executive take when preparing the internal audit plan?

A.

Organize the auditable units within the organization into an audit universe to facilitate risk assessment

B.

Select auditable units within the organization based on monetary values

C.

Evaluate auditable units based on senior management ' s information about risks

D.

Eliminate auditable units not mandated to be audited by laws and regulations applicable to the organization

Full Access
Question # 168

Which of the following statements best describes the concept of Internet of Things?

A.

Interconnectivity of physical devices through the internet.

B.

Delivery of different services through the internet.

C.

The practice whereby employees and partners use their personal devices for conducting business.

D.

Computer-to-computer exchange of business documents in electronic form through the internet between an organization and its trading partners.

Full Access
Question # 169

Which of the following is the best reason for considering the acquisition of a nondomestic organization?

A.

Relatively fast market entry.

B.

Improved cash flow of the acquiring organization.

C.

Increased diversity of corporate culture.

D.

Opportunity to influence local government policy.

Full Access
Question # 170

Which of the following are appropriate functions for an IT steering committee?

    Assess the technical adequacy of standards for systems design and programming.

    Continually monitor the adequacy and accuracy of software and hardware in use.

    Assess the effects of new technology on the organization ' s IT operations.

    Provide broad oversight of implementation, training, and operation of new systems.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 171

Which of the following is an example of a physical control?

A.

Providing fire detection and suppression equipment

B.

Establishing a physical security policy and promoting it throughout the organization

C.

Performing business continuity and disaster recovery planning

D.

Keeping an offsite backup of the organization’s critical data

Full Access
Question # 172

As part of internal audit ' s risk assessment, a chief audit executive is determining certain factors as part of planning the areas to audit within an organization that makes silicon chips. Which of the following would be considered a subjective factor as part of the risk assessment?

A.

The number of vendors able to meet the supply demand request from the organization

B.

The quality of the staff supervision of silicon chips produced by the organization

C.

The length of time since the last audit of the organization ' s manufacturing facilities

D.

The asset value of the silicon chips that the organization did not produce because of a shortage in raw materials

Full Access
Question # 173

Focus An organization has decided to have all employees work from home. Which of the following network types would securely enable this approach?

A.

A wireless local area network (WLAN ).

B.

A personal area network (PAN).

C.

A wide area network (WAN).

D.

A virtual private network (VPN)

Full Access
Question # 174

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company ' s network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?

A.

Monitoring network traffic.

B.

Using whitelists and blacklists to manage network traffic.

C.

Restricting access and blocking unauthorized access to the network

D.

Educating employees throughout the company to recognize phishing attacks.

Full Access
Question # 175

Which of the following statements about slack time and milestones are true?

    Slack time represents the amount of time a task may be delayed without delaying the entire project.

    A milestone is a moment in time that marks the completion of the project ' s major deliverables.

    Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.

    A milestone requires resource allocation and needs time to be completed.

A.

1 and 4 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, 3, and 4

Full Access
Question # 176

Which of the following is true of matrix organizations?

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various functions.

C.

Authority, responsibility, and accountability of the units involved may vary based on the project ' s life or the organization ' s culture.

D.

It is best suited for firms with scattered locations or for multi-line, large-scale firms.

Full Access
Question # 177

Given the information below, which organization is in the weakest position to pay short-term debts?

Organization A: Current assets constitute $1,200,000; Current liabilities are $400,000

Organization B: Current assets constitute $1,000,000; Current liabilities are $1,000,000

Organization C: Current assets constitute $900,000; Current liabilities are $300,000

Organization D: Current assets constitute $1,000,000; Current liabilities are $250,000

A.

Organization A

B.

Organization B

C.

Organization C

D.

Organization D

Full Access
Question # 178

Which of the following activities would come last in the development and implementation of a privacy and data protection program?

A.

Selecting the privacy and data protection framework.

B.

Establishing an assessment and communication format.

C.

Defining the scope of implementation procedures.

D.

Defining the privacy and data protection risks.

Full Access
Question # 179

Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?

A.

Clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Full Access
Question # 180

Which of the following would be most effective in preventing phishing attacks from impacting business systems?

A.

Training users on security awareness.

B.

Monitoring the usage of IT systems.

C.

Using software to detect malware.

D.

Blocking access to a user ' s accounts.

Full Access
Question # 181

At a manufacturing plant, how would using Internet of Things during the production process benefit the organization?

A.

It would provide the ability to monitor in real-time.

B.

It would assist in securing sensitive data.

C.

It would help detect cyberattacks in a more timely fashion.

D.

It would assist in ensuring that data integrity is maintained.

Full Access
Question # 182

According to IIA guidance, which of the following is a broad collection of integrated policies, standards, and procedures used to guide the planning and execution of a project?

A.

Project portfolio.

B.

Project development

C.

Project governance.

D.

Project management methodologies

Full Access
Question # 183

Which of the following lists best describes the classification of manufacturing costs?

A.

Direct materials, indirect materials, raw materials.

B.

Overhead costs, direct labor, direct materials.

C.

Direct materials, direct labor, depreciation on factory buildings.

D.

Raw materials, factory employees ' wages, production selling expenses.

Full Access
Question # 184

Which of the following business practices promotes a culture of high performance?

A.

Reiterating the importance of compliance with established policies and procedures.

B.

Celebrating employees ' individual excellence.

C.

Periodically rotating operational managers.

D.

Avoiding status differences among employees.

Full Access
Question # 185

Which of the following assumptions regarding cost-volume-profit analysis is true?

A.

Costs are affected by changes in activity only.

B.

The behavior of costs and revenues is inverse.

C.

When more than one type of product is sold, the sales mix changes.

D.

Only variable costs have to be classified accurately.

Full Access
Question # 186

Which of the following methods has the lowest risk of inaccurate authentication?

A.

Fingerprint identification.

B.

Complex passwords.

C.

Signature verification.

D.

Personal security questions.

Full Access
Question # 187

According to IIA guidance, which of the following would be the best first stop to manage risk when a third party is overseeing the organization ' s network and data?

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C.

Applying administrative privileges to ensure right to access controls are appropriate.

D.

Creating a standing cyber-security committee to identify and manage risks related to data security

Full Access
Question # 188

When auditing an application change control process, which of the following procedures should be included in the scope of the audit?

    Ensure system change requests are formally initiated, documented, and approved.

    Ensure processes are in place to prevent emergency changes from taking place.

    Ensure changes are adequately tested before being placed into the production environment.

    Evaluate whether the procedures for program change management are adequate.

A.

1 only

B.

1 and 3 only

C.

2 and 4 only

D.

1, 3, and 4 only

Full Access
Question # 189

Which of the following controls would be the most effective in preventing the disclosure of an organization ' s confidential electronic information?

A.

Nondisclosure agreements between the firm and its employees.

B.

Logs of user activity within the information system.

C.

Two-factor authentication for access into the information system.

D.

limited access so information, based on employee duties

Full Access
Question # 190

Which of the following best describes the purpose of fixed manufacturing costs?

A.

To ensure availability of production facilities.

B.

To decrease direct expenses related to production.

C.

To incur stable costs despite operating capacity.

D.

To increase the total unit cost under absorption costing

Full Access
Question # 191

An organization ' s account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?

A.

A debit to office supplies on hand for S2.500

B.

A debit to office supplies on hand for $11.500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Full Access
Question # 192

What must be monitored in order to manage the risk of consumer product inventory obsolescence?

    Inventory balances.

    Market share forecasts.

    Sales returns.

    Sales trends.

A.

1 only

B.

4 only

C.

1 and 4 only

D.

1, 2, and 3 only

Full Access
Question # 193

The head of the research and development department at a manufacturing organization believes that his team lacks expertise in some areas and decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

Favorable labor efficiency variance

Adverse labor rate variance

Adverse labor efficiency variance

Favorable labor rate variance

A.

1 and 2.

B.

1 and 4.

C.

3 and 4.

D.

2 and 3.

Full Access
Question # 194

Which of the following controls helps protect externally stored sensitive or confidential data from cyberthreats?

A.

Secure configurations and access controls.

B.

Strong vendor contracts with control reports provided by service organizations.

C.

Active and frequent monitoring of network traffic activities.

D.

Firewalls to block unauthorized processing of transactions.

Full Access
Question # 195

An internal auditor found the following information while reviewing the monthly financial siatements for a wholesaler of safety

The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?

A.

Average cost method

B.

First-in, first-out (FIFO) method

C.

Specific identification method

D.

Activity-based costing method

Full Access
Question # 196

Which of the following is true regarding bonds?

A.

Bondholders do not have voting rights but obtain corporate control via interest pay-outs.

B.

Debenture bonds are rarely used by organizations with good credit ratings.

C.

Using bonds involves paying interest on a periodic basis and repaying the principal at the due date.

D.

Debenture bonds have specific assets pledged by the organization as collateral for the bonds.

Full Access
Question # 197

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization’s network incurred by this environment?

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage

D.

Use management software to scan and then prompt patch reminders when devices connect to the network

Full Access
Question # 198

An investor has acquired an organization that has a dominant position in a mature. slew-growth Industry and consistently creates positive financial income.

Which of the following terms would the investor most likely label this investment in her portfolio?

A.

A star

B.

A cash cow

C.

A question mark

D.

A dog

Full Access
Question # 199

Which of the following cost of capital methods identifies the time period required to recover She cost of the capital investment from the annual inflow produced?

A.

Cash payback technique

B.

Annual rate of return technique.

C.

Internal rate of return method.

D.

Net present value method.

Full Access
Question # 200

Which of the following would be the best method to collect information about employees ' job satisfaction?

A.

Online surveys sent randomly to employees.

B.

Direct onsite observations of employees.

C.

Town hall meetings with employees.

D.

Face-to-face interviews with employees.

Full Access
Question # 201

Which of the following is a primary driver behind the creation and prloritteation of new strategic Initiatives established by an organization?

A.

Risk tolerance

B.

Performance

C.

Threats and opportunities

D.

Governance

Full Access
Question # 202

A major IT project is scheduled to be implemented over a three-month period during the year. The chief audit executive (CAE) scheduled significant audit resources to provide consultation. Due to technical challenges from a supplier, the project is postponed until the following year. What should the CAE do in this case?

A.

Communicate to the IT project manager that the audit resources are still available to his department for other projects

B.

Reassign the available audit resources to other areas of risk and advise the respective managers in those areas

C.

Amend the plan accordingly and advise the board and senior management for their review and approval

D.

Keep the available resources unassigned so that they are able to take on any ad hoc assignment that may arise

Full Access
Question # 203

Which of the following management approaches may help eliminate employee dissatisfaction, but would not necessarily motivate workers to high achievement levels?

A.

Providing growth opportunities for employees.

B.

Offering employee recognition incentives in the organization.

C.

Offering competitive employee compensation packages.

D.

Assigning more responsibility to successful employees.

Full Access
Question # 204

Which of the following best describes the benefit of an organization adopting a business continuity and disaster recovery plan for responding to natural disasters?

A.

It prevents economic impact to the organization.

B.

It enables the organization to predict when a natural disaster will occur.

C.

It reduces the likelihood that events will disrupt operating activities.

D.

It eliminates the threat to the organization.

Full Access
Question # 205

An internal auditor discovered that several unauthorized modifications were made to the production version of an organization ' s accounting application. Which of the following best describes this deficiency?

A.

Production controls weakness.

B.

Application controls weakness.

C.

Authorization controls weakness.

D.

Change controls weakness.

Full Access
Question # 206

Which of the following strategies is most appropriate for an industry that is in decline?

A.

Invest in marketing.

B.

Invest in research and development.

C.

Control costs.

D.

Shift toward mass production.

Full Access
Question # 207

Which of the following data privacy concerns can be attributed specifically to blockchain technologies?

A.

Cybercriminals mainly resort to blockchain technologies to phish for private data

B.

Since blockchain transactions can be easily tampered with, the risk of private data leakage is high

C.

Data privacy regulations overregulate the usage of private data in blockchain transactions

D.

Immutability of blockchain technologies makes private data erasure a challenge

Full Access
Question # 208

Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?

A.

Control environment.

B.

Control activities.

C.

Information and communication.

D.

Monitoring.

Full Access
Question # 209

Which of the following is a sound network configuration practice to enhance information security?

A.

Change management practices to ensure operating system patch documentation is retained.

B.

User role requirements are documented in accordance with appropriate application-level control needs.

C.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

D.

Interfaces reinforce segregation of duties between operations administration and database development.

Full Access
Question # 210

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?

A.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters

B.

Orders, commands, and advice are sent to the subsidiaries from headquarters

C.

People of local nationality are developed for the best positions within their own country

D.

There is a significant amount of collaboration between headquarters and subsidiaries

Full Access
Question # 211

An internal auditor identified a database administrator with an incompatible dual role. Which of the following duties should not be performed by the identified administrator?

A.

Designing and maintaining the database.

B.

Preparing input data and maintaining the database.

C.

Maintaining the database and providing its security,

D.

Designing the database and providing its security

Full Access
Question # 212

Which of the following is a true statement regarding the primary functionality of firewalls?

A.

All firewalls intercept and decode data all the way up the stack to the application layer.

B.

All firewalls receive, process, and transmit data within the network via physical media.

C.

All firewalls monitor and control incoming and outgoing traffic in accordance with predefined rules.

D.

All firewalls secure encryption of data transfer between various users in the organization.

Full Access
Question # 213

Which of the following performance measures disincentives engaging in earnings management?

A.

Linking performance to profitability measures such as return on investment.

B.

Linking performance to the stock price.

C.

Linking performance to quotas such as units produced.

D.

Linking performance to nonfinancial measures such as customer satisfaction and employees training

Full Access
Question # 214

Which of the following key performance indicators would serve as the best measurement of internal audit innovation?

A.

The number of scheduled and completed audits and percentage of substantial recommendations

B.

The board’s satisfaction index and internal audit staff commitment ratings

C.

Internal audit staff’s application of technology in audit fieldwork and participation in professional organizations and publications

D.

Internal audit staff’s compliance with the audit manual and technical knowledge in auditing, information security, and cloud computing issues

Full Access
Question # 215

Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

A.

Cost method.

B.

Equity method .

C.

Consolidation method.

D.

Fair value method.

Full Access
Question # 216

Which of the following statements is true regarding data backup?

A.

System backups should always be performed real time.

B.

Backups should be stored in a secured location onsite for easy access.

C.

The tape rotation schedule affects how long data is retained

D.

Backup media should be restored only m case of a hardware or software failure

Full Access
Question # 217

Which of the following is likely to have an expiration date and may contain stored clear text passwords?

A.

Cookie.

B.

Universal resource locator (URL).

C.

Hypertext transport protocol (HTTP).

D.

Browser.

Full Access
Question # 218

During an audit of the payroll system, the internal auditor identifies and documents the following condition:

" Once a user is logged into the system, the user has access to all functionality within the system. "

What is the most likely root cause for tins issue?

A.

The authentication process relies on a simple password only, which is a weak method of authorization.

B.

The system authorization of the user does not correctly reflect the access rights intended.

C.

There was no periodic review to validate access rights.

D.

The application owner apparently did not approve the access request during the provisioning process.

Full Access
Question # 219

An organization sells 1,000 shares of its treasury stock at $15 per share previously acquired at $10 per share.

Which of the following statements is true?

A.

The organization should record a $5,000 gain on sale of treasury stock.

B.

The organization should record $15,000 as a debit to treasury stock.

C.

The organization should record $5,000 as a credit to paid-in capital.

D.

The organization should record a $10,000 debit to paid-capital account.

Full Access
Question # 220

Which of the following is true of bond financing, compared to common stock, when alJ other variables are equal?

A.

Lower shareholder control

B.

lower indebtedness

C.

Higher company earnings per share.

D.

Higher overall company earnings

Full Access
Question # 221

Which of the following capital budgeting techniques considers the tune value of money?

A.

Annual rate of return.

B.

Incremental analysis.

C.

Discounted cash flow.

D.

Cash payback

Full Access
Question # 222

A newly established organization wants to use the email service offered by a cloud email provider for its own official email. The organization will use its own domain name for a monthly fee, paid to the cloud provider.

What type of cloud service will fit this organization’s requirements?

A.

Hardware as a Service (HaaS).

B.

Infrastructure as a Service (IaaS).

C.

Platform as a Service (PaaS).

D.

Software as a Service (SaaS).

Full Access
Question # 223

Which of the following attributes of data is most likely to be compromised in an organization with a weak data governance culture?

A.

Variety.

B.

Velocity.

C.

Volume.

D.

Veracity.

Full Access
Question # 224

An employee was promoted within the organization and relocated to a new office in a different building. A few months later, security personnel discovered that the employee ' s smart card was being used to access the building where she previously worked. Which of the following security controls could prevent such an incident from occurring?

A.

Regular review of logs.

B.

Two-level authentication.

C.

Photos on smart cards.

D.

Restriction of access hours.

Full Access
Question # 225

The chief audit executive (CAE) identified an unacceptable risk and believes that the risk is not being mitigated to an acceptable level. Which of the following is the CAE ' s next step in this situation?

A.

Escalate the concern to senior management

B.

Send a letter to responsible management and provide a deadline to accept the risk

C.

Escalate the concern to the board

D.

Discuss the issue with the members of responsible management

Full Access
Question # 226

Which of the following risks is best addressed by encryption?

A.

Information integrity risk.

B.

Privacy risk.

C.

Access risk.

D.

Software risk.

Full Access
Question # 227

Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

A.

There is a greater need for organizations to rely on users to comply with policies and procedures.

B.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

C.

Incident response times are less critical in the BYOD environment compared to a traditional environment.

D.

There is greater sharing of operational risk in a BYOD environment.

Full Access
Question # 228

Which of the following statements regarding flat and hierarchical internal audit functions is true?

A.

A flat structure creates an internal audit function that is highly knowledgeable and collaborative

B.

A hierarchical structure requires little supervision, and the work performed is consistent and reliable

C.

A flat structure allows for growth within the function and leads to the cultivation of diverse skills and fresh perspectives

D.

A hierarchical structure tends to result in a higher cost base due to higher salaries to retain auditors with high knowledge and experience

Full Access
Question # 229

A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made. The most likely structure for this organization would be:

A.

Functional departmentalization.

B.

Product departmentalization.

C.

Matrix organization.

D.

Divisional organization.

Full Access
Question # 230

Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?

A.

Phishing.

B.

Ransomware.

C.

Hacking.

D.

Makvare

Full Access
Question # 231

An organization upgraded to a new accounting software. Which of the following activities should be performed by the IT software vendor immediately following the upgrade?

A.

Market analysis lo identify trends

B.

Services to manage and maintain the IT Infrastructure.

C.

Backup and restoration.

D.

Software testing and validation

Full Access
Question # 232

Which of the following is a limitation of the remote wipe for a smart device?

A.

Encrypted data cannot be locked to prevent further access

B.

Default settings cannot be restored on the device.

C.

All data, cannot be completely removed from the device

D.

Mobile device management software is required for successful remote wipe

Full Access
Question # 233

Which of the following IT-related activities is most commonly performed by the second line of defense?

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide independent assessment of IT security.

Full Access
Question # 234

An organization decided to install a motion detection system in its warehouse to protect against after-hours theft. According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?

A.

Avoidance.

B.

Reduction.

C.

Elimination.

D.

Sharing.

Full Access
Question # 235

An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?

A.

The auditor is normalizing data in preparation for analyzing it.

B.

The auditor is analyzing the data in preparation for communicating the results,

C.

The auditor is cleaning the data in preparation for determining which processes may be involves .

D.

The auditor is reviewing trio data prior to defining the question

Full Access
Question # 236

Which of the following describes the primary advantage of using data analytics in internal auditing?

A.

It helps support the internal audit conclusions with factual evidence.

B.

It reduces the time and effort needed to prepare the audit report.

C.

It helps prevent internal auditors from unknowingly disregarding key process risks.

D.

It enables internal auditors to meet their responsibility for monitoring controls.

Full Access
Question # 237

According to Maslow ' s hierarchy of needs theory, which of the following would likely have the most impact on retaining staff, if their lower-level needs are already met?

A.

Social benefits.

B.

Compensation.

C.

Job safety.

D.

Recognition

Full Access