Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

IIA-CIA-Part3-3P Questions and Answers

Question # 6

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?

A.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.

B.

Orders, commands and advice are sent to the subsidiaries from headquarters.

C.

People of local nationality are developed for the best positions within their own country

D.

There is a significant amount of collaboration between headquarters and subsidiaries.

Full Access
Question # 7

Which of me following responsibilities would ordinary fall under the help desk function of an organization?

A.

Maintenance service items such as production support

B.

Management of infrastructure services including network management

C.

Physical hosting of mainframes and distributed servers

D.

End-to-end security architecture design

Full Access
Question # 8

The mobility of personal smart devices significantly increases which of the following risks?

A.

Data integrity risks

B.

Compliance risks.

C.

Physical security risks

D.

Privacy risks

Full Access
Question # 9

Which of the following is an example of a physical control designed to prevent security breaches?

A.

Preventing database administrators from initiating program changes.

B.

Blocking technicians from getting into the network room.

C.

Restricting system programmers' access to database facilities.

D.

Using encryption for data transmitted over the public internet.

Full Access
Question # 10

Which of the following types of analytics would be used by an organization to examine metrics by business units and identity the most profitable business units?

A.

Detailed analytics

B.

Predictive analytics

C.

Diagnostic analytics

D.

Prescriptive analytics

Full Access
Question # 11

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet. When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book.

Which of the following controls would be most effective to prevent such an attack?

A.

Monitoring network traffic.

B.

Using whitelists and blacklists to manage network traffic.

C.

Restricting access and blocking unauthorized access to the network.

D.

Educating employees throughout the company to recognize phishing attacks.

Full Access
Question # 12

Which of the following data security policies is most likely to be the result of a data privacy law?

A.

Access to personally identifiable information is limited to those who need it to perform their job.

B.

Confidential data must be backed up and recoverable within a 24-hour period.

C.

Updates to systems containing sensitive data must be approved before being moved to production.

D.

A record of employees with access to insider information must be maintained and those employees may not trade company stock during blackout periods

Full Access
Question # 13

Which of the following is a likely result of outsourcing?

A.

Increased dependence on suppliers.

B.

Increased importance of market strategy.

C.

Decreased sensitivity to government regulation.

D.

Decreased focus on costs.

Full Access
Question # 14

Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?

A.

Key performance indicators

B.

Reports of software customization

C.

Change and patch management

D.

Master data management

Full Access
Question # 15

Which of me following represents an inventory costing technique that can be manipulated by management to boost net income by selling units purchased at a low cost?

A.

First-in first-out method (FIFO)

B.

Last-in first-out method (LIFO)

C.

Specific identification method

D.

Average-cost method

Full Access
Question # 16

A chief audit executive wants to implement an enterprisewide resource planning software.

Which of the following internal audit assessments could provide overall assurance on the likelihood of the software implementation's success?

A.

Readiness assessment.

B.

Project risk assessment.

C.

Post-implementation review.

D.

Key phase review.

Full Access
Question # 17

Which of the following statements about mentoring is true?

1) Mentoring can be used effectively for increasing employee retention

2) Mentoring can be used effectively in reducing employees frustration.

3) Mentoring can be used effectively for increasing organization communication.

4) Mentoring can be used effectively as a short term activity consisting of instruction and training

A.

1 2. and 3 only.

B.

1. 2 and 4 only

C.

1, 3. and 4 only.

D.

1,2. 3, and 4

Full Access
Question # 18

Which of the following assists in ensuring mat information exchanged over IT systems is encrypted?

A.

Operating system

B.

Utility software

C.

Firewall

D.

Application software

Full Access
Question # 19

According to MA guidance on IT. which of the following controls the routing of data packets to link computers?

A.

Operating system.

B.

Control environment.

C.

Network.

D.

Application program code.

Full Access
Question # 20

Which of the following IT disaster recovery plans includes a remote site designated for recovery with available space for basic services, such as internet and telecommunications, but does not have servers or infrastructure equipment?

A.

Frozen site.

B.

Cold site.

C.

Warm site.

D.

Hot site.

Full Access
Question # 21

An organization's network administrator received an email that appeared to come from the organization's external IT service provider requesting his credentials to perform an update of a server operating system If the IT service provider did not send the email, which of the following best describes the likely purpose of the email?

A.

An attempt at phishing.

B.

An attempt at penetration testing

C.

An attempt to patch the server

D.

An attempt to launch malware

Full Access
Question # 22

Which of the following is a primary objective of the theory of constraints?

A.

Full or near capacity in processes.

B.

Smooth workflow among processes.

C.

Few or no defects.

D.

Lowered inventory levels.

Full Access
Question # 23

During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Negotiation phase

Full Access
Question # 24

A multinational organization involved in online business has planned to set up a help desk service. Which of the following best describes the role performed by the help desk?

A.

Monitoring access to the online database.

B.

Backing up and maintaining archived data.

C.

Responding to customer inquiries.

D.

Maintaining and assuring network security.

Full Access
Question # 25

According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?

A.

individual workstation computer controls are not as important as companywide server controls.

B.

Particular attention should be paid to housing workstations away from environmental hazards.

C.

Cybersecurity issues can be controlled at an enterprise level making workstation level controls

redundant

D.

With security risks near an all-time high workstations should not be connected to the company network

Full Access
Question # 26

Which of the following types of budgets will best provide the basis for evaluating the organization's performance?

A.

Cash budget.

B.

Budgeted balance sheet.

C.

Selling and administrative expense budget.

D.

Budgeted income statement.

Full Access
Question # 27

Senior management is trying to decide whether to use the direct write-off or allowance method for recording bad debt on accounts receivables.

Which of the following would be the best argument for using the direct write-off method?

A.

It is useful when losses are considered insignificant.

B.

It provides a better alignment with revenue.

C.

It is the preferred method according to The IIA.

D.

It states receivables at net realizable value on the balance sheet.

Full Access
Question # 28

What is the most significant potential problem introduced by just-in-time inventory systems?

A.

They require significant computer resources.

B.

They are susceptible to supply-chain disruptions.

C.

They require complicated materials-supply contracts.

D.

They prevent manufacturers from scaling up or down to meet changing demands.

Full Access
Question # 29

An organization is developing a new online collaboration tool for employees. The tool includes a homepage that is customized to each employee according to his department and job function Which of the following engagements should be conducted to ensure that the organization has included all departments and job functions in the system before it is implemented?

A.

An application control review

B.

A source code review

C.

A design review

D.

An access control review

Full Access
Question # 30

At a manufacturing plant, how would using Internet of Things during the production process benefit the organization?

A.

It would provide the ability to monitor in real-time.

B.

It would assist in securing sensitive data.

C.

It would help detect cyberattacks in a more timely fashion.

D.

It would assist in ensuring that data integrity is maintained.

Full Access
Question # 31

Which of the following is the best example of IT governance controls?

A.

Controls that focus on segregation of duties, financial and change management

B.

Personnel policies that define and enforce conditions for staff in sensitive IT areas

C.

Standards that support IT policies by more specifically defining required actions

D.

Controls that focus on data structures and the minimum level of documentation required

Full Access
Question # 32

A bond that matures after one year has a face value of $250,000 and a coupon of $30,000. If the market price of the bond is $265,000, which of the following would be the market interest rate?

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12.50 percent.

Full Access
Question # 33

Which of the following characteristics applies to an organization that adopts a flat structure?

A.

The structure is dispersed geographically.

B.

The hierarchy levels are more numerous.

C.

The span of control is wide.

D.

The lower-level managers are encouraged to exercise creativity when solving problems.

Full Access
Question # 34

Which of the following statements is true regarding change management?

A.

The degree of risk associated with a proposed change determines whether the change request requires authorization.

B.

Program changes generally are developed and tested in the production environment.

C.

Changes are only required by software programs.

D.

To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.

Full Access
Question # 35

A company produces water buckets with the following costs per bucket:

Direct labor = $2

Direct material = $5

Fixed manufacturing = $3.50

Variable manufacturing = $2.50

The water buckets are usually sold for $15. However, the company received a special order for 50,000 water buckets at $11 each.

Assuming there is adequate manufacturing capacity and all other variables are constant, what is the relevant cost per unit to consider when deciding whether to accept this special order at the reduced price?

A.

$9.50

B.

$10.50

C.

$11

D.

$13

Full Access
Question # 36

Which of the following is an example of internal auditors applying data mining techniques for exploratory purposes?

A.

Internal auditors perform reconciliation procedures to support an external audit of financial reporting.

B.

Internal auditors perform a systems-focused analysis to review relevant controls.

C.

Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan.

D.

Internal auditors test IT general controls with regard to operating effectiveness versus design.

Full Access
Question # 37

An internal auditor is reviewing the organization's performance appraisal process. Which of the following methods would be most effective to identify stereotyping?

A.

Use a behaviorally anchored rating scale to Break down jobs into their components.

B.

Analyze and compare the ratings for different classes or groupings of employees.

C.

Compare the ratings of selective employees with their previous appraisals.

D.

Analyze the number and percentages of employee appraisals that fall into each rating category

Full Access
Question # 38

According to the COSO enterprise risk management (ERM) framework, which of the following is not a typical responsibility of the chief risk officer?

A.

Establishing risk category definitions and a common risk language for likelihood and impact measures.

B.

Defining ERM roles and responsibilities.

C.

Providing the board with an independent, objective risk perspective on financial reporting.

D.

Guiding integration of ERM with other management activities.

Full Access
Question # 39

Which of the following are typical responsibilities for operational management within a risk management program?

1) Implementing corrective actions to address process deficiencies.

2) Identifying shifts in the organization's risk management environment.

3)( Providing guidance and training on risk management processes.

4) Assessing the impact of mitigation strategies and activities.

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Full Access
Question # 40

Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?

A.

Forming stage.

B.

Norming stage.

C.

Performing stage.

D.

Storming stage.

Full Access
Question # 41

Which of the following are likely indicators of ineffective change management?

1) IT management is unable to predict how a change will impact interdependent systems or business processes.

2) There have been significant increases in trouble calls or in support hours logged by programmers.

3) There is a lack of turnover in the systems support and business analyst development groups.

4) Emergency changes that bypass the normal control process frequently are deemed necessary.

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4 only

D.

1, 2, 3, and 4

Full Access
Question # 42

Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:

Activity Level -

Maintenance Cost

Month

Patient Days

January

5,600

$7,900

February

7,100

$8,500

March

5,000

$7,400

April

6,500

$8,200

May

7,300

$9,100

June

8,000

$9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

A.

Fixed cost.

B.

Variable cost.

C.

Total maintenance cost.

D.

Patient days.

Full Access
Question # 43

If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the auditor should do which of the following?

A.

Conform with all other parts of The IIA's Standards and provide appropriate disclosures.

B.

Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.

C.

Continue the engagement without conforming with the other parts of The IIA's Standards.

D.

Withdraw from the engagement.

Full Access
Question # 44

Which of the following statements is true regarding the use of public key encryption to secure data while it is being transmitted across a network?

A.

Both the key used to encrypt the data and the key used to decrypt the data are made public.

B.

The key used to encrypt the data is kept private but the key used to decrypt the data is made public.

C.

The key used to encrypt the data is made public but the key used to decrypt the data is kept private.

D.

Both the key used to encrypt the data and the key used to decrypt the data are made private.

Full Access
Question # 45

Which of the following is the most appropriate test to assess the privacy risks associated with an organization's workstations?

A.

Penetration test.

B.

Social engineering test.

C.

Vulnerability test.

D.

Physical control test.

Full Access
Question # 46

An organization is projecting sales of 100,000 units, at a unit price of $12. Unit variable costs are $7. If fixed costs are $350,000, what is the projected total contribution margin?

A.

$350,000

B.

$500,000

C.

$850,000

D.

$1,200,000

Full Access
Question # 47

Which of the following is a product-oriented definition of a business rather than a market-oriented definition of a business?

A.

We are a people-and-goods mover.

B.

We supply energy.

C.

We make movies.

D.

We provide climate control in the home.

Full Access
Question # 48

A global business organization is selecting managers to post to various international (expatriate) assignments.

In the screening process, which of the following traits would be required to make a manager a successful expatriate?

1) Superior technical competence.

2) Willingness to attempt to communicate in a foreign language.

3) Ability to empathize with other people.

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Full Access
Question # 49

An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function. Which of the following is true regarding the supporting application software used by that provider compared to an in-house developed system?

1) Updating documentation is always a priority.

2) System availability is usually more reliable.

3) Data security risks are lower.

4) Overall system costs are lower.

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 4 only

D.

3 and 4 only

Full Access
Question # 50

When applied to international economics, the theory of comparative advantage proposes that total worldwide output will be greatest when:

A.

Each nation's total imports approximately equal its total exports.

B.

Each good is produced by the nation that has the lowest opportunity cost for that good.

C.

Goods that contribute to a nation's balance-of-payments deficit are no longer imported.

D.

International trade is unrestricted and tariffs are not imposed.

Full Access
Question # 51

Which of the following statements are true regarding the use of heat maps as risk assessment tools?

1. They focus primarily on known risks, limiting the ability to identify new risks.

2. They rely heavily on objective assessments and related risk tolerances.

3. They are too complex to provide an easily understandable view of key risks.

4. They are helpful but limited in value in a rapidly changing environment.

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Full Access
Question # 52

Which of the following statements is false regarding the internal audit approach when a set of standards other than The IIA's Standards is applicable to a specific engagement?

A.

The internal auditor may cite the use of other standards during audit communications.

B.

If the other standards are government-issued, the internal auditor should apply them in conjunction with The IIA's Standards.

C.

If there are inconsistencies between the other standards and The IIA's Standards, the internal auditor must use the more restrictive standards.

D.

If there are inconsistencies between the other standards and The IIA's Standards, the internal auditor must use the less restrictive standards.

Full Access
Question # 53

Which of the following are included in ISO 31000 risk principles and guidelines?

A.

Standards, framework, and process.

B.

Standards, assessments, and process.

C.

Principles, framework, and process.

D.

Principles, practices, and process.

Full Access
Question # 54

Which of the following is the primary benefit of including end users in the system development process?

A.

Improved integrity of programs and processing.

B.

Enhanced ongoing maintenance of the system.

C.

Greater accuracy of the testing phase.

D.

Reduced need for unexpected software changes.

Full Access
Question # 55

According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization's IT contingency plan?

A.

To ensure that adequate controls exist to prevent any significant business interruptions.

B.

To identify and address potential security weaknesses within the system.

C.

To ensure that tests contribute to improvement of the program.

D.

To ensure that deficiencies identified by the audit are promptly addressed.

Full Access
Question # 56

All of the following are possible explanations for a significant unfavorable material efficiency variance except:

A.

Cutbacks in preventive maintenance.

B.

An inadequately trained and supervised labor force.

C.

A large number of rush orders.

D.

Production of more units than planned for in the master budget.

Full Access
Question # 57

An organization's balance sheet indicates that the total asset amount and the total capital stock amount remained unchanged from one year to the next, and no dividends were declared or paid. However, the organization reported a loss of $200,000. Which of the following describes the most likely year-over-year change to the organization's total liabilities and total stockholder equity?

A.

The total liabilities and total stockholder equity both increased.

B.

The total liabilities and total stockholder equity both decreased.

C.

The total liabilities decreased, and the total stockholder equity increased.

D.

The total liabilities increased, and the total stockholder equity decreased.

Full Access
Question # 58

Technological uncertainty, subsidy, and spin-offs are usually characteristics of:

A.

Fragmented industries.

B.

Declining industries.

C.

Mature industries.

D.

Emerging industries.

Full Access
Question # 59

Which of the following is an example of a nonfinancial internal failure quality cost?

A.

Decreasing gross profit margins over time.

B.

Foregone contribution margin on lost sales.

C.

Defective units shipped to customers.

D.

Excessive time to convert raw materials into finished goods.

Full Access
Question # 60

In mergers and acquisitions, which of the following is an example of a horizontal combination?

A.

Dairy manufacturing company taking over a large dairy farm.

B.

A movie producer acquires movie theaters.

C.

A petroleum processing company acquires an agro-processing firm.

D.

A baker taking over a competitor.

Full Access
Question # 61

When an organization is choosing a new external auditor, which of the following is the most appropriate role for the chief audit executive to undertake?

A.

Review and acquire the external audit service.

B.

Assess the appraisal and actuarial services.

C.

Determine the selection criteria.

D.

Identify regulatory requirements to be considered.

Full Access
Question # 62

Which of the following techniques is the most relevant when an internal auditor conducts a valuation of an organization's physical assets?

A.

Observation.

B.

Inspection.

C.

Original cost.

D.

Vouching.

Full Access
Question # 63

The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

A.

Risk acceptance.

B.

Risk sharing.

C.

Risk avoidance.

D.

Risk reduction.

Full Access
Question # 64

When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by:

A.

Identifying risks to the organization's operations.

B.

Observing and analyzing controls.

C.

Prioritizing known risks.

D.

Reviewing organizational objectives.

Full Access
Question # 65

Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

A.

A flexible budget.

B.

Variance analysis.

C.

A contribution margin income statement by segment.

D.

Residual income.

Full Access
Question # 66

An organization had three large centralized divisions: one that received customer orders for service work; one that scheduled the service work at customer locations; and one that answered customer calls about service

problems. These three divisions were restructured into seven regional groups, each of which performed all three functions. One advantage of this restructuring would be:

A.

Better internal controls.

B.

Greater economies of scale.

C.

Improved work flow.

D.

Increased specialization.

Full Access
Question # 67

At what point during the systems development process should an internal auditor verify that the new application's connectivity to the organization's other systems has been established correctly?

A.

Prior to testing the new application.

B.

During testing of the new application.

C.

During implementation of the new application.

D.

During maintenance of the new application.

Full Access
Question # 68

Under a value-added taxing system:

A.

Businesses must pay a tax only if they make a profit.

B.

The consumer ultimately bears the cost of the tax through higher prices.

C.

Consumer savings are discouraged.

D.

The amount of value added is the difference between an organization's sales and its cost of goods sold.

Full Access
Question # 69

Presented below are partial year-end financial statement data (000 omitted from dollar amounts) for companies A and B:

If company A has a quick ratio of 2:1, then it has an accounts receivable balance of:

A.

$100

B.

$200

C.

$300

D.

$500

Full Access
Question # 70

Which of the following is a role of the board of directors in the governance process?

A.

Conduct periodic assessments of the organization's governance systems.

B.

Obtain assurance concerning the effectiveness of the organization's governance systems.

C.

Implement an effective system of internal controls to support the organization's governance systems.

D.

Review and approve operational goals and objectives.

Full Access
Question # 71

Which of the following is a characteristic of just-in-time inventory management systems?

A.

Users determine the optimal level of safety stocks.

B.

They are applicable only to large organizations.

C.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

D.

They rely heavily on high quality materials.

Full Access
Question # 72

An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud. Which of the following controls would be least effective in detecting any potential fraudulent activity?

A.

Exception report identifying payment anomalies.

B.

Documented policy and procedures.

C.

Periodic account reconciliation of contractor charges.

D.

Monthly management review of all contractor activity.

Full Access
Question # 73

According to IIA guidance, which of the following corporate social responsibility (CSR) activities is appropriate for the internal audit activity to perform?

A.

Determine the optimal amount of resources for the organization to invest in CSR.

B.

Align CSR program objectives with the organization's strategic plan.

C.

Integrate CSR activities into the organization's decision-making process.

D.

Determine whether the organization has an appropriate policy governing its CSR activities.

Full Access