Pre-Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

IIA-CIA-Part3-3P Questions and Answers

Question # 6

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

A.

An extranet

B.

A local area network.

C.

An intranet

D.

The internet

Full Access
Question # 7

The management of working capital is most crucial for which of the following aspects of business?

A.

Liquidity.

B.

Profitability.

C.

Solvency.

D.

Efficiency.

Full Access
Question # 8

Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

A.

High-yield bonds.

B.

Commodity-backed bonds.

C.

Zero coupon bonds.

D.

Junk bonds.

Full Access
Question # 9

An internal auditor is reviewing the organization's performance appraisal process. Which of the following methods would be most effective to identify stereotyping?

A.

Use a behaviorally anchored rating scale to Break down jobs into their components.

B.

Analyze and compare the ratings for different classes or groupings of employees.

C.

Compare the ratings of selective employees with their previous appraisals.

D.

Analyze the number and percentages of employee appraisals that fall into each rating category

Full Access
Question # 10

Which of the following factors is considered a disadvantage of vertical integration?

A.

It may reduce the flexibility to change partners.

B.

It may not reduce the bargaining power of suppliers.

C.

It may limit the organization's ability to differentiate the product.

D.

It may lead to limited control of proprietary knowledge.

Full Access
Question # 11

Which of the following statements is true regarding the "management-by-objectives" method?

A.

Management by objectives is most helpful in organizations that nave rapid changes.

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Full Access
Question # 12

The board of directors wants to implement an incentive program for senior management that is specifically tied to the long-term health of the organization.

Which of the following methods of compensation would be best to achieve this goal?

A.

Commissions.

B.

Stock options.

C.

Gain-sharing bonuses.

D.

Allowances.

Full Access
Question # 13

An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement. Which of the following approaches is most appropriate to address this concern?

A.

The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.

B.

The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.

C.

The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.

D.

The organization should work with the service provider to review the current agreement and

expectations relating to objectives, processes, and overall performance.

Full Access
Question # 14

Which stage in the industry life cycle is characterized by many different product variations?

A.

Introduction.

B.

Growth.

C.

Maturity.

D.

Decline.

Full Access
Question # 15

Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

A.

A flexible budget.

B.

Variance analysis.

C.

A contribution margin income statement by segment.

D.

Residual income.

Full Access
Question # 16

Which of the following should an organization consider when developing strategic objectives for its business processes?

1) Contribution to the success of the organization.

2) Reliability of operational information.

3) Behaviors and actions expected of employees.

4) How inputs combine with outputs to generate activities.

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 4 only

D.

3 and 4 only

Full Access
Question # 17

An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?

A.

Develop and test the organization's disaster recovery plan.

B.

Install and test fire detection and suppression equipment.

C.

Restrict access to tangible IT resources.

D.

Ensure that at least one developer has access to both systems and operations.

Full Access
Question # 18

Which of the following describes a typical desktop workstation used by most employees in their daily work?

A.

Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.

B.

Workstation contains software that controls information flow between the organization's network and the Internet.

C.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.

D.

Workstation contains software that manages user's access and processing of stored data on the organization's network.

Full Access
Question # 19

Which of the following authentication controls combines what a user knows with the unique characteristics of the user respectively?

A.

Voice recognition and token.

B.

Password and fingerprint.

C.

Fingerprint and voice recognition

D.

Password and token

Full Access
Question # 20

The board has requested that the internal audit activity be involved in all phases of the organization's outsourcing of its network management. During which of the following stages is the internal auditor most likely to verify that the organization's right-to-audit clause is drafted effectively?

A.

Implementation and transition phase.

B.

Monitoring and reporting phase

C.

Decision-making and business-case phase.

D.

Tendering and contracting phase.

Full Access
Question # 21

Which of the following is an example of a key systems development control typically found in the in-house development of an application system?

A.

Logical access controls monitor application usage and generate audit trails.

B.

The development process is designed to prevent, detect and correct errors that may occur

C.

A record is maintained to track the process of data from input, to output, to storage

D.

Business users' requirements are documented, and their achievement is monitored

Full Access
Question # 22

Which of the following statements is most accurate with respect to various forms, elements, and characteristics of business contracts?

A.

A contract is a tool used by both suppliers and customers, the model and complexity of which generally remains constant

B.

Collaboration during contract negotiation encourages stakeholders to develop consensus but typically increases cycle times and the likelihood that the contract will fail

C.

Differing legal requirements affect the attitudes of contracting parties as well as the length content and language of contracts

D.

A contract is a tool used by both suppliers and customers though it offers commercial assurance of the relationship, purely from a customer perspective

Full Access
Question # 23

Organizations mat adopt just-in-time purchasing systems often experience which of the following?

A.

A slight increase in carrying costs.

B.

A greater need for inspection of goods as the goods arrive.

C.

A greater need for linkage with a vendor s computerized order entry system.

D.

An increase in the number of suitable suppliers

Full Access
Question # 24

Which of the following is a primary objective of the theory of constraints?

A.

Full or near capacity in processes.

B.

Smooth workflow among processes.

C.

Few or no defects.

D.

Lowered inventory levels.

Full Access
Question # 25

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?

A.

Determining the frequency with which backups will be performed.

B.

Prioritizing the order in which business systems would be restored.

C.

Assigning who in the IT department would be involved in the recovery procedures.

D.

Assessing the resources needed to meet the data recovery objectives

Full Access
Question # 26

Which of the following performance measures includes both profits and investment base?

A.

Residual income.

B.

A flexible budget.

C.

Variance analysis.

D.

A contribution margin income statement by segment.

Full Access
Question # 27

While conducting audit procedures at the organization's data center, an internal auditor noticed the following:

Backup media was located on data center shelves.

Backup media was organized by date.

Backup schedule was one week in duration.

The system administrator was able to present restore logs.

Which of the following is reasonable for the internal auditor to conclude?

A.

Backup media is not properly stored, as the storage facility should be off-site.

B.

Backup procedures are adequate and appropriate according to best practices.

C.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

D.

Backup schedule is not sufficient, as full backup should be conducted daily.

Full Access
Question # 28

Which of the following is the first step an internal audit activity should undertake when executing a data analytics process?

A.

Conduct a risk assessment regarding the effectiveness of the data analytics process.

B.

Analyze possible and available sources of raw data

C.

Define the purpose and the anticipated value

D.

Select data for cleaning and normalization procedures.

Full Access
Question # 29

Which of the following types of data analytics would be used by a hospital to determine which patients are likely to require readmittance for additional treatment?

A.

Predictive analytics

B.

Prescriptive analytics

C.

Descriptive analytics

D.

Diagnostic analytics

Full Access
Question # 30

An organization is considering outsourcing its IT services, and the internal auditor is assessing the related risks. The auditor grouped the related risks into three categories:

Risks specific to the organization itself.

Risks specific to the service provider.

Risks shared by both the organization and the service provider.

Which of the following risks should the auditor classify as specific to the service provider?

A.

Unexpected increases in outsourcing costs.

B.

Loss of data privacy.

C.

Inadequate staffing.

D.

Violation of contractual terms.

Full Access
Question # 31

Which of the following application controls checks the integrity of data entered into a business application?

A.

Input controls.

B.

Output controls

C.

Processing controls

D.

Integrity controls

Full Access
Question # 32

In an organization's established accounts payable department employees perform highly structured activities follow clearly defined procedures and have strict deadlines for performing their tasks The head of the department recently retired, and a new department head was hired To achieve the greatest benefit for this department and avoid redundancy the new leader should adopt which of the following leadership styles?

A.

Achievement-oriented style

B.

People-oriented style

C.

Goal-oriented style

D.

Task-oriented style

Full Access
Question # 33

Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?

A.

Risk tolerance

B.

Performance.

C.

Threats and opportunities.

D.

Governance

Full Access
Question # 34

In an effort to increase business efficiencies and improve customer service offered to its major trading partners, management of a manufacturing and distribution company established a secure network, which provides a secure channel for electronic data interchange between the company and its partners.

Which of the following network types is illustrated by this scenario?

A.

A value-added network.

B.

A local area network.

C.

A metropolitan area network.

D.

A wide area network.

Full Access
Question # 35

According to HA guidance or IT which of the following spreadsheets is most likely to be considered a high-risk user-develop application?

A.

A revenue calculation spreadsheet supported with price and volume reports from the production department

B.

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions

C.

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantitates

D.

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances.

Full Access
Question # 36

An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two.

Which of the following could be the reason for the decline in the net profit margin for year two?

A.

Cost of sales increased relative to sales.

B.

Total sales increased relative to expenses.

C.

The organization had a higher dividend payout rate in year two.

D.

The government increased the corporate tax rate.

Full Access
Question # 37

According to IIA guidance, which of the following best describes the activities that occur during the conversion phase of an IT project?

A.

Conversion of user requirements into system specifications

B.

Conversion of user requirements into program codes

C.

Conversion of test data into production data

D.

Conversion of data from the old system into the new system

Full Access
Question # 38

Organizations use matrix management to accomplish which of the following?

A.

To improve the chain of command.

B.

To strengthen corporate headquarters.

C.

To focus better on a single market.

D.

To increase lateral communication.

Full Access
Question # 39

An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows:

Product X

Product Y

Selling price per unit

$10

$13

Materials per unit (at $1/kg)

2 kg

6 kg

Monthly demand

100 units

120 units

In order to maximize profit, how much of product Y should the organization produce each month?

A.

50 units.

B.

60 units.

C.

100 units.

D.

120 units.

Full Access
Question # 40

All of the following are possible explanations for a significant unfavorable material efficiency variance except:

A.

Cutbacks in preventive maintenance.

B.

An inadequately trained and supervised labor force.

C.

A large number of rush orders.

D.

Production of more units than planned for in the master budget.

Full Access
Question # 41

Which of the following is not a method for implementing a new application system?

A.

Direct cutover.

B.

Parallel.

C.

Pilot.

D.

Test.

Full Access
Question # 42

Unsecured loans are loans:

A.

That do not have to be repaid for over one year.

B.

That appear to be too risky for most lenders to consider.

C.

Granted on the basis of a company's credit standing.

D.

Backed by mortgaged assets.

Full Access
Question # 43

According to the International Professional Practices Framework, internal auditors who are assessing the adequacy of organizational risk management processes should not:

A.

Recognize that organizations use different techniques for managing risk.

B.

Seek assurance that the key objectives of the risk management processes are being met.

C.

Determine and accept the level of risk for the organization.

D.

Treat the evaluation of risk management processes differently from the risk analysis used to plan audit engagements.

Full Access
Question # 44

Multinational organizations generally spend more time and effort to identify and evaluate:

A.

Internal strengths and weaknesses.

B.

Break-even points.

C.

External trends and events.

D.

Internal risk factors.

Full Access
Question # 45

Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:

Activity Level -

Maintenance Cost

Month

Patient Days

January

5,600

$7,900

February

7,100

$8,500

March

5,000

$7,400

April

6,500

$8,200

May

7,300

$9,100

June

8,000

$9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

A.

Fixed cost.

B.

Variable cost.

C.

Total maintenance cost.

D.

Patient days.

Full Access
Question # 46

The internal audit activity completed an initial risk analysis of the organization's data storage center and found several areas of concern. Which of the following is the most appropriate next step?

A.

Risk response.

B.

Risk identification.

C.

Identification of context.

D.

Risk assessment.

Full Access
Question # 47

In which type of business environment are price cutting strategies and franchising strategies most appropriate?

A.

Embryonic, focused.

B.

Fragmented, decline.

C.

Mature, fragmented.

D.

Competitive, embryonic.

Full Access
Question # 48

Which of the following methods, if used in conjunction with electronic data interchange (EDI), will improve the organization's cash management program, reduce transaction data input time and errors, and allow the organization to negotiate discounts with EDI vendors based on prompt payment?

A.

Electronic funds transfer.

B.

Knowledge-based systems.

C.

Biometrics.

D.

Standardized graphical user interface.

Full Access
Question # 49

An organization accumulated the following data for the prior fiscal year:

Value of Percentage of

Quarter

Output Produced

Cost X

1

$4,750,000

2.9

2

$4,700,000

3.0

3

$4,350,000

3.2

4

$4,000,000

3.5

Based on this data, which of the following describes the value of Cost X in relation to the value of Output Produced?

A.

Cost X is a variable cost.

B.

Cost X is a fixed cost.

C.

Cost X is a semi-fixed cost.

D.

Cost X and the value of Output Produced are unrelated.

Full Access
Question # 50

Which of the following statements is true regarding the resolution of interpersonal conflict?

A.

Unrealized expectations can be avoided with open and honest discussion.

B.

Reorganization would probably not help ambiguous or overlapping jurisdictions.

C.

Deferring action should be used until there is sufficient time to fully deal with the issue.

D.

Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict.

Full Access
Question # 51

Where complex problems need to be addressed, which of the following communication networks would be most appropriate?

A.

Chain.

B.

All-channel.

C.

Circle.

D.

Wheel.

Full Access
Question # 52

The process of scenario planning begins with which of the following steps?

A.

Determining the trends that will influence key factors in the organization's environment.

B.

Selecting the issue or decision that will impact how the organization conducts future business.

C.

Selecting leading indicators to alert the organization of future developments.

D.

Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.

Full Access
Question # 53

A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made. The most likely structure for this organization would be:

A.

Functional departmentalization.

B.

Product departmentalization.

C.

Matrix organization.

D.

Divisional organization.

Full Access
Question # 54

Which of the following are included in ISO 31000 risk principles and guidelines?

A.

Standards, framework, and process.

B.

Standards, assessments, and process.

C.

Principles, framework, and process.

D.

Principles, practices, and process.

Full Access
Question # 55

Which of the following is a characteristic of an emerging industry?

A.

Established strategy of players.

B.

Low number of new firms.

C.

High unit costs.

D.

Technical expertise.

Full Access
Question # 56

Within an enterprise, IT governance relates to the:

1) Alignment between the enterprise's IT long term plan and the organization's objectives.

2) Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives.

3) Operational plans established to support the IT strategies and objectives.

4) Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

Full Access
Question # 57

Which of the following statements regarding database management systems is not correct?

A.

Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files.

B.

The database management system acts as a layer between the application software and the operating system.

C.

Applications pass on the instructions for data manipulation which are then executed by the database

management system.

D.

The data within the database management system can only be manipulated directly by the database management system administrator.

Full Access
Question # 58

Which of the following statements regarding program change management is not correct?

A.

The goal of the change management process is to sustain and improve organizational operations.

B.

The degree of risk associated with a proposed change determines if the change request requires authorization.

C.

In order to protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.

D.

All changes should be tested in a non-production environment before migrating to the production environment.

Full Access
Question # 59

Which of the following statements about matrix organizations is false?

A.

In a matrix organization, conflict between functional and product managers may arise.

B.

In a matrix organization, staff under dual command is more likely to suffer stress at work.

C.

Matrix organizations offer the advantage of greater flexibility.

D.

Matrix organizations minimize costs and simplify communication.

Full Access
Question # 60

Which of the following is false with regard to Internet connection firewalls?

A.

Firewalls can protect against computer viruses.

B.

Firewalls monitor attacks from the Internet.

C.

Firewalls provide network administrators tools to retaliate against hackers.

D.

Firewalls may be software-based or hardware-based.

Full Access
Question # 61

The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

A.

Risk acceptance.

B.

Risk sharing.

C.

Risk avoidance.

D.

Risk reduction.

Full Access
Question # 62

Which of the following phases of a business cycle are marked by an underuse of resources?

1) The trough.

2) The peak.

3) The recovery.

4) The recession.

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Full Access
Question # 63

When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?

1) Management’s tolerance for specific risks.

2) The cost versus benefit of implementing a control.

3) Whether a control can mitigate multiple risks.

4) The ability to test the effectiveness of the control.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 64

An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be:

A.

Lack of awareness of the state of processing.

B.

Increased cost and complexity of network traffic.

C.

Interference of the mirrored data with the original source data.

D.

Confusion about where customer data are stored.

Full Access
Question # 65

According to Porter's model of competitive strategy, which of the following is a generic strategy?

1 Differentiation.

2) Competitive advantage.

3) Focused differentiation.

4) Cost focus.

A.

2 only

B.

3 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Full Access
Question # 66

Which of the following statements is true regarding the roles and responsibilities associated with a corporate social responsibility (CSR) program?

A.

The board has overall responsibility for the internal control processes associated with the CSR program.

B.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with the CSR program.

C.

The internal audit activity is responsible for ensuring that CSR principles are integrated into the

organization's policies and procedures.

D.

Every employee has a responsibility for ensuring the success of the organization's CSR objectives.

Full Access
Question # 67

A retail organization is considering acquiring a composite textile company. The retailer's due diligence team determined the value of the textile company to be $50 million. The financial experts forecasted net present value of future cash flows to be $60 million. Experts at the textile company determined their company's market value to be $55 million if purchased by another entity. However, the textile company could earn more than $70 million from the retail organization due to synergies. Therefore, the textile company is motivated to make the negotiation successful. Which of the following approaches is most likely to result in a successful negotiation?

A.

Develop a bargaining zone that lies between $50 million and $70 million and create sets of outcomes between $50 million and $70 million.

B.

Adopt an added-value negotiating strategy, develop a bargaining zone between $50 million and $70 million, and create sets of outcomes between $50 million and $70 million.

C.

Involve a mediator as a neutral party who can work with the textile company's management to determine a bargaining zone.

D.

Develop a bargaining zone that lies between $55 million and $60 million and create sets of outcomes between $55 million and $60 million.

Full Access
Question # 68

Which of the following concepts of managerial accounting is focused on allocating overheads to products?

A.

Theory of constraints

B.

Just-in-time method

C.

Activity-based costing

D.

Break-even analysis

Full Access
Question # 69

Which of the following statements is true regarding an organization's servers?

A.

Servers optimize data processing by sharing it with other computers on the information system

B.

Servers manage the interconnectivity of system hardware devices in the information system.

C.

Servers manage the data stored in databases residing on the information system.

D.

Servers enforce access controls between networks transmitting data on the information system

Full Access
Question # 70

Which of the following types of analytics would be used by an organization to examine metrics by business units and identity the most profitable business units?

A.

Detailed analytics

B.

Predictive analytics

C.

Diagnostic analytics

D.

Prescriptive analytics

Full Access
Question # 71

Based on lest results an IT auditor concluded that the organization would suffer unacceptable toss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

A.

Requested backup tapes were not returned from the offsite vendor in a timely manner

B.

Returned backup tapes from the offsite vendor contained empty spaces

C.

Critical systems have been Backed up more frequently than required.

D.

Critical system backup tapes are taken off site less frequently than required.

Full Access
Question # 72

An internal auditor computed that one of the organization's accounting divisions is processing 30 travel reports per hour while another accounting division is processing 22 travel reports per hour.

Which of the following efficiency measures did the internal auditor most likely employ?

A.

Operating rate.

B.

Asset efficiency rate.

C.

Resource utilization rate.

D.

Productivity rate.

Full Access
Question # 73

A restaurant deeded to expand its business to include delivery services rather than relying on third-party food delivery services. Which of the following best describes the restaurant's strategy?

A.

Diversification

B.

Vertical integration

C.

Risk avoidance

D.

Differentiation

Full Access