IIA-CIA-Part3 Questions and Answers

A witness verifies the quantities of the copies signed.

A witness verifies that the contract was signed with the free consent of the promisor and promisee.

A witness ensures the completeness of the contract between the promisor and promisee.

A witness validates that the signatures on the contract were signed by the promisor and promisee.

Six Sigma,

Quality circle.

Value chain analysis.

Theory of constraints.

Operating system

Control environment

Network.

Application program code

A retina characteristics reader

A P3M code reader

A card-key scanner

A fingerprint scanner

Direct materials, indirect materials, raw materials.

Overhead costs, direct labor, direct materials.

Direct materials, direct labor, depreciation on factory buildings.

Raw materials, factory employees' wages, production selling expenses.

System backups should always be performed real time.

Backups should be stored in a secured location onsite for easy access.

The tape rotation schedule affects how long data is retained

Backup media should be restored only m case of a hardware or software failure

Functional departmentalization.

Product departmentalization

Matrix organization.

Divisional organization

Users can only see certain screens in the system.

Users are making frequent password change requests.

Users Input Incorrect passwords and get denied system access

Users are all permitted uniform access to the system.

Divesting product lines expected to have negative profitability.

Increasing the diversity of strategic business units.

Increasing investment in research and development for a new product.

Relocating the organization's manufacturing to another country.

Validation of the achievement of their goals anti objectives

Increased knowledge through the performance of additional tasks

Support for personal growth and a meaningful work experience

An increased opportunity to manage better the work done by their subordinates

$0

$4,000

$5,000

$10,000

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

Use management software scan and then prompt parch reminders when devices connect to the network

A list of trustworthy, good traffic and a list of unauthorized, blocked traffic.

Monitoring for vulnerabilities based on industry intelligence.

Comprehensive service level agreements with vendors.

Firewall and other network perimeter protection tools.

To verify that the application meets stated user requirements.

To verify that standalone programs match code specifications.

To verify that the application would work appropriately for the intended number of users.

To verify that all software and hardware components work together as intended.

Salary and status

Responsibility and advancement

Work conditions and security

Peer relationships and personal life

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate

Version control

Privacy

Portability

Secure authentication

The leader searches for deviations from the rules and standards and intervenes when deviations exist.

The leader intervenes only when performance standards are not met.

The leader intervenes to communicate high expectations.

The leader does not intervene to promote problem-solving

Unexpected increases in outsourcing costs.

Loss of data privacy.

Inadequate staffing.

Violation of contractual terms.

Controls to ensure data is unable to be accessed without authorization.

Controls to calculate batch totals to identify an error before approval.

Controls to encrypt the data so that corruption is likely ineffective.

Controls to quickly identify malicious intrusion attempts.

Job complicating

Job rotation

Job enrichment

Job enlargement

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences

Inability to adapt.

Greater costs of control function.

Inconsistency in decision making.

Lack of resilience.

Lower costs.

Slower decision making at the senior executive level.

Limited creative freedom in lower-level managers.

Senior-level executives more focused on short-term, routine decision making

Assets minus liabilities.

Total assets.

Total liabilities.

Owners contribution plus drawings.

Hot recovery plan

Warm recovery plan

Cold recovery plan

Absence of recovery plan

Lower shareholder control

lower indebtedness

Higher company earnings per share.

Higher overall company earnings

Less than 12 percent.

12 percent.

Between 12.01 percent and 12.50 percent.

More than 12 50 percent.

Risk tolerance

Performance

Threats and opportunities

Governance

Use of a central processing unit

Use of a database management system

Use of a local area network

Use of electronic data Interchange

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

To ensure data processing is complete, accurate, and authorized.

To ensure data being processed remains consistent and intact.

To monitor the effectiveness of other controls

To ensure the output aligns with the intended result.

Require complex passwords to be established and changed quarterly

Require swipe cards to control entry into secure data centers.

Monitor access to the data center with closed circuit camera surveillance.

Maintain current role definitions to ensure appropriate segregation of duties

Tampering

Hacking

Phishing

Piracy