New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

IIA-ACCA ACCA CIA Challenge Exam Questions and Answers

Questions 4

Which audit approach should be employed to test the accuracy of information housed in a database on an un-networked computer?

Options:

A.

Submit batches of test transactions through the current system and verify with expected results.

B.

Use a test program to simulate the normal data entering process.

C.

Select a sample of records from the database and ensure it matches supporting documentation.

D.

Evaluate compliance with the organization's change management process.

Buy Now
Questions 5

In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

Options:

A.

The CAE would need to procure external services to deliver the internal audit assurance program.

B.

There is no expertise within the internal audit team for detecting and investigating fraud.

C.

There is no expertise within the internal audit team for auditing an IT engagement.

D.

There is no available expertise on the internal audit team to perform a consulting engagement.

Buy Now
Questions 6

Which of the following is the most common way that occupational fraud is detected?

Options:

A.

Internal audits.

B.

Whistleblower hotline.

C.

Key controls.

D.

External audits.

Buy Now
Questions 7

Which of the following activities most significantly increases the risk that a bank will make poor-quality loans to its customers?

Options:

A.

Borrowers may not sign all required mortgage loan documentation.

B.

Fees paid by the borrower at the time of the loan may not be deposited in a timely manner.

C.

The bank's loan documentation may not meet the government's disclosure requirements.

D.

Loan officers may override the lending criteria established by senior management.

Buy Now
Questions 8

A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?

1. The client manager and her superior.

2. Anyone who may object to the report’s validity.

3. Anyone required to take action.

4. The same individuals who receive the final report.

Options:

A.

1 only

B.

1 and 2 only

C.

1, 2, and 3

D.

1, 2, and 4

Buy Now
Questions 9

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Options:

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider's experience in the type of work being considered.

Buy Now
Questions 10

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

Options:

A.

Inform the audit supervisor.

B.

Investigate the potential conflict of interest.

C.

Inform the external auditors of the potential conflict of interest.

D.

Disregard the potential conflict, because it is outside the scope of the audit assignment.

Buy Now
Questions 11

Which of the following statements pertaining to a market skimming pricing strategy is not true?

Options:

A.

The strategy is favored when unit costs fall with the increase in units produced.

B.

The strategy is favored when buyers are relatively insensitive to price increases.

C.

The strategy is favored when there is insufficient market capacity and competitors cannot increase market capacity.

D.

The strategy is favored when high price is perceived as high quality.

Buy Now
Questions 12

According to IIA guidance, which of the following is true regarding audit supervision?

1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.

2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.

3. Supervision should include review of engagement workpapers, with documented evidence of the review.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Buy Now
Questions 13

Which of the following statements is true about The IIA Global Internal Audit Competency Framework?

Options:

A.

The core competencies outlined in the framework are not expected of a person undertaking an entry-level position as an internal auditor.

B.

The framework is designed to be used primarily by chief audit executives that are developing indicators to measure the performance of the internal audit activity for which they are responsible.

C.

The framework lists the core competencies internal auditors should possess before attempting to attain The IIA's Certified Internal Auditor certification.

D.

The framework describes competencies needed for individual internal auditors, but not those necessary at the chief audit executive level.

Buy Now
Questions 14

Which of the following is a weakness of observation as audit evidence?

Options:

A.

It cannot be used to test the completeness assertion.

B.

It cannot be used to test the existence assertion.

C.

It cannot be used to test the occurrence assertion.

D.

It cannot be relied upon because the evidence is not persuasive.

Buy Now
Questions 15

A manufacturing line supervisor joins the internal audit activity for a two-year rotational job assignment and is assigned to an accounts receivable audit. With regard to this assignment, which of the following should be the primary concern of the audit manager?

Options:

A.

Due professional care.

B.

Individual independence.

C.

Individual objectivity.

D.

Organizational independence.

Buy Now
Questions 16

During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?

Options:

A.

Soft skills in communication, negotiation, and collaboration.

B.

Technical skills in the area under review.

C.

Professional qualifications and certification in internal auditing.

D.

Confidentiality and independence.

Buy Now
Questions 17

Which of the following are generally recognized as essential elements of a corporate social responsibility program?

Options:

A.

Human rights and the environment.

B.

Organizational governance and financial reporting.

C.

Fair operating practices and government regulation.

D.

Consumer issues and return on investment.

Buy Now
Questions 18

While preparing for an audit of senior management expenses, the chief audit executive (CAE) learns that management is unable to locate a number of original expense claims to support the related disbursements. She decides to defer the engagement until they can be located. Which of the following principles likely guided the CAE's decision?

Options:

A.

Objectivity.

B.

Proficiency.

C.

Independence.

D.

Due professional care.

Buy Now
Questions 19

According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?

Options:

A.

Internal auditors shall continually improve their proficiency and effectiveness and quality of their services.

B.

Internal auditors shall respect and contribute to legitimate and ethical objectives of the organization.

C.

Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.

D.

Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.

Buy Now
Questions 20

A new director was hired to lead the internal audit activity at a small start-up company. Which of the following assignments would impair the director's independence?

Options:

A.

Preparing the financial statements for the company's defined contribution plan.

B.

Performing a pre-implementation review of the company's payroll application.

C.

Providing the COBIT framework as a possible IT management tool.

D.

Reviewing the company's policy for foreign currency translation adjustments for compliance with accounting standards.

Buy Now
Questions 21

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Options:

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster.

D.

Completing a process review to improve controls to prevent fraud.

Buy Now
Questions 22

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

Options:

A.

Improper segregation of duties.

B.

Incentives and bonus programs.

C.

An employee's reported concerns.

D.

Lack of an ethics policy.

Buy Now
Questions 23

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

Options:

A.

Having no active role or involvement in the risk management process.

B.

Auditing the risk management process for reasonableness.

C.

Coordinating and managing the risk management process.

D.

Participating with management in identifying and evaluating risks.

Buy Now
Questions 24

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 25

Which of the following best describes the details that must be included in the quality assurance and improvement program (QAIP) report to senior management and the board?

Options:

A.

The scope and frequency of internal and external assessments as well as the qualifications and independence of the assessor.

B.

The scope and cost of the QAIP. frequency of internal and external assessments, and conclusions of the assessor.

C.

The scope, findings, risks, recommendations, and agreed-upon improvement actions.

D.

The number and types of people involved in the assessment, costs, and duration of the QAIP

Buy Now
Questions 26

Which of the following best demonstrates the authority of the internal audit activity?

Options:

A.

Suggesting alternatives to decision makers.

B.

Improving the integrity of information.

C.

Determining the scope of internal audit services.

D.

Achieving engagement objectives.

Buy Now
Questions 27

Which of the following is a characteristic of an emerging industry?

Options:

A.

Established strategy of players.

B.

Low number of new firms.

C.

High unit costs.

D.

Technical expertise.

Buy Now
Questions 28

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

Options:

A.

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.

Confirm the decision with management and document this decision in the audit file.

C.

Document the issue in the audit file and follow up until the issues are resolved.

D.

Initiate an assurance engagement on the unresolved issues.

Buy Now
Questions 29

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

Options:

A.

The CAE should send the final report to operational and senior management and the audit committee.

B.

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

C.

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

D.

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

Buy Now
Questions 30

In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?

Options:

A.

Identifying the processes at the activity level.

B.

Analyzing the organization's strategic plan where the business processes are defined.

C.

Analyzing the organization's objectives and identifying the processes needed to achieve the objectives.

D.

Identifying the risks affecting the organization, the objectives, and then the processes concerned.

Buy Now
Questions 31

An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?

Options:

A.

Management sells the product division to a competitor.

B.

Management outsources the product division to a third party.

C.

Management allows the product division to remain unchanged.

D.

Management modifies the product division to minimize errors.

Buy Now
Questions 32

An internal auditor needs to recommend a policy element to be included in an organization's code of ethics. Which of the following recommendations would be most effective?

Options:

A.

Ethics should vary with local customs in the organization's foreign operations.

B.

Whistleblowing should be discouraged because it can cause distrust among employees.

C.

Ethical behavior should be incorporated into performance evaluations.

D.

Senior management should be granted specific exemptions to the code of ethics.

Buy Now
Questions 33

Which of the following is an example of a directive control?

Options:

A.

Segregation of duties.

B.

Exception reports.

C.

Incentive compensation plans.

D.

Automated reconciliations.

Buy Now
Questions 34

With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

Options:

A.

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization's risk appetite.

B.

Evaluate the organization's governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization's risk appetite.

C.

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D.

Assess whether governance activities are aligned with the organization's risk appetite and take into consideration emerging risks.

Buy Now
Questions 35

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

Options:

A.

Preventive controls.

B.

Detective controls.

C.

Soft controls.

D.

Directive controls.

Buy Now
Questions 36

Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?

Options:

A.

The internal audit activity has to ensure team members' objectivity is not impaired.

B.

Auditors cannot participate in an assurance engagement of a function for which they previously performed a consulting engagement.

C.

The scope and objective of the engagement is agreed upon based on the engagement client's needs.

D.

The internal audit activity must ensure management actions have been implemented effectively or risk accepted.

Buy Now
Questions 37

Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?

Options:

A.

Promote closer linkage between organizational strategy and information.

B.

Provide users with greater online access to information systems.

C.

Enhance the functionality of application systems.

D.

Expand the use of automated controls.

Buy Now
Questions 38

According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?

Options:

A.

Key processes across the entity which impact quality must be identified and included.

B.

The quality management system must be documented in the articles of incorporation, quality manual, procedures, work instructions, and records.

C.

Management must review the quality policy, analyze data about quality management system performance, and assess opportunities for improvement and the need for change.

D.

The entity must have processes for inspections, testing, measurement, analysis, and improvement.

Buy Now
Questions 39

An auditor identifies three errors in the sample of 25 entries selected for review (a 12 percent error rate). Based on this result, the auditor assumes that approximately 59 of the total population of 492 entries are incorrect. To reach this assumption, the auditor has used a technique known as which of the following?

Options:

A.

Variability tolerance.

B.

Ratio estimation.

C.

Stratification.

D.

Acceptance sampling.

Buy Now
Questions 40

An internal auditor in a small broadcasting organization was assigned to review the revenue collection process. The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?

Options:

A.

Bank statements.

B.

Customer confirmation letters.

C.

Copies of sales invoices.

D.

Copies of deposit slips.

Buy Now
Questions 41

Which of the following is most likely to enhance an internal auditor's objectivity?

Options:

A.

An auditor is appropriately able to communicate results.

B.

An auditor performs his work free from interference.

C.

An auditor is unrestricted in determination of scope.

D.

An auditor avoids conflicts of interest.

Buy Now
Questions 42

A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.

Which of the following controls is correctly classified?

1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.

2. Defensive driver training is an example of a directive control.

3. The installation of tracking devices in delivery vehicles is an example of a corrective control.

4. Providing a vehicle driver handbook is an example of a detective control.

Options:

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

3 and 4.

Buy Now
Questions 43

Which of the following conflict resolution methods should be applied when the intention of the parties is to solve the problem by clarifying differences and attaining everyone's objectives?

Options:

A.

Accommodating.

B.

Compromising.

C.

Collaborating.

D.

Competing.

Buy Now
Questions 44

The internal audit activity is planning a procurement audit and needs to obtain a thorough understanding of the subcontracting process, which can involve multiple individuals in multiple countries.

Which of the following internal audit tools would be most effective to document the process and the key controls?

Options:

A.

Internal control checklist.

B.

Procurement employee survey.

C.

Cross-functional flow chart.

D.

Segregation of duties matrix.

Buy Now
Questions 45

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

Options:

A.

If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.

B.

Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.

C.

The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.

D.

The internal audit activity should have appropriate knowledge and competence to conduct an asses .......framework.

Buy Now
Questions 46

Which of the following is a common type of payroll fraud?

Options:

A.

Unauthorized overtime.

B.

Fictitious employees.

C.

Unearned bonuses or commissions.

D.

Skimming.

Buy Now
Questions 47

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Buy Now
Questions 48

When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Buy Now
Questions 49

The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?

Options:

A.

Were audit findings relevant and useful to management?

B.

Does the audit report format present issues clearly and concisely?

C.

Does the IAA work with a high degree of professionalism and objectivity?

D.

Were the findings reported in a timely manner?

Buy Now
Questions 50

Which of the following statements is true pertaining to interviewing a fraud suspect?

1. Information gathered can be subjective as well as objective to be useful.

2. The primary objective is to obtain a voluntary written confession.

3. The interviewer is likely to begin the interview with open-ended questions.

4. Video recordings always should be used to provide the highest quality evidence.

Options:

A.

1 only

B.

4 only

C.

1 and 3

D.

2 and 4

Buy Now
Questions 51

Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?

Options:

A.

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Buy Now
Questions 52

A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?

Options:

A.

Assert whether the described and reported control processes and systems exist.

B.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

C.

Evaluate the completeness of the report and management's responses to identified deficiencies.

D.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

Buy Now
Questions 53

An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?

Options:

A.

Disclose the information in a separate report.

B.

Distribute the information in a confidential report to the board only

C.

Distribute the reports through the use of blind copies.

D.

Exclude the results from the report and verbally report the conditions to senior management and the board.

Buy Now
Questions 54

The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

Options:

A.

Coach management in responding to risks.

B.

Develop risk management strategies for board approval.

C.

Facilitate identification and evaluation of risks.

D.

Evaluate risk management processes.

Buy Now
Questions 55

New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

Options:

A.

The audit committee of the board.

B.

The environmental, health, and safety manager.

C.

The organization's external environmental lawyers.

D.

The organization's insurance department.

Buy Now
Questions 56

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Options:

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Buy Now
Questions 57

Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?

1. Intervening during an audit involving ethical wrongdoing.

2. Discussing periodic reports of ethical breaches.

3. Authorizing an investigation of an unsafe product.

4. Negotiating a settlement of an employee claim for personal damages.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Buy Now
Questions 58

The final internal audit report should be distributed to which of the following individuals?

Options:

A.

Audit client management only

B.

Executive management only

C.

Audit client management, executive management, and others approved by the chief audit executive.

D.

Audit client management, executive management, and any those who request a copy.

Buy Now
Questions 59

An internal control questionnaire would be most appropriate in which of the following situations?

Options:

A.

Testing controls where operating procedures vary.

B.

Testing controls in decentralized offices.

C.

Testing controls in high risk areas.

D.

Testing controls in areas with high control failure rates.

Buy Now
Questions 60

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?

Options:

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Buy Now
Questions 61

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

Options:

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Buy Now
Questions 62

During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

Options:

A.

Scheme.

B.

Opportunity.

C.

Rationalization.

D.

Pressure.

Buy Now
Questions 63

Which of the following is not a direct benefit of control self-assessment (CSA)?

Options:

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

Buy Now
Questions 64

Which of the following situations would justify the removal of a finding from the final audit report?

Options:

A.

Management disagrees with the report findings and conclusions in their responses.

B.

Management has already satisfactorily completed the recommended corrective action.

C.

Management has provided additional information that contradicts the findings.

D.

Management believes that the finding is insignificant and unfairly included in the report.

Buy Now
Questions 65

Which of the following statements are true regarding the use of heat maps as risk assessment tools?

1. They focus primarily on known risks, limiting the ability to identify new risks.

2. They rely heavily on objective assessments and related risk tolerances.

3. They are too complex to provide an easily understandable view of key risks.

4. They are helpful but limited in value in a rapidly changing environment.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Buy Now
Questions 66

Which of the following is a key component of an organization's cybersecunty governance?

Options:

A.

Administrators monitoring the use, assignment and configuration of privileges on the network.

B.

The IT department establishing^ implementing, and actively managing security configurations.

C.

Management identifying and classifying the types of critical data in the organization's system

D.

Senior management of the organization setting the cybersecurity policy

Buy Now
Questions 67

Within an enterprise, IT governance relates to the:

1. Alignment between the enterprise's IT long term plan and the organization's objectives.

2. Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives.

3. Operational plans established to support the IT strategies and objectives.

4. Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.

Options:

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

Buy Now
Questions 68

According to IIA guidance on IT. which of the following plans would pair the identification of critical business processes with recovery time objectives?

Options:

A.

The business continuity management charter.

B.

The business continuity risk assessment plan

C.

The business impact analysis plan

D.

The business case for business continuity planning

Buy Now
Questions 69

During a review of a web-based application used by customers to check the status of their bank accounts, it would be most important for the internal auditor to ensure that:

Options:

A.

Access to read application logs is restricted to authorized users.

B.

Account balance information is encrypted in the database.

C.

The web server used to host the application is located in a physically secure area.

D.

Sensitive data, such as account numbers, are submitted using encrypted communications.

Buy Now
Questions 70

Which of the following statements about slack time and milestones are true?

1. Slack time represents the amount of time a task may be delayed without delaying the entire project.

2. A milestone is a moment in time that marks the completion of the project's major deliverables.

3. Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.

4. A milestone requires resource allocation and needs time to be completed.

Options:

A.

1 and 4 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, 3, and 4

Buy Now
Questions 71

Which of the following risks is best addressed by encryption?

Options:

A.

Information integrity risk.

B.

Privacy risk

C.

Access risk

D.

Software risk

Buy Now
Questions 72

The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

Options:

A.

Risk acceptance.

B.

Risk sharing.

C.

Risk avoidance.

D.

Risk reduction.

Buy Now
Questions 73

Which of the following principles is shared by both hierarchical and open organizational structures?

1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions

2. A supervisor's span of control should not exceed seven subordinates

3. Responsibility should be accompanied by adequate authority

4. Employees at all levels should be empowered to make decisions.

Options:

A.

1 and 3 only.

B.

1 and 4 only.

C.

2 and 3 only

D.

3 and 4 only.

Buy Now
Questions 74

Which of the following statements is true regarding reversing entries in an accounting cycled

Options:

A.

Reversing all previous closing adjustments is a mandatory step in the accounting cycle

B.

Reversing entries should be completed at the end of the next accounting period after recording regular transactions of the period

C.

Reversing entries are identical to the adjusting entries made in the previous period.

D.

Reversing entries are the exact opposite of the adjustments made in the previous period.

Buy Now
Questions 75

Which of the following statements is true regarding the use of public key encryption to secure data while it is being transmitted across a network?

Options:

A.

Both the key used to encrypt the data and the key used to decrypt the data are made public.

B.

The key used to encrypt the data is kept private but the key used to decrypt the data is made public.

C.

The key used to encrypt the data is made public but the key used to decrypt the data is kept private.

D.

Both the key used to encrypt the data and the key used to decrypt the data are made private.

Buy Now
Questions 76

Which of the following is the most likely reason an organization may decide to undertake a stock split?

Options:

A.

To keep stock price constant.

B.

To keep shareholders' equity constant.

C.

To increase shareholders' equity.

D.

To enhance the stock liquidity.

Buy Now
Questions 77

Organizations use matrix management to accomplish which of the following?

Options:

A.

To improve the chain of command.

B.

To strengthen corporate headquarters.

C.

To focus better on a single market.

D.

To increase lateral communication.

Buy Now
Questions 78

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange?

Options:

A.

A time-sensitive just-in-time purchase environment.

B.

A large volume of custom purchases.

C.

A variable volume sensitive to material cost.

D.

A currently inefficient purchasing process.

Buy Now
Questions 79

Which of the following is an example of a key systems development control typically found in the in-house development of an application system?

Options:

A.

Logical access controls monitor application usage and generate audit trails.

B.

The development process is designed to prevent, detect and correct errors that may occur

C.

A record is maintained to track the process of data from input, to output, to storage

D.

Business users' requirements are documented, and their achievement is monitored

Buy Now
Questions 80

When initiating international ventures, an organization should consider cultural dimensions in order to prevent misunderstandings. Which of the following does not represent a recognized cultural dimension in a work environment?

Options:

A.

Self control.

B.

Power distance.

C.

Masculinity versus femininity.

D.

Uncertainty avoidance.

Buy Now
Questions 81

The process of scenario planning begins with which of the following steps?

Options:

A.

Determining the trends that will influence key factors in the organization's environment.

B.

Selecting the issue or decision that will impact how the organization conducts future business.

C.

Selecting leading indicators to alert the organization of future developments.

D.

Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.

Buy Now
Questions 82

Which of the following is an example of an application control?

Options:

A.

Automated password change requirements

B.

System data backup process

C.

User testing of system changes

D.

Formatted data fields

Buy Now
Questions 83

A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made. The most likely structure for this organization would be:

Options:

A.

Functional departmentalization.

B.

Product departmentalization.

C.

Matrix organization.

D.

Divisional organization.

Buy Now
Questions 84

If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the auditor should do which of the following?

Options:

A.

Conform with all other parts of The IIA's Standards and provide appropriate disclosures.

B.

Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.

C.

Continue the engagement without conforming with the other parts of The IIA's Standards.

D.

Withdraw from the engagement.

Buy Now
Questions 85

Which of the following is classified as a product cost using the variable costing method?

1. Direct labor costs

2. Insurance on a factory.

3. Manufacturing supplies.

4. Packaging and shipping costs

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 86

Which of the following is an example of a risk avoidance response?

Options:

A.

Buying an insurance policy to protect against loss events.

B.

Hedging against natural gas price fluctuations.

C.

Selling a non-strategic business unit.

D.

Outsourcing a high risk process to a third party.

Buy Now
Questions 87

An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?

Options:

A.

The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

B.

The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

C.

The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

D.

The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

Buy Now
Questions 88

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

Options:

A.

Acts that may endanger the health or safety of individuals.

B.

Acts that favor one party to the detriment of another.

C.

Acts that damage or have an adverse effect on the environment.

D.

Acts that conceal inappropriate activities in the organization.

Buy Now
Questions 89

According to COSO, which of the following is not considered one of the components of an organization's internal environment?

Options:

A.

Authority and responsibility to resolve issues.

B.

Framework to plan, execute and monitor activities.

C.

Integrated responses to multiple risks.

D.

Knowledge and skills needed to perform activities.

Buy Now
Questions 90

An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing {Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations. According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

Options:

A.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity has addressed all areas of nonconformance and the audit committee has been notified.

B.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

C.

Indicate that the internal audit activity operates in partial conformance with the Standards, as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

D.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to all parties who received the original reports.

Buy Now
Exam Code: IIA-ACCA
Exam Name: ACCA CIA Challenge Exam
Last Update: Dec 25, 2024
Questions: 604
IIA-ACCA pdf

IIA-ACCA PDF

$25.5  $84.99
IIA-ACCA Engine

IIA-ACCA Testing Engine

$30  $99.99
IIA-ACCA PDF + Engine

IIA-ACCA PDF + Testing Engine

$40.5  $134.99