New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

Questions 4

In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?

Options:

A.

The underlying causes of the risk.

B.

The impact of the risk on the organization's objectives.

C.

The risk levels of current and future events.

D.

The potential for eliminating risk factors.

Buy Now
Questions 5

In the years after the mind-service point of a depreciable asset which of the following depreciation methods will result in the highest depreciation expense?

Options:

A.

Sum of the years' digits

B.

Declining balance

C.

Double-declining balance

D.

Straight line

Buy Now
Questions 6

Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?

Options:

A.

The risk that users try to bypass controls and do not install required software updates.

B.

The risk that smart devices can be lost or stolen due to their mobile nature.

C.

The risk that an organization intrusively monitors personal information stored on smart devices.

D.

The risk that proprietary information is not deleted from the device when an employee leaves.

Buy Now
Questions 7

Which of the following risks is best addressed by encryption?

Options:

A.

Information integrity risk.

B.

Privacy risk

C.

Access risk

D.

Software risk

Buy Now
Questions 8

How do data analysis technologies affect internal audit testing?

Options:

A.

They improve the effectiveness of spot check testing techniques

B.

They allow greater insight into high risk areas.

C.

They reduce the overall scope of the audit engagement.

D.

They increase the internal auditor's objectivity

Buy Now
Questions 9

An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function. Which of the following is true regarding the supporting application software used by that provider compared to an in-house developed system?

1) Updating documentation is always a priority.

2) System availability is usually more reliable.

3) Data security risks are lower.

4) Overall system costs are lower.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 4 only

D.

3 and 4 only

Buy Now
Questions 10

Which of the following is a key responsibility of a database administrator?

Options:

A.

Troubleshoot end user problems

B.

Provide production support.

C.

Provide physical security of databases

D.

Maintain database integrity

Buy Now
Questions 11

Which of the following application-based controls is an example of a programmed edit check?

Options:

A.

Reasonableness check.

B.

Transaction log.

C.

Input error correction.

D.

Authorization for access.

Buy Now
Questions 12

Which of the following should software auditors do when reporting internal audit findings related to enterprise wide resource planning?

Options:

A.

Draft separate audit reports for business and IT management

B.

Connect IT audit findings to business issues

C.

Include technical details to support IT issues

D.

Include an opinion on financial reporting accuracy and completeness

Buy Now
Questions 13

An organization requires an average of 58 days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables. If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?

Options:

A.

26 days.

B.

90 days.

C.

100 days.

D.

110 days.

Buy Now
Questions 14

Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

Options:

A.

Cost method

B.

Equity method

C.

Consolidation method

D.

Fair value method

Buy Now
Questions 15

At a manufacturing plant, how would using Internet of Things during the production process benefit the organization?

Options:

A.

It would provide the ability to monitor in real-time.

B.

It would assist in securing sensitive data.

C.

It would help detect cyberattacks in a more timely fashion.

D.

It would assist in ensuring that data integrity is maintained.

Buy Now
Questions 16

Much of the following authentication device credentials is the most difficult to revoke when an employee's access rights need to be removed?

Options:

A.

A traditional key lock

B.

A biometric device.

C.

A card-key system

D.

A proximity device

Buy Now
Questions 17

Which of the following application controls checks the integrity of data entered into a business application?

Options:

A.

Input controls.

B.

Output controls

C.

Processing controls

D.

Integrity controls

Buy Now
Questions 18

Which of the following security controls focuses most on prevention of unauthorized access to the power plant?

Options:

A.

An offboarding procedure is initiated monthly to determine redundant physical access rights

B.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns

C.

Requests for additional access rights are sent for approval and validation by direct supervisors

D.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Buy Now
Questions 19

According to IIA guidance on IT. which of the following plans would pair the identification of critical business processes with recovery time objectives?

Options:

A.

The business continuity management charter.

B.

The business continuity risk assessment plan

C.

The business impact analysis plan

D.

The business case for business continuity planning

Buy Now
Questions 20

Which of the following statements are true regarding the use of heat maps as risk assessment tools?

1. They focus primarily on known risks, limiting the ability to identify new risks.

2. They rely heavily on objective assessments and related risk tolerances.

3. They are too complex to provide an easily understandable view of key risks.

4. They are helpful but limited in value in a rapidly changing environment.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Buy Now
Questions 21

Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)?

Options:

A.

PKI uses an independent administrator to manage the public key.

B.

The public key is authenticated against reliable third-party identification.

C.

PKI's public accessibility allows it to be used readily for e-commerce.

D.

The private key uniquely authenticates each party to a transaction.

Buy Now
Questions 22

Which of the following is a characteristic of just-in-time inventory management systems?

Options:

A.

Users determine the optimal level of safety stocks.

B.

They are applicable only to large organizations.

C.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

D.

They rely heavily on high quality materials.

Buy Now
Questions 23

According to IIA guidance on IT. which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Options:

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Buy Now
Questions 24

An internal auditor is assigned to perform data analytics. Which of the following is the next step the auditor should undertake after she has ascertained the value expected from the review?

Options:

A.

Normalize the data

B.

Obtain the data

C.

identify the risks

D.

Analyze the data

Buy Now
Questions 25

Which of the following best describes a detective control designed to protect an organization from cyberthreats and attacks?

Options:

A.

A list of trustworthy good traffic and a list of unauthorized blocked traffic.

B.

Monitoring for vulnerabilities based on industry intelligence

C.

Comprehensive service level agreements with vendors.

D.

Firewall and other network penmeter protection tools.

Buy Now
Questions 26

Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

Options:

A.

A flexible budget.

B.

Variance analysis.

C.

A contribution margin income statement by segment.

D.

Residual income.

Buy Now
Questions 27

A chief audit executive (CAE) was asked to participate in the selection of an external auditor. Which of the following would not be a typical responsibility for the CAE?

Options:

A.

Evaluate the proposed external auditor fee.

B.

Recommend criteria to be used in the selection process.

C.

Develop appropriate performance metrics.

D.

Monitor the work of the external auditors.

Buy Now
Questions 28

If a bank's activities are categorized under such departments as community banking, institutional banking, and agricultural banking, what kind of departmentalization is being utilized?

Options:

A.

Product departmentalization.

B.

Process departmentalization.

C.

Functional departmentalization.

D.

Customer departmentalization.

Buy Now
Questions 29

Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?

1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.

2) The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.

3) The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.

4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.

Options:

A.

1 only

B.

4 only

C.

2 and 4

D.

3 and 4

Buy Now
Questions 30

Which of the following does not provide operational assurance that a computer system is operating properly?

Options:

A.

Performing a system audit.

B.

Making system changes.

C.

Testing policy compliance.

D.

Conducting system monitoring.

Buy Now
Questions 31

Which of the following statements about matrix organizations is false?

Options:

A.

In a matrix organization, conflict between functional and product managers may arise.

B.

In a matrix organization, staff under dual command is more likely to suffer stress at work.

C.

Matrix organizations offer the advantage of greater flexibility.

D.

Matrix organizations minimize costs and simplify communication.

Buy Now
Questions 32

Which of the following distinguishes the added-value negotiation method from traditional negotiating methods?

Options:

A.

Each party's negotiator presents a menu of options to the other party.

B.

Each party adopts one initial position from which to start.

C.

Each negotiator minimizes the information provided to the other party.

D.

Each negotiator starts with an offer, which is optimal from the negotiator's perspective.

Buy Now
Questions 33

When initiating international ventures, an organization should consider cultural dimensions in order to prevent misunderstandings. Which of the following does not represent a recognized cultural dimension in a work environment?

Options:

A.

Self control.

B.

Power distance.

C.

Masculinity versus femininity.

D.

Uncertainty avoidance.

Buy Now
Questions 34

Which of the following practices impacts copyright issues related to the manufacturer of a smart device?

Options:

A.

Session hijacking.

B.

Jailbreaking.

C.

Eavesdropping.

D.

Authentication.

Buy Now
Questions 35

Organizations mat adopt just-in-time purchasing systems often experience which of the following?

Options:

A.

A slight increase in carrying costs.

B.

A greater need for inspection of goods as the goods arrive.

C.

A greater need for linkage with a vendor s computerized order entry system.

D.

An increase in the number of suitable suppliers

Buy Now
Questions 36

Which of the following statements is true regarding user-developed applications (UDAs) and traditional IT applications?

Options:

A.

UDAs and traditional IT applications typically follow a similar development life cycle.

B.

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

C.

Unlike traditional IT applications, UDAs typically are developed with little consideration of controls.

D.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Buy Now
Questions 37

Which of the following is the best example of IT governance controls?

Options:

A.

Controls that focus on segregation of duties, financial and change management

B.

Personnel policies that define and enforce conditions for staff in sensitive IT areas

C.

Standards that support IT policies by more specifically defining required actions

D.

Controls that focus on data structures and the minimum level of documentation required

Buy Now
Questions 38

An internal auditor is reviewing the organization's performance appraisal process. Which of the following methods would be most effective to identify stereotyping?

Options:

A.

Use a behaviorally anchored rating scale to Break down jobs into their components.

B.

Analyze and compare the ratings for different classes or groupings of employees.

C.

Compare the ratings of selective employees with their previous appraisals.

D.

Analyze the number and percentages of employee appraisals that fall into each rating category

Buy Now
Questions 39

A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle Which of the following statements true recording these costs?

Options:

A.

If the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

B.

The fixed cost per unit will vary directly based on the number of bicycles produced during the

production cycle

C.

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run

D.

If the number of bicycles produced is increased by 30 percent the fixed cost per unit will decline

Buy Now
Questions 40

Data encryption is an example of which of the following controls?

Options:

A.

Application control.

B.

IT general control

C.

Data input control

D.

Data output control

Buy Now
Questions 41

Which of the following actions would senior management need to consider as pan of new IT guidelines regarding the organization's cybersecurity policies?

Options:

A.

Assigning new roles and responsibilities for senior IT management.

B.

Growing use of bring your own devices tor organizational matters

C.

Expansion of operations into new markets with united IT access

D.

Hiring new personnel within the IT department tor security purposes

Buy Now
Questions 42

Which of the following describes a third-party network that connects an organization specifically with its trading partners?

Options:

A.

Value-added network (VAN).

B.

Local area network (LAN).

C.

Metropolitan area network (MAN).

D.

Wide area network (WAN).

Buy Now
Questions 43

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

A.

An extranet

B.

A local area network.

C.

An intranet

D.

The internet

Buy Now
Questions 44

Which of the following statements is true regarding the resolution of interpersonal conflict?

Options:

A.

Unrealized expectations can be avoided with open and honest discussion.

B.

Reorganization would probably not help ambiguous or overlapping jurisdictions.

C.

Deferring action should be used until there is sufficient time to fully deal with the issue.

D.

Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict.

Buy Now
Questions 45

Which of the following best describes an objective for an audit of an environmental management system?

Options:

A.

To assess whether an annual control review is necessary.

B.

To determine conformance with requirements and agreements.

C.

To evaluate executive management oversight.

D.

To promote environmental awareness.

Buy Now
Questions 46

For a multinational organization, which of the following is a disadvantage of an ethnocentric staffing policy?

1) It significantly raises compensation and staffing costs.

2) It produces resentment among the organization's employees in host countries.

3) It limits career mobility for parent-country nationals.

4) It can lead to cultural myopia.

Options:

A.

1 and 4 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, and 4 only

Buy Now
Questions 47

Organizations use matrix management to accomplish which of the following?

Options:

A.

To improve the chain of command.

B.

To strengthen corporate headquarters.

C.

To focus better on a single market.

D.

To increase lateral communication.

Buy Now
Questions 48

A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system. Which of the following is most likely the cause of the difficulty?

Options:

A.

High degree of masculinity.

B.

Low uncertainty avoidance.

C.

High collectivism.

D.

Low long-term orientation.

Buy Now
Questions 49

Which stage in the industry life cycle is characterized by many different product variations?

Options:

A.

Introduction.

B.

Growth.

C.

Maturity.

D.

Decline.

Buy Now
Questions 50

A retail organization is considering acquiring a composite textile company. The retailer's due diligence team determined the value of the textile company to be $50 million. The financial experts forecasted net present value of future cash flows to be $60 million. Experts at the textile company determined their company's market value to be $55 million if purchased by another entity. However, the textile company could earn more than $70 million from the retail organization due to synergies. Therefore, the textile company is motivated to make the negotiation successful. Which of the following approaches is most likely to result in a successful negotiation?

Options:

A.

Develop a bargaining zone that lies between $50 million and $70 million and create sets of outcomes between $50 million and $70 million.

B.

Adopt an added-value negotiating strategy, develop a bargaining zone between $50 million and $70 million, and create sets of outcomes between $50 million and $70 million.

C.

Involve a mediator as a neutral party who can work with the textile company's management to determine a bargaining zone.

D.

Develop a bargaining zone that lies between $55 million and $60 million and create sets of outcomes between $55 million and $60 million.

Buy Now
Questions 51

Presented below are partial year-end financial statement data (000 omitted from dollar amounts) for companies A and B:

If company A has a quick ratio of 2:1, then it has an accounts receivable balance of:

Options:

A.

$100

B.

$200

C.

$300

D.

$500

Buy Now
Questions 52

Which of the following techniques is the most relevant when an internal auditor conducts a valuation of an organization's physical assets?

Options:

A.

Observation.

B.

Inspection.

C.

Original cost.

D.

Vouching.

Buy Now
Questions 53

Which of the following borrowing options is an unsecured loan?

Options:

A.

Second-mortgage financing from a bank.

B.

An issue of commercial paper.

C.

Pledged accounts receivable.

D.

Asset-based financing.

Buy Now
Questions 54

In accounting, which of the following statements is true regarding the terms debit and credit?

Options:

A.

Debit indicates the right side of an account and credit the left side.

B.

Debit means an increase in an account and credit means a decrease.

C.

Credit indicates the right side of an account and debit the left side.

D.

Credit means an increase in an account and debit means a decrease.

Buy Now
Questions 55

An organization had three large centralized divisions: one that received customer orders for service work; one that scheduled the service work at customer locations; and one that answered customer calls about service

problems. These three divisions were restructured into seven regional groups, each of which performed all three functions. One advantage of this restructuring would be:

Options:

A.

Better internal controls.

B.

Greater economies of scale.

C.

Improved work flow.

D.

Increased specialization.

Buy Now
Questions 56

The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

Options:

A.

Risk acceptance.

B.

Risk sharing.

C.

Risk avoidance.

D.

Risk reduction.

Buy Now
Questions 57

Which of the following application software features is the least effective control to protect passwords?

Options:

A.

Suspension of user IDs after a user's repeated attempts to sign on with an invalid password.

B.

Encryption of passwords prior to their transmission or storage.

C.

Forced change of passwords after a designated number of days.

D.

Automatic logoff of inactive users after a specified time period of inactivity.

Buy Now
Questions 58

Which of the following roles would be least appropriate for the internal audit activity to undertake with regard to an organization's corporate social responsibility (CSR) program?

Options:

A.

Consult on project design and implementation of the CSR program.

B.

Serve as an advisor on internal controls related to CSR.

C.

Identify and prioritize the CSR issues that are important to the organization.

D.

Evaluate the effectiveness of the organization's CSR efforts.

Buy Now
Questions 59

Which of the following is the best approach to overcome entry barriers into a new business?

Options:

A.

Offer a standard product that is targeted in the recognized market.

B.

Invest in commodity or commodity-like product businesses.

C.

Enter into a slow-growing market.

D.

Use an established distribution relationship.

Buy Now
Questions 60

Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?

1) Evaluate the business continuity plans for adequacy and currency.

2) Prepare a business impact analysis regarding the loss of critical business.

3) Identify key personnel who will be required to implement the plans.

4) Identify and prioritize the resources required to support critical business processes.

Options:

A.

1 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Buy Now
Questions 61

What must be monitored in order to manage risk of consumer product inventory obsolescence?

1) Inventory balances.

2) Market share forecasts.

3) Sales returns.

4) Sales trends.

Options:

A.

1 only

B.

4 only

C.

1 and 4 only

D.

1, 2, and 3 only

Buy Now
Questions 62

An organization decided to install a motion detection system in its warehouse to protect against after-hours theft. According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?

Options:

A.

Avoidance.

B.

Reduction.

C.

Elimination.

D.

Sharing.

Buy Now
Questions 63

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange?

Options:

A.

A time-sensitive just-in-time purchase environment.

B.

A large volume of custom purchases.

C.

A variable volume sensitive to material cost.

D.

A currently inefficient purchasing process.

Buy Now
Questions 64

An internal auditor is reviewing results from software development integration testing. What is the purpose of integration testing?

Options:

A.

To verify that the application meets staled user requirements.

B.

To verify that standalone programs match code specifications.

C.

To verify that me application would work appropriately for the intended number of users.

D.

To verify that all software and hardware components work together as intended

Buy Now
Questions 65

According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization's IT contingency plan?

Options:

A.

To ensure that adequate controls exist to prevent any significant business interruptions.

B.

To identify and address potential security weaknesses within the system.

C.

To ensure that tests contribute to improvement of the program.

D.

To ensure that deficiencies identified by the audit are promptly addressed.

Buy Now
Questions 66

Which of the following strategies is most appropriate for an industry that is in decline?

Options:

A.

Invest in marketing.

B.

Invest in research and development.

C.

Control costs.

D.

Shift toward mass production.

Buy Now
Questions 67

For employees, the primary value of implementing job enrichment is which of the following?

Options:

A.

Validation of the achievement of their goals and objectives.

B.

Increased knowledge through the performance of additional tasks.

C.

Support for personal growth and a meaningful work experience.

D.

An increased opportunity to manage better the work done by their subordinates.

Buy Now
Questions 68

A multinational organization has multiple divisions that sell their products internally to other divisions. When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

Options:

A.

Full cost

B.

Full cost plus a markup.

C.

Market price of the product

D.

Variable cost plus a markup

Buy Now
Questions 69

Which of the following IT controls includes protection for mainframe computers and workstations?

Options:

A.

Change management controls

B.

Physical and environmental controls.

C.

System software controls

D.

Organization and management controls

Buy Now
Questions 70

While conducting audit procedures at the organization's data center, an internal auditor noticed the following:

Backup media was located on data center shelves.

Backup media was organized by date.

Backup schedule was one week in duration.

The system administrator was able to present restore logs.

Which of the following is reasonable for the internal auditor to conclude?

Options:

A.

Backup media is not properly stored, as the storage facility should be off-site.

B.

Backup procedures are adequate and appropriate according to best practices.

C.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

D.

Backup schedule is not sufficient, as full backup should be conducted daily.

Buy Now
Questions 71

A multinational organization involved in online business has planned to set up a help desk service. Which of the following best describes the role performed by the help desk?

Options:

A.

Monitoring access to the online database.

B.

Backing up and maintaining archived data.

C.

Responding to customer inquiries.

D.

Maintaining and assuring network security.

Buy Now
Questions 72

An organization invests excess snort-term cash in trading securities. When of the following actions should an internal auditor take to test the valuation of those securities?

Options:

A.

Use the equity method to recalculate the investment carrying value

B.

Confirm the securities held by the broker

C.

Perform a calculation of premium or discount amortization.

D.

Compare the carrying value with current market quotations

Buy Now
Questions 73

Which of the following most accurately describes the purpose of application authentication controls?

Options:

A.

To ensure that data input into business applications is valid, complete, and accurate.

B.

To prevent or detect errors in data processed using business applications.

C.

To ensure that business applications are protected from unauthorized logical access.

D.

To ensure the validity, accuracy, and completeness of outputs from business applications.

Buy Now
Exam Code: IIA-CIA-Part3-3P
Exam Name: CIA Exam Part Three: Business Knowledge for Internal Auditing
Last Update: Dec 26, 2024
Questions: 488
IIA-CIA-Part3-3P pdf

IIA-CIA-Part3-3P PDF

$25.5  $84.99
IIA-CIA-Part3-3P Engine

IIA-CIA-Part3-3P Testing Engine

$30  $99.99
IIA-CIA-Part3-3P PDF + Engine

IIA-CIA-Part3-3P PDF + Testing Engine

$40.5  $134.99