IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

The underlying causes of the risk.

The impact of the risk on the organization's objectives.

The risk levels of current and future events.

The potential for eliminating risk factors.

Sum of the years' digits

Declining balance

Double-declining balance

Straight line

The risk that users try to bypass controls and do not install required software updates.

The risk that smart devices can be lost or stolen due to their mobile nature.

The risk that an organization intrusively monitors personal information stored on smart devices.

The risk that proprietary information is not deleted from the device when an employee leaves.

Information integrity risk.

Privacy risk

Access risk

Software risk

They improve the effectiveness of spot check testing techniques

They allow greater insight into high risk areas.

They reduce the overall scope of the audit engagement.

They increase the internal auditor's objectivity

1 and 2 only

1 and 3 only

2 and 4 only

3 and 4 only

Troubleshoot end user problems

Provide production support.

Provide physical security of databases

Maintain database integrity

Reasonableness check.

Transaction log.

Input error correction.

Authorization for access.

Draft separate audit reports for business and IT management

Connect IT audit findings to business issues

Include technical details to support IT issues

Include an opinion on financial reporting accuracy and completeness

26 days.

90 days.

100 days.

110 days.

Cost method

Equity method

Consolidation method

Fair value method

It would provide the ability to monitor in real-time.

It would assist in securing sensitive data.

It would help detect cyberattacks in a more timely fashion.

It would assist in ensuring that data integrity is maintained.

A traditional key lock

A biometric device.

A card-key system

A proximity device

Input controls.

Output controls

Processing controls

Integrity controls

An offboarding procedure is initiated monthly to determine redundant physical access rights

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns

Requests for additional access rights are sent for approval and validation by direct supervisors

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

The business continuity management charter.

The business continuity risk assessment plan

The business impact analysis plan

The business case for business continuity planning

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

PKI uses an independent administrator to manage the public key.

The public key is authenticated against reliable third-party identification.

PKI's public accessibility allows it to be used readily for e-commerce.

The private key uniquely authenticates each party to a transaction.

Users determine the optimal level of safety stocks.

They are applicable only to large organizations.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

They rely heavily on high quality materials.

Formulas and static data are locked or protected.

The spreadsheet is stored on a network server that is backed up daily.

The purpose and use of the spreadsheet are documented.

Check-in and check-out software is used to control versions.

Normalize the data

Obtain the data

identify the risks

Analyze the data

A list of trustworthy good traffic and a list of unauthorized blocked traffic.

Monitoring for vulnerabilities based on industry intelligence

Comprehensive service level agreements with vendors.

Firewall and other network penmeter protection tools.

A flexible budget.

Variance analysis.

A contribution margin income statement by segment.

Residual income.

Evaluate the proposed external auditor fee.

Recommend criteria to be used in the selection process.

Develop appropriate performance metrics.

Monitor the work of the external auditors.

Product departmentalization.

Process departmentalization.

Functional departmentalization.

Customer departmentalization.

1 only

4 only

2 and 4

3 and 4

Performing a system audit.

Making system changes.

Testing policy compliance.

Conducting system monitoring.

In a matrix organization, conflict between functional and product managers may arise.

In a matrix organization, staff under dual command is more likely to suffer stress at work.

Matrix organizations offer the advantage of greater flexibility.

Matrix organizations minimize costs and simplify communication.

Each party's negotiator presents a menu of options to the other party.

Each party adopts one initial position from which to start.

Each negotiator minimizes the information provided to the other party.

Each negotiator starts with an offer, which is optimal from the negotiator's perspective.

Self control.

Power distance.

Masculinity versus femininity.

Uncertainty avoidance.

Session hijacking.

Jailbreaking.

Eavesdropping.

Authentication.

A slight increase in carrying costs.

A greater need for inspection of goods as the goods arrive.

A greater need for linkage with a vendor s computerized order entry system.

An increase in the number of suitable suppliers

UDAs and traditional IT applications typically follow a similar development life cycle.

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

Unlike traditional IT applications, UDAs typically are developed with little consideration of controls.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Controls that focus on segregation of duties, financial and change management

Personnel policies that define and enforce conditions for staff in sensitive IT areas

Standards that support IT policies by more specifically defining required actions

Controls that focus on data structures and the minimum level of documentation required

Use a behaviorally anchored rating scale to Break down jobs into their components.

Analyze and compare the ratings for different classes or groupings of employees.

Compare the ratings of selective employees with their previous appraisals.

Analyze the number and percentages of employee appraisals that fall into each rating category

If the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

The fixed cost per unit will vary directly based on the number of bicycles produced during the

production cycle

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run

If the number of bicycles produced is increased by 30 percent the fixed cost per unit will decline

Application control.

IT general control

Data input control

Data output control

Assigning new roles and responsibilities for senior IT management.

Growing use of bring your own devices tor organizational matters

Expansion of operations into new markets with united IT access

Hiring new personnel within the IT department tor security purposes

Value-added network (VAN).

Local area network (LAN).

Metropolitan area network (MAN).

Wide area network (WAN).

An extranet

A local area network.

An intranet

The internet

Unrealized expectations can be avoided with open and honest discussion.

Reorganization would probably not help ambiguous or overlapping jurisdictions.

Deferring action should be used until there is sufficient time to fully deal with the issue.

Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict.

To assess whether an annual control review is necessary.

To determine conformance with requirements and agreements.

To evaluate executive management oversight.

To promote environmental awareness.

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, and 4 only

To improve the chain of command.

To strengthen corporate headquarters.

To focus better on a single market.

To increase lateral communication.

High degree of masculinity.

Low uncertainty avoidance.

High collectivism.

Low long-term orientation.

Introduction.

Growth.

Maturity.

Decline.

Develop a bargaining zone that lies between $50 million and $70 million and create sets of outcomes between $50 million and $70 million.

Adopt an added-value negotiating strategy, develop a bargaining zone between $50 million and $70 million, and create sets of outcomes between $50 million and $70 million.

Involve a mediator as a neutral party who can work with the textile company's management to determine a bargaining zone.

Develop a bargaining zone that lies between $55 million and $60 million and create sets of outcomes between $55 million and $60 million.

$100

$200

$300

$500

Observation.

Inspection.

Original cost.

Vouching.

Second-mortgage financing from a bank.

An issue of commercial paper.

Pledged accounts receivable.

Asset-based financing.

Debit indicates the right side of an account and credit the left side.

Debit means an increase in an account and credit means a decrease.

Credit indicates the right side of an account and debit the left side.

Credit means an increase in an account and debit means a decrease.

Better internal controls.

Greater economies of scale.

Improved work flow.

Increased specialization.

Risk acceptance.

Risk sharing.

Risk avoidance.

Risk reduction.

Suspension of user IDs after a user's repeated attempts to sign on with an invalid password.

Encryption of passwords prior to their transmission or storage.

Forced change of passwords after a designated number of days.

Automatic logoff of inactive users after a specified time period of inactivity.

Consult on project design and implementation of the CSR program.

Serve as an advisor on internal controls related to CSR.

Identify and prioritize the CSR issues that are important to the organization.

Evaluate the effectiveness of the organization's CSR efforts.

Offer a standard product that is targeted in the recognized market.

Invest in commodity or commodity-like product businesses.

Enter into a slow-growing market.

Use an established distribution relationship.

1 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

1 only

4 only

1 and 4 only

1, 2, and 3 only

Avoidance.

Reduction.

Elimination.

Sharing.

A time-sensitive just-in-time purchase environment.

A large volume of custom purchases.

A variable volume sensitive to material cost.

A currently inefficient purchasing process.

To verify that the application meets staled user requirements.

To verify that standalone programs match code specifications.

To verify that me application would work appropriately for the intended number of users.

To verify that all software and hardware components work together as intended

To ensure that adequate controls exist to prevent any significant business interruptions.

To identify and address potential security weaknesses within the system.

To ensure that tests contribute to improvement of the program.

To ensure that deficiencies identified by the audit are promptly addressed.

Invest in marketing.

Invest in research and development.

Control costs.

Shift toward mass production.

Validation of the achievement of their goals and objectives.

Increased knowledge through the performance of additional tasks.

Support for personal growth and a meaningful work experience.

An increased opportunity to manage better the work done by their subordinates.

Full cost

Full cost plus a markup.

Market price of the product

Variable cost plus a markup

Change management controls

Physical and environmental controls.

System software controls

Organization and management controls

Backup media is not properly stored, as the storage facility should be off-site.

Backup procedures are adequate and appropriate according to best practices.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

Backup schedule is not sufficient, as full backup should be conducted daily.

Monitoring access to the online database.

Backing up and maintaining archived data.

Responding to customer inquiries.

Maintaining and assuring network security.

Use the equity method to recalculate the investment carrying value

Confirm the securities held by the broker

Perform a calculation of premium or discount amortization.

Compare the carrying value with current market quotations

To ensure that data input into business applications is valid, complete, and accurate.

To prevent or detect errors in data processed using business applications.

To ensure that business applications are protected from unauthorized logical access.

To ensure the validity, accuracy, and completeness of outputs from business applications.