March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

IIA IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Exam Practice Test

Demo: 73 questions
Total 488 questions

CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

Question 1

A remote location contains a data center with hardware available to support critical production systems as required in the recovery plan IT personnel periodically test and update systems at the data center. This is an example of which of the following recovery solutions?

Options:

A.

Cold recovery plan

B.

Critical recovery plan

C.

Warm recovery plan

D.

Tested recovery plan

Question 2

An internal auditor is assigned to perform data analytics. Which of the following is the next step the auditor should undertake after she has ascertained the value expected from the review?

Options:

A.

Normalize the data

B.

Obtain the data

C.

identify the risks

D.

Analyze the data

Question 3

in which of the following technical infrastructure audits should attention be turned to physical security and environmental controls?

Options:

A.

Database review

B.

Data center review

C.

Network configuration review

D.

Operating systems review

Question 4

A manager has allowed a subordinate employee to have greater control and responsibility over the tasks that he performs. This is an example of which of the following?

Options:

A.

Job enlargement.

B.

Job enlargement.

C.

Horizontal loading of the job.

D.

Job rotation

Question 5

A multinational organization involved in online business has planned to set up a help desk service. Which of the following best describes the role performed by the help desk?

Options:

A.

Monitoring access to the online database.

B.

Backing up and maintaining archived data.

C.

Responding to customer inquiries.

D.

Maintaining and assuring network security.

Question 6

Which of me following is applicable to both a job order cost system and a process cost system?

Options:

A.

Total manufacturing costs are determined at the end of each period.

B.

Costs are summarized in a production cost repot for each department

C.

Three manufacturing cost elements are tracked direct materials direct labor and manufacturing overhead.

D.

The unit cost can be calculated by dividing the total manufacturing costs for the period by the units produced during the period

Question 7

An internal auditor observed that the organization's disaster recovery solution will make use of a code site in a town several miles away Which of the following is likely to be a characteristic of this disaster recovery solution?

Options:

A.

Data is synchronized in real lime

B.

Recovery time is expected to be less than one week

C.

Servers are not available and need to be procured

D.

Recovery resources and data restore processes have not been defined

Question 8

Operational management in the IT department has introduced performance evaluation policies that are linked to employees achieving continuing education hours. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap

B.

Monitoring gap

C.

Accountability/reward failure.

D.

Communication failure.

Question 9

The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity's (IAA's) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA.

Which of the following staffing approaches is the CAE most likely to select?

Options:

A.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

B.

Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.

C.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

D.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.

Question 10

Which of the following statements is true regarding an organization's inventory valuation1?

Options:

A.

The valuation will be incorrect it the inventory includes goods m transit shipped free on board (FOB) destination to another organization

B.

The valuation will be correct if the inventory includes goods received on consignment from another organization

C.

The valuation will be incorrect it the inventory includes goods in transit shipped FOB shipping point from another organization

D.

The valuation will be correct it the inventory includes goods sent on consignment to another

organization

Question 11

What would an internal auditor do to ensure that a process to mitigate risk is in place for the organization's change management process?

Options:

A.

Develop and enforce change policies to ensure employees are continually trained.

B.

Apply a risk-based approach and impose segregation of duties related to the change management process.

C.

Conduct a high-level threat analysis and implement a compensating control.

D.

Validate authorization, segregation of duties, testing of changes, and approval to move changes into production.

Question 12

Organization X owns a 38 percent equity stake in Organization Y. Which of the following statements is true regarding the financial treatment for this relationship?

Options:

A.

Y should be listed as an investment asset on X's balance sheet

B.

X must consolidate the financial statements for both organizations

C.

Y should be reported as a footnote to X's financial statements

D.

Y should not be reported by X as X does not have a controlling interest

Question 13

While auditing an organization's customer call center, an internal auditor notices that key performance indicators show a positive trend despite the fact that there have been increasing customer complaints over the same period Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Options:

A.

Review the the call center script used by customer service agents to interact with callers and update the script rf necessary

B.

De-emphasize the importance of call center employees completing a certain number of calls per hour

C.

Retrain call center staff on area processes and common technical issues that they will Likely be asked to resolve

D.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Question 14

When using cost-volume-profit analysts which of the following will increase operating income once the break-even point has been reached?

Options:

A.

Fixed costs per unit for each additional unit sold

B.

Variable costs per unit for each additional unit sold

C.

Contribution margin per unit for each additional unit sold

D.

Gross margin per unit for each additional unit sold

Question 15

Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organization's systems?

Options:

A.

Boundary defense.

B.

Malware defense.

C.

Penetration tests.

D.

Wireless access controls.

Question 16

During a review of the accounts payable process, an internal auditor gathered all of the vendor payment transactions for the past 24 months. The auditor then used an analytics tool to identify the top five vendors that received the highest sum of payments.

Which of the following analytics techniques did the auditor apply?

Options:

A.

Process analysis.

B.

Process mining.

C.

Data analysis.

D.

Data mining.

Question 17

An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two.

Which of the following could be the reason for the decline in the net profit margin for year two?

Options:

A.

Cost of sales increased relative to sales.

B.

Total sales increased relative to expenses.

C.

The organization had a higher dividend payout rate in year two.

D.

The government increased the corporate tax rate.

Question 18

Which of the following is a project planning methodology that involves a complex series ot required simulations to provide information about schedule risk?

Options:

Question 19

What is the most significant potential problem introduced by just-in-time inventory systems?

Options:

A.

They require significant computer resources.

B.

They are susceptible to supply-chain disruptions.

C.

They require complicated materials-supply contracts.

D.

They prevent manufacturers from scaling up or down to meet changing demands.

Question 20

A restaurant deeded to expand its business to include delivery services rather than relying on third-party food delivery services. Which of the following best describes the restaurant's strategy?

Options:

A.

Diversification

B.

Vertical integration

C.

Risk avoidance

D.

Differentiation

Question 21

An organization's board of directors is particularly focused on positioning the organization as a leader in the industry and beating the competition.

Which of the following strategies offers the greatest alignment with the board's focus?

Options:

A.

Divesting product lines expected to have negative profitability.

B.

Increasing the diversity of strategic business units.

C.

Increasing investment in research and development for a new product.

D.

Relocating the organization's manufacturing to another country.

Question 22

Which of the following factors is most likely to lead to a lack of cohesiveness in a project team?

Options:

A.

Prestige

B.

Small size.

C.

Competition

D.

Common threat

Question 23

Which of me following statements is true regarding the reporting of tangible and intangible assets?

Options:

A.

For plant assets cost includes the purchase price and the cost of design and construction

B.

For intangible assets cost includes the purchase price and development costs

C.

Due to their indefinite nature intangible assets are not subject to amortization

D.

The organization must expense any cost incurred in developing a plant asset

Question 24

Which of the following are the most common characteristics of big data?

Options:

A.

Visibility, validity, vulnerability

B.

Velocity, variety volume.

C.

Complexity completeness constancy

D.

Continuity, control convenience

Question 25

Which of the following is an example of internal auditors applying data mining techniques for exploratory purposes?

Options:

A.

Internal auditors perform reconciliation procedures to support an external audit of financial reporting.

B.

Internal auditors perform a systems-focused analysis to review relevant controls.

C.

Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan.

D.

Internal auditors test IT general controls with regard to operating effectiveness versus design.

Question 26

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?

Options:

A.

A star

B.

A cash cow

C.

A Question mark

D.

A dog

Question 27

An internal auditor is evaluating an organization's business continuity management program According to the guidance on IT. which of the following tests would best demonstrate the ability to perform Key processes without significant problems?

Options:

A.

End-to-end testing

B.

IT systems and application walkthrough

C.

Tabletop or boardroom-style testing

D.

Desk check testing

Question 28

Which of the following cost of capital methods identifies the time period required to recover the cost of the capital investment from the annual inflow produced?

Options:

A.

Cash payback technique.

B.

Annual rate of return technique.

C.

Internal rate of return method.

D.

Net present value method.

Question 29

Which of the following controls would be the most effective in preventing the disclosure of an organization’s confidential electronic information?

Options:

A.

Non-disclosure agreements between the firm and its employees

B.

Logs of user activity within the information system

C.

Two-factor authentication for access into the information system

D.

Limited access to information based on employee duties

Question 30

An organization has instituted a bring-your-own-device (BYOD) work environment Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage

D.

Use management software to scan and then prompt patch reminders when devices connect to the network

Question 31

Which of the following best describes a detective control designed to protect an organization from cyberthreats and attacks?

Options:

A.

A list of trustworthy good traffic and a list of unauthorized blocked traffic.

B.

Monitoring for vulnerabilities based on industry intelligence

C.

Comprehensive service level agreements with vendors.

D.

Firewall and other network penmeter protection tools.

Question 32

An internal auditor computed that one of the organization's accounting divisions is processing 30 travel reports per hour while another accounting division is processing 22 travel reports per hour.

Which of the following efficiency measures did the internal auditor most likely employ?

Options:

A.

Operating rate.

B.

Asset efficiency rate.

C.

Resource utilization rate.

D.

Productivity rate.

Question 33

Which of the following statements is true with regard to information protection?

Options:

A.

All personal information, by definition is considered to be sensitive, requiring specialized controls.

B.

Information is not considered personal if it can only be linked to or used to identify an individual indirectly.

C.

Individuals who provide personal information to organizations share in the risk of inappropriate

disclosure.

D.

Good protection controls remove any restrictions on the quantity of personal information that can be collected

Question 34

Which of the following best describes the purpose of disaster recovery planning?

Options:

A.

To reconstitute systems efficiently following a disruptive event.

B.

To define rules on how devices within the system should communicate after a disaster.

C.

To describe how data should move from one system to another system in case of an emergency.

D.

To establish a protected area of network that is accessible to the public after a disaster

Question 35

According to MA guidance, which of the following would indicate poor change management control?

1) Low change success rate

2) Occasional planned outages

3) Low number of emergency changes.

4) Instances of unauthorized changes

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 36

Which of the following characteristics applies to an organization that adopts a flat structure?

Options:

A.

The structure is dispersed geographically.

B.

The hierarchy levels are more numerous.

C.

The span of control is wide.

D.

The lower-level managers are encouraged to exercise creativity when solving problems.

Question 37

Which of me following statements is most accurate concerning me management and audit of a web server?

Options:

A.

The file transfer protocol (FTP) should always be enabled

B.

The simple mail transfer protocol (SMTP) should be operating under me most privileged accounts

C.

The number of ports and protocols allowed to access the web server should be maximized

D.

Secure protocols for confidential pages should be used instead of clear-text protocol such as HTTP or FTP

Question 38

The most important reason to use risk assessment in audit planning is to:

Options:

A.

Identify redundant controls.

B.

Improve budgeting accuracy.

C.

Enhance assurance provided to management.

D.

Assist in developing audit programs.

Question 39

Which of the following professional organizations sets standards for quality and environmental audits?

Options:

A.

The Committee of Sponsoring Organizations of the Treadway Commission.

B.

The Board of Environmental, Health, and Safety Auditor Certifications.

C.

The International Organization of Supreme Audit Institutions.

D.

The International Standards Organization.

Question 40

Which of the following is useful for forecasting the required level of inventory?

1) Statistical modeling.

2) Information about seasonal variations in demand.

3) Knowledge of the behavior of different business cycles.

4) Pricing models linked to seasonal demand.

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, 3, and 4

Question 41

Under a value-added taxing system:

Options:

A.

Businesses must pay a tax only if they make a profit.

B.

The consumer ultimately bears the cost of the tax through higher prices.

C.

Consumer savings are discouraged.

D.

The amount of value added is the difference between an organization's sales and its cost of goods sold.

Question 42

One change control function that is required in client/server environments, but is not required in mainframe environments, is to ensure that:

Options:

A.

Program versions are synchronized across the network.

B.

Emergency move procedures are documented and followed.

C.

Appropriate users are involved in program change testing.

D.

Movement from the test library to the production library is controlled.

Question 43

The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:

Options:

A.

Use an aging schedule to more closely estimate uncollectible accounts.

B.

Eliminate the need for an allowance for doubtful accounts.

C.

Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.

D.

Use a method that approximates the matching principle.

Question 44

Which of the following is a product-oriented definition of a business rather than a market-oriented definition of a business?

Options:

A.

We are a people-and-goods mover.

B.

We supply energy.

C.

We make movies.

D.

We provide climate control in the home.

Question 45

Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

Options:

A.

A flexible budget.

B.

Variance analysis.

C.

A contribution margin income statement by segment.

D.

Residual income.

Question 46

Which of the following statements is true regarding the relationship between an individual’s average tax rate and marginal tax rate?

Options:

A.

In a regressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

B.

In a regressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

C.

In a progressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

D.

In a progressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

Question 47

Which of the following does not provide operational assurance that a computer system is operating properly?

Options:

A.

Performing a system audit.

B.

Making system changes.

C.

Testing policy compliance.

D.

Conducting system monitoring.

Question 48

Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?

Options:

A.

Star network.

B.

Bus network.

C.

Token ring network.

D.

Mesh network.

Question 49

When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by:

Options:

A.

Identifying risks to the organization's operations.

B.

Observing and analyzing controls.

C.

Prioritizing known risks.

D.

Reviewing organizational objectives.

Question 50

Which of the following is the most likely reason an organization may decide to undertake a stock split?

Options:

A.

To keep stock price constant.

B.

To keep shareholders' equity constant.

C.

To increase shareholders' equity.

D.

To enhance the stock liquidity.

Question 51

Organizational activities that complement each other and create a competitive advantage are called a:

Options:

A.

Merger.

B.

Strategic fit.

C.

Joint venture.

D.

Strategic goal.

Question 52

An organization decided to install a motion detection system in its warehouse to protect against after-hours theft. According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?

Options:

A.

Avoidance.

B.

Reduction.

C.

Elimination.

D.

Sharing.

Question 53

An organization uses a database management system (DBMS) as a repository for data. The DBMS, in turn, supports a number of end-user developed applications which were created using fourth-generation programming languages. Some of the applications update the database. Which of the following is the most important control related to the integrity of the data in the database?

Options:

A.

End users have their read-only applications approved by the information systems department before accessing the database.

B.

Concurrency update controls are in place.

C.

End-user applications are developed on personal computers before being implemented on the

mainframe.

D.

A hierarchical database model is adopted so that multiple users can be served at the same time.

Question 54

Which of the following actions is most likely to gain support for process change?

Options:

A.

Set clear objectives.

B.

Engage the various communities of practice within the organization.

C.

Demonstrate support from senior management.

D.

Establish key competencies.

Question 55

Technological uncertainty, subsidy, and spin-offs are usually characteristics of:

Options:

A.

Fragmented industries.

B.

Declining industries.

C.

Mature industries.

D.

Emerging industries.

Question 56

According to Porter's model of competitive strategy, which of the following is a generic strategy?

1 Differentiation.

2) Competitive advantage.

3) Focused differentiation.

4) Cost focus.

Options:

A.

2 only

B.

3 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Question 57

Which of the following is a characteristic of an emerging industry?

Options:

A.

Established strategy of players.

B.

Low number of new firms.

C.

High unit costs.

D.

Technical expertise.

Question 58

The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

Options:

A.

Risk acceptance.

B.

Risk sharing.

C.

Risk avoidance.

D.

Risk reduction.

Question 59

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange?

Options:

A.

A time-sensitive just-in-time purchase environment.

B.

A large volume of custom purchases.

C.

A variable volume sensitive to material cost.

D.

A currently inefficient purchasing process.

Question 60

Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:

Activity Level -

Maintenance Cost

Month

Patient Days

January

5,600

$7,900

February

7,100

$8,500

March

5,000

$7,400

April

6,500

$8,200

May

7,300

$9,100

June

8,000

$9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

Options:

A.

Fixed cost.

B.

Variable cost.

C.

Total maintenance cost.

D.

Patient days.

Question 61

Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?

Options:

A.

Promote closer linkage between organizational strategy and information.

B.

Provide users with greater online access to information systems.

C.

Enhance the functionality of application systems.

D.

Expand the use of automated controls.

Question 62

Which of the following is a major advantage of decentralized organizations, compared to centralized organizations?

Options:

A.

Decentralized organizations are more focused on organizational goals.

B.

Decentralized organizations streamline organizational structure.

C.

Decentralized organizations tend to be less expensive to operate.

D.

Decentralized organizations tend to be more responsive to market changes.

Question 63

According to IIA guidance, which of the following corporate social responsibility (CSR) activities is appropriate for the internal audit activity to perform?

Options:

A.

Determine the optimal amount of resources for the organization to invest in CSR.

B.

Align CSR program objectives with the organization's strategic plan.

C.

Integrate CSR activities into the organization's decision-making process.

D.

Determine whether the organization has an appropriate policy governing its CSR activities.

Question 64

Which of the following strategies is most appropriate for an industry that is in decline?

Options:

A.

Invest in marketing.

B.

Invest in research and development.

C.

Control costs.

D.

Shift toward mass production.

Question 65

Which of the following statements is true regarding the roles and responsibilities associated with a corporate social responsibility (CSR) program?

Options:

A.

The board has overall responsibility for the internal control processes associated with the CSR program.

B.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with the CSR program.

C.

The internal audit activity is responsible for ensuring that CSR principles are integrated into the

organization's policies and procedures.

D.

Every employee has a responsibility for ensuring the success of the organization's CSR objectives.

Question 66

A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made. The most likely structure for this organization would be:

Options:

A.

Functional departmentalization.

B.

Product departmentalization.

C.

Matrix organization.

D.

Divisional organization.

Question 67

What must be monitored in order to manage risk of consumer product inventory obsolescence?

1) Inventory balances.

2) Market share forecasts.

3) Sales returns.

4) Sales trends.

Options:

A.

1 only

B.

4 only

C.

1 and 4 only

D.

1, 2, and 3 only

Question 68

A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:

Options:

A.

Adequate segregation of duties between data processing controls and file security controls.

B.

Documented procedures for remote job entry and for local data file retention.

C.

Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.

D.

Established procedures to prevent and detect unauthorized changes to data files.

Question 69

A supervisor receives a complaint from an employee who is frustrated about having to learn a new software

program. The supervisor responds that the new software will enable the employee to work more efficiently and with greater accuracy. This response is an example of:

Options:

A.

Empathetic listening.

B.

Reframing.

C.

Reflective listening.

D.

Dialogue.

Question 70

Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?

Options:

A.

Forming stage.

B.

Norming stage.

C.

Performing stage.

D.

Storming stage.

Question 71

Which of the following are likely indicators of ineffective change management?

1) IT management is unable to predict how a change will impact interdependent systems or business processes.

2) There have been significant increases in trouble calls or in support hours logged by programmers.

3) There is a lack of turnover in the systems support and business analyst development groups.

4) Emergency changes that bypass the normal control process frequently are deemed necessary.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4 only

D.

1, 2, 3, and 4

Question 72

A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:

Options:

A.

A transmission control protocol/Internet protocol (TCP/IP).

B.

An operating system.

C.

A web browser.

D.

A web server.

Question 73

Which of the following best describes an objective for an audit of an environmental management system?

Options:

A.

To assess whether an annual control review is necessary.

B.

To determine conformance with requirements and agreements.

C.

To evaluate executive management oversight.

D.

To promote environmental awareness.

Demo: 73 questions
Total 488 questions