Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

IIA IIA-CIA-Part3 Business Knowledge for Internal Auditing Exam Practice Test

Demo: 154 questions
Total 516 questions

Business Knowledge for Internal Auditing Questions and Answers

Question 1

During which phase of the contracting process ere contracts drafted for a proposed business activity?

Options:

A.

Initiation phase.

B.

Bidding phase

C.

Development phase

D.

Management phase

Question 2

A one-time password would most likely be generated in which of the following situations?

Options:

A.

When an employee accesses an online digital certificate

B.

When an employee's biometrics have been accepted.

C.

When an employee creates a unique digital signature,

D.

When an employee uses a key fob to produce a token.

Question 3

Which of the following statements is true regarding data backup?

Options:

A.

System backups should always be performed real time.

B.

Backups should be stored in a secured location onsite for easy access.

C.

The tape rotation schedule affects how long data is retained

D.

Backup media should be restored only m case of a hardware or software failure

Question 4

An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?

Options:

A.

The auditor is normalizing data in preparation for analyzing it.

B.

The auditor is analyzing the data in preparation for communicating the results,

C.

The auditor is cleaning the data in preparation for determining which processes may be involves .

D.

The auditor is reviewing trio data prior to defining the question

Question 5

Based on lest results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

Options:

A.

Requested backup tapes were not returned from the offsite vendor In a timely manner.

B.

Returned backup tapes from the offsite vendor contained empty spaces.

C.

Critical systems have boon backed up more frequently than required.

D.

Critical system backup tapes are taken off site less frequently than required

Question 6

When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

Options:

A.

Direct, product costs.

B.

Indirect product costs.

C.

Direct period costs,

D.

Indirect period costs

Question 7

Which of the following job design techniques would most likely be used to increase employee motivation through job responsibility and recognition?

Options:

A.

Job complicating

B.

Job rotation

C.

Job enrichment

D.

Job enlargement

Question 8

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

Options:

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Question 9

An organization has a declining inventory turnover but an Increasing gross margin rate, Which of the following statements can best explain this situation?

Options:

A.

The organization's operating expenses are increasing.

B.

The organization has adopted just-in-time inventory.

C.

The organization is experiencing Inventory theft

D.

The organization's inventory is overstated.

Question 10

Which of the following is a systems software control?

Options:

A.

Restricting server room access to specific individuals

B.

Housing servers with sensitive software away from environmental hazards

C.

Ensuring that all user requirements are documented

D.

Performing of intrusion testing on a regular basis

Question 11

Which of the following principles s shared by both hierarchies and open organizational structures?

1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions.

2. A supervisor's span of control should not exceed seven subordinates.

3. Responsibility should be accompanied by adequate authority.

4. Employees at all levels should be empowered to make decisions.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 12

Which of the following is the best example of IT governance controls?

Options:

A.

Controls that focus on segregation of duties, financial, and change management,

B.

Personnel policies that define and enforce conditions for staff in sensitive IT areas.

C.

Standards that support IT policies by more specifically defining required actions

D.

Controls that focus on data structures and the minimum level of documentation required

Question 13

Which of the following should be included in a data privacy poky?

1. Stipulations for deleting certain data after a specified period of time.

2. Guidance on acceptable methods for collecting personal data.

3. A requirement to retain personal data indefinitely to ensure a complete audit trail,

4. A description of what constitutes appropriate use of personal data.

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 4 only

D.

2, 3, and 4 only

Question 14

An organization's account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?

Options:

A.

A debit to office supplies on hand for S2.500

B.

A debit to office supplies on hand for $11.500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Question 15

An organization uses the management-by-objectives method whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

Options:

A.

It is particularly helpful to management when the organization is facing rapid change.

B.

It is a more successful approach when adopted by mechanistic organizations.

C.

It is mere successful when goal setting is performed not only by management, but by all team members, including lower-level staff.

D.

It is particularly successful in environments that are prone to having poor employer-employee relations.

Question 16

Which of the following statements is true regarding cost-volume-profit analysis?

Options:

A.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

B.

Breakeven point is the amount of units sold to cover variable costs.

C.

Breakeven occurs when the contribution margin covers fixed costs.

D.

Following breakover1, he operating income will increase by the excess of fixed costs less the variable costs per units sold.

Question 17

What kind of strategy would be most effective for an organization to adopt in order to Implement a unique advertising campaign for selling identical product lines across all of its markets?

Options:

A.

Export strategy.

B.

Transnational strategy

C.

Multi-domestic strategy

D.

Globalization strategy

Question 18

Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

Clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Question 19

Which of the following is a security feature that Involves the use of hardware and software to filter or prevent specific Information from moving between the inside network and the outs de network?

Options:

A.

Authorization

B.

Architecture model

C.

Firewall

D.

Virtual private network

Question 20

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

A.

An extranet

B.

A local area network

C.

An Intranet

D.

The internet

Question 21

Which of the following is classified as a product cost using the variable costing method?

1. Direct labor costs.

2. Insurance on a factory.

3. Manufacturing supplies.

4. Packaging and shipping costa.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 22

An organization and its trading partner rely on a computer-to-computer exchange of digital business documents. Which of the following best describes this scenario?

Options:

A.

Use of a central processing unit

B.

Use of a database management system

C.

Use of a local area network

D.

Use of electronic data Interchange

Question 23

A large retail customer made an offer to buy 10.000 units at a special price of $7 per unit. The manufacturer usually sells each unit for §10, Variable Manufacturing costs are 55 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?

Options:

A.

Fixed and Variable manufacturing costs are less than the special offer selling price.

B.

The manufacturer can fulfill the order without expanding the capacities of the production facilities.

C.

Costs related to accepting this offer can be absorbed through the sale of other products.

D.

The manufacturer’s production facilities are currently operating at full capacity.

Question 24

For employees, the primary value of implementing job enrichment is which of the following?

Options:

A.

Validation of the achievement of their goals anti objectives

B.

Increased knowledge through the performance of additional tasks

C.

Support for personal growth and a meaningful work experience

D.

An increased opportunity to manage better the work done by their subordinates

Question 25

Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?

Options:

A.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

B.

Review the password length, frequency of change, and list of users for the workstation's login process.

C.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

D.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

Question 26

Which of the following items represents the first thing that should be done with obtained dote in the data analytics process?

Options:

A.

Verify completeness and accuracy.

B.

Verify existence and accuracy.

C.

Verify completeness and integrity.

D.

Verify existence and completeness.

Question 27

Which of the following statements. Is most accurate concerning the management and audit of a web server?

Options:

A.

The file transfer protocol (FTP) should always be enabled.

B.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.

C.

The number of ports and protocols allowed to access the web server should be maximized.

D.

Secure protocols for confidential pages should be used instead of dear-text protocols such as HTTP or FTP.

Question 28

An internal auditor was asked to review an equal equity partnership, in one sampled transaction. Partner A transferred equipment into the partnership with a Self-declared value of 510 ,000, and Partner B contributed equipment with a self-declared value of 515,000. The capital accounts reach partner were subsequently credited with $12,500. Which of the following statements Is true regarding this transection?

Options:

A.

The capital accounts of the partners should be increased by she original cost of the contributed equipment.

B.

The capital accounts should be increased using a weighted average based by the current percentage of ownership.

C.

No action is needed, as the capital account of each partner was increased by the correct amount,

D.

The capital accounts of the partners should be increased by She fair market value of their contribution.

Question 29

An organization that soils products to a foreign subsidiary wants to charge a price that wilt decrease import tariffs. Which of the following is the best course of action for the organization?

Options:

A.

Decrease the transfer price

B.

Increase the transfer price

C.

Charge at the arm's length price

D.

Charge at the optimal transfer price

Question 30

Which of the following scenarios best illustrates a spear phishing attack?

Options:

A.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

B.

A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.

C.

A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

D.

Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.

Question 31

According to IIA guidance, which of the following is a broad collection of integrated policies, standards, and procedures used to guide the planning and execution of a project?

Options:

A.

Project portfolio.

B.

Project development

C.

Project governance.

D.

Project management methodologies

Question 32

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various Junctions.

C.

Authority, responsibility and accountability of the units Involved may vary based on the project's life, or the organization's culture

D.

It is best suited for firms with scattered locations or for multi-line, Large-scale firms.

Question 33

Which of the following techniques would best detect on inventory fraud scheme?

Options:

A.

Analyze invoice payments just under individual authorization limits.

B.

Analyze stratification of inventory adjustments by warehouse location.

C.

Analyze Inventory Invoice amounts and compare with approved contract amounts.

D.

Analyze differences discovered curing duplicate payment testing.

Question 34

Which of the following types of date analytics would be used by a hospital to determine which patients are likely to require remittance for additional treatment?

Options:

A.

Predictive analytics.

B.

Prescriptive analytics.

C.

Descriptive analytics.

D.

Diagnostic analytics.

Question 35

Which of the following best explains why an organization would enter into a capital lease contract?

Options:

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization's free cash flow from operations

C.

To Improve the organization's free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Question 36

While auditing an organization's customer call center, an internal auditor notices that Key performance indicators show a positive trend, despite the fact that there have been increasing customer complaints over the same period. Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Options:

A.

Review the call center script used by customer service agents to interact with callers, and update the script if necessary.

B.

Be-emphasize the importance of call center employees completing a certain number of calls per hour.

C.

Retrain call center staff on area processes and common technical issues that they will likely be asked to resolve.

D.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Question 37

With regard to project management, which of the following statements about project crashing Is true?

Options:

A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially.

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added so the project.

Question 38

Which of the following risks would Involve individuals attacking an oil company's IT system as a sign of solidarity against drilling in a local area?

Options:

A.

Tampering

B.

Hacking

C.

Phishing

D.

Piracy

Question 39

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

D.

Use management software scan and then prompt parch reminders when devices connect to the network

Question 40

An internal audit uncovered high-risk issues that needed to be addressed by the organization. During the exit conference, the audit team discussed the high-risk issues with the manager responsible for addressing them. How should the chief audit executive respond if the manager agrees to correct the issues identified during the audit?

Options:

A.

Include in the report that management has agreed to address the issue and set a date for follow-up

B.

Include an assignment in the annual internal audit plan to perform a follow-up audit

C.

Discuss the audit observation with senior management

D.

Solicit input from management and create the action plan

Question 41

The sole internal auditor of a municipality wants to implement proper supervision over internal audit workpapers. Which of the following would be the most appropriate?

Options:

A.

According to the Global Internal Audit Standards, in this situation the internal auditor can perform a self-review of selected workpapers

B.

Request each engagement client to conduct a review of a sample of workpapers at the end of the engagement

C.

Ask the board or management to sign off on workpapers

D.

Engage peer reviewers from other organizations with legal precautions in place

Question 42

Which of the following is most influenced by a retained earnings policy?

Options:

A.

Cash.

B.

Dividends.

C.

Gross margin.

D.

Net income.

Question 43

How should internal auditors respond when the manager of an area under review disagrees with a finding?

Options:

A.

Escalate the disagreements to the CEO

B.

Ignore the manager’s concerns and proceed with finalizing the audit report

C.

Escalate the disagreements to the chief audit executive

D.

Reperform the audit process where there are disagreements

Question 44

An internal audit team performed an assurance engagement of the organization's IT security. The audit team found significant flaws in the design and implementation of the internal control framework. IT department managers often disagreed with the audit team on the significance of the findings, claiming that the controls in place partly mitigated the risks. Which of the following should be included when communicating the engagement results to senior management?

Options:

A.

All the correspondence exchanged between the audit team and IT department demonstrating the disagreement

B.

The audit team's findings and the IT department’s opinion

C.

Only the audit team's findings and the reasons they require immediate action from senior management

D.

Only the findings that were agreed upon between the audit team and the IT department

Question 45

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Options:

A.

Security.

B.

Status.

C.

Recognition.

D.

Relationship with coworkers

Question 46

Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?

Options:

A.

Key performance indicators.

B.

Reports of software customization.

C.

Change and patch management.

D.

Master data management

Question 47

Which of the following best explains the matching principle?

Options:

A.

Revenues should be recognized when earned.

B.

Revenue recognition is matched with cash.

C.

Expense recognition is tied to revenue recognition.

D.

Expenses are recognized at each accounting period.

Question 48

Which of the following IT layers would require the organization to maintain communication with a vendor in a tightly controlled and monitored manner?

Options:

A.

Applications

B.

Technical infrastructure.

C.

External connections.

D.

IT management

Question 49

As part of internal audit's risk assessment, a chief audit executive is determining certain factors as part of planning the areas to audit within an organization that makes silicon chips. Which of the following would be considered a subjective factor as part of the risk assessment?

Options:

A.

The number of vendors able to meet the supply demand request from the organization

B.

The quality of the staff supervision of silicon chips produced by the organization

C.

The length of time since the last audit of the organization's manufacturing facilities

D.

The asset value of the silicon chips that the organization did not produce because of a shortage in raw materials

Question 50

An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational capability in the event of a disaster, Which of the following best describes this approach to disaster recovery planning?

Options:

A.

Cold recovery plan,

B.

Outsourced recovery plan.

C.

Storage area network recovery plan.

D.

Hot recovery plan

Question 51

Which of the following documents would provide an internal auditor with information on the length of time to maintain documents after the completion of an engagement?

Options:

A.

Internal audit charter

B.

Annual internal audit plan

C.

Internal audit policies

D.

Quality assurance and improvement program

Question 52

In an organization with a poor control environment, which of the following indicators would help an internal audit function measure its ability to provide risk-based assurance?

Options:

A.

The value of potential cost savings, or prevented losses, identified per year

B.

The percentage of observations that can be linked to significant organizational risks

C.

The extent of data mining or data analytics used during assurance engagements

D.

The amount of time dedicated to organization-wide risk assessments

Question 53

Which of the following best describes owner's equity?

Options:

A.

Assets minus liabilities.

B.

Total assets.

C.

Total liabilities.

D.

Owners contribution plus drawings.

Question 54

An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks. The auditor grouped the related risks into three categories;

- Risks specific to the organization itself.

- Risks specific to the service provider.

- Risks shared by both the organization and the service provider

Which of the following risks should the auditor classify as specific to the service provider?

Options:

A.

Unexpected increases in outsourcing costs.

B.

Loss of data privacy.

C.

Inadequate staffing.

D.

Violation of contractual terms.

Question 55

Which of the following inventory costing methods requires the organization to account for the actual cost paid for the unit being sold?

Options:

A.

Last-in-first-Out (LIFO}.

B.

Average cost.

C.

First-in-first-out (FIFO).

D.

Specific identification

Question 56

Upon completing a follow-up audit engagement, the chief audit executive (CAE) noted that management has not implemented any mitigation measures to address the high risks that were reported in the initial audit report. What initial step must the CAE take to address this situation?

Options:

A.

Communicate the issue to senior management

B.

Discuss the issue with members of management responsible for the risk area

C.

Report the situation to the external auditors

D.

Escalate the issue to the board

Question 57

Which of the following best describes a detective control designed to protect an organization from cyberthreats and attacks?

Options:

A.

A list of trustworthy, good traffic and a list of unauthorized, blocked traffic.

B.

Monitoring for vulnerabilities based on industry intelligence.

C.

Comprehensive service level agreements with vendors.

D.

Firewall and other network perimeter protection tools.

Question 58

Which of the following best describes the purpose of fixed manufacturing costs?

Options:

A.

To ensure availability of production facilities.

B.

To decrease direct expenses related to production.

C.

To incur stable costs despite operating capacity.

D.

To increase the total unit cost under absorption costing

Question 59

Which approach should a chief audit executive take when preparing the internal audit plan?

Options:

A.

Organize the auditable units within the organization into an audit universe to facilitate risk assessment

B.

Select auditable units within the organization based on monetary values

C.

Evaluate auditable units based on senior management's information about risks

D.

Eliminate auditable units not mandated to be audited by laws and regulations applicable to the organization

Question 60

Which of the following scenarios would require the chief audit executive (CAE) to change the internal audit plan and seek approval for the changes from the board?

Options:

A.

The CAE meets with the organization's new CFO to review the internal audit plan. After reviewing the plan, the CFO is satisfied that the plan addressed the top risks facing the organization

B.

The CAE oversees an internal audit function that has one IT auditor on staff. This auditor left the organization eight months ago and the CAE has been unable to hire a suitable replacement

C.

The effective date of a new government regulation occurs during the internal audit plan year. The new regulation and its effective date have been public for several years

D.

The CAE oversees an internal audit function of 15 auditors. An auditor left the organization and was replaced the following week with an auditor who has similar skills and experience

Question 61

Which of the following would an organization execute to effectively mitigate and manage risks created by a crisis or event?

Options:

A.

Only preventive measures.

B.

Alternative and reactive measures.

C.

Preventive and alternative measures.

D.

Preventive and reactive measures.

Question 62

Which of the following should the chief audit executive agree upon with the board before starting an external assessment of the internal audit function?

Options:

A.

The audit areas that should be reviewed

B.

The level of testing that will be required

C.

The qualifications needed on the external assessment team

D.

The specialized skills that each external assessment team member needs

Question 63

During an internal audit engagement, numerous deficiencies in the organization's management of customer data were discovered, entailing the risk of breaching personal data protection legislation. An improvement plan was approved by senior management. Which of the following conditions observed during the periodic follow-up process best justifies the chief audit executive's decision to escalate the issue to the board?

Options:

A.

The organization's customer satisfaction index does not show any signs of improvement

B.

No budget or resources have been allocated to implement corrective measures

C.

The board has not been informed about the planned improvements approved by senior management

D.

Employees responsible for improvements are resisting any additional workload

Question 64

According to IIA guidance, which of the following statements is true regarding communication of engagement results?

Options:

A.

Prior to releasing engagement results to parties outside of the organization, the audit committee must assess the potential risk to the organization, consult with senior management and/or legal counsel, and control dissemination by restricting the use of the results

B.

During an advisory engagement, if a significant governance issue is identified, it must be communicated to senior management and the board

C.

The engagement supervisor is responsible for communicating the final results to the chief audit executive and other parties who can ensure that the results are given due consideration

D.

The audit committee is responsible for reviewing and approving the final engagement communication before issuance and for deciding to whom and how it will be disseminated

Question 65

During a routine bank branch audit, the internal audit function observed that the sole security guard at the branch only worked part time. The chief audit executive (CAE) believed that this increased the risk of loss of property and life in the event of a robbery. The branch security manager informed the CAE that a full-time guard was not needed because the branch was in close proximity to a police station. Still, the CAE found this to be an unacceptable risk due to the recent increase in robberies in that area. Which of the following is the most appropriate next step for the CAE to take?

Options:

A.

Immediately report the issue to the board to ensure timely corrective actions are taken to resolve the risk

B.

Continue discussions with the security manager until he is persuaded and agrees to increase branch security

C.

Document the security manager’s decision to accept the risk in the audit workpapers

D.

Escalate the issue to the bank’s chief security officer to determine acceptability of the risk

Question 66

The chief audit executive (CAE) and management of the area under review disagree over managing a significant risk item. According to IIA guidance, which of the following actions should the CAE take first?

Options:

A.

Refer the matter to the board for resolution

B.

Consult the approved audit charter on supremacy of internal auditors’ decisions

C.

Record management’s and the internal auditor's positions in the audit report

D.

Discuss the issue in question further with senior management

Question 67

The board and senior management agree to outsource the internal audit function. Which of the following is true regarding the company’s quality assurance and improvement program (QAIP)?

Options:

A.

The organization is responsible for maintaining an effective QAIP

B.

The organization is responsible for the internal assessment of the QAIP

C.

The service provider is responsible for the external assessment of the QAIP every three years

D.

The QAIP should be postponed until the organization insources or cosources the internal audit function

Question 68

An organization's technician was granted a role that enables him to prioritize projects throughout the organization. Which type of authority will the technician most likely be exercising?

Options:

A.

Legitimate authority

B.

Coercive authority.

C.

Referent authority.

D.

Expert authority.

Question 69

Which of the following is a necessary action for an internal audit function if senior management chooses not to take action to remediate the finding and accepts the risk?

Options:

A.

The chief audit executive (CAE) must discuss this disagreement with senior management and communicate this information to external stakeholders

B.

The CAE must include this disagreement in the final audit report and conclude the engagement

C.

The CAE must make a judgment regarding the prudence of that decision and report to the board if needed

D.

The CAE must establish a follow-up process to monitor the acceptable risk level as part of the engagement

Question 70

Which statement is true regarding the development of a risk-based internal audit plan?

Options:

A.

It requires a previously conducted assurance engagement on the organization’s risk management maturity

B.

It requires an assessment by the internal audit function of key risks identified within the organization's risk management system

C.

It requires that at least 90% of planned engagements address areas critical to the organization's strategy

D.

It requires that an organization adheres to a well-recognized risk management framework in order to identify and manage its risks

Question 71

Which of the following activities best illustrates a user's authentication control?

Options:

A.

Identity requests are approved in two steps.

B.

Logs are checked for misaligned identities and access rights.

C.

Users have to validate their identity with a smart card.

D.

Functions can toe performed based on access rights

Question 72

When preparing the annual internal audit plan, which of the following should the chief audit executive (CAE) consider to optimize efficiency and effectiveness?

Options:

A.

The CAE should review the objectives and scope of the external audit plan and consider including audits with the same objectives and scope to ensure thorough coverage of the area

B.

The CAE should review the audit plan prepared by the compliance department and coordinate any audits in the same areas to reduce duplication of objectives and minimize disruption to the area under review

C.

The CAE should avoid reviewing plans by internal or external assurance providers to increase effectiveness and reduce bias in internal audit selection

D.

The CAE should review operational quality assurance audit plans, place reliance on the areas covered, and exclude those areas from final consideration in the annual internal audit plan

Question 73

Which of the following best describes the chief audit executive's responsibility for assessing the organization's residual risk?

Options:

A.

Create an action plan to mitigate the risk

B.

Incorporate management acceptance of risk in the workpapers as internal audit evidence

C.

Report deviations immediately to the board

D.

Communicate the matter with senior management

Question 74

When auditing the account receivables for the first time, an internal auditor noted that the finance team had not—over many accounting periods—reviewed the accounts receivables for debts that could no longer be collected. How should the auditor proceed?

Options:

A.

Escalate the finding to the board, due to the significance of the risk

B.

Recommend that management review the receivables for debts that can no longer be collected and remove them from the cash flow statement

C.

Recommend that management review the receivables for debts that can no longer be collected and write them off

D.

Document the finding and conclude that no immediate action is warranted, as bad debt allowances are merely estimates

Question 75

A manufacturer ss deciding whether to sell or process materials further. Which of the following costs would be relevant to this decision?

Options:

A.

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

B.

Joint costs, incremental processing costs, and variable manufacturing expenses.

C.

Incremental revenue, joint costs, and incremental processing costs.

D.

Variable manufacturing expenses, incremental revenue, and joint costs

Question 76

An internal auditor discovered that the organization was not in full compliance with a regulatory labeling requirement for one of its products. The responsible manager indicated that the current product labeling has been in use for several years without any problems. If discovered, this regulatory breach could result in significant fines for the organization. What should be the chief audit executive's next course of action?

Options:

A.

Discuss the matter with the CEO and other senior management

B.

Recommend that disciplinary action be taken against the manager for exposing the company to such risk

C.

Communicate to the board the current situation, including the risk exposure to the company

D.

Take on the initiative of implementing corrective actions to mitigate the identified risks

Question 77

A chief audit executive (CAE) is calculating the available internal audit resource hours while planning the annual internal audit plan. The CAE needs to calculate the total number of hours available for audits. Which of the following should be deducted in order to have time available only for engagements?

Options:

A.

Time spent on coaching the internal audit function on new engagement procedures

B.

Time spent on the preliminary risk assessment of the engagement

C.

Time spent for the documentation of supporting files for the engagement

D.

Time spent on reporting the results of the engagement

Question 78

At which fundamental level of a quality assurance and improvement program is an opinion expressed about the entire spectrum of the internal audit function’s work?

Options:

A.

At the external perspective level

B.

At the internal audit function level

C.

At the internal audit engagement level

D.

At the self-assessment activity level

Question 79

Which of the following statements is true regarding the management-by-objectives (MBO) approach?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks

C.

Management by objectives helps organizations to keep employees motivated

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Question 80

Which of the following is an example of a key systems development control typically found in the in-house development of an application system?

Options:

A.

Logical access controls monitor application usage and generate audit trails.

B.

The development process is designed to prevent, detect, and correct errors that may occur.

C.

A record is maintained to track the process of data from input, to output, to storage.

D.

Business users' requirements are documented, and their achievement is monitored.

Question 81

Which of the following are the most common characteristics of big data?

Options:

A.

Visibility, validity, vulnerability

B.

Velocity, variety, volume

C.

Complexity, completeness, constancy

D.

Continuity, control, convenience

Question 82

An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

Options:

A.

It is particularly helpful to management when the organization is facing rapid change

B.

It is a more successful approach when adopted by mechanistic organizations

C.

It is more successful when goal-setting is performed not only by management, but by all team members, including lower-level staff

D.

It is particularly successful in environments that are prone to having poor employer-employee relations

Question 83

During which phase of the contracting process are contracts drafted for a proposed business activity?

Options:

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Management phase.

Question 84

Which of the following is a result of implementing an e-commerce system that relies heavily on electronic data interchange (EDI) and electronic funds transfer (EFT) for purchasing and billing?

Options:

A.

Higher cash flow and treasury balances.

B.

Higher inventory balances.

C.

Higher accounts receivable.

D.

Higher accounts payable.

Question 85

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

A.

An extranet.

B.

A local area network (LAN).

C.

An intranet.

D.

The internet.

Question 86

IT governance begins with which of the following activities?

Options:

A.

Identification of risk-mitigating options.

B.

Definition of IT objectives.

C.

Identification of IT risk events.

D.

Definition of risk response policies.

Question 87

According to IIA guidance, which of the following statements is true regarding analytical procedures?

Options:

A.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist

B.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined

C.

Data relationships cannot include comparisons between operational and statistical data

D.

Analytical procedures can be used to identify differences, but cannot be used to identify the absence of differences

Question 88

An internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?

Options:

A.

The auditor is normalizing data in preparation for analyzing it.

B.

The auditor is analyzing the data in preparation for communicating the results.

C.

The auditor is cleaning the data in preparation for determining which processes may be involved.

D.

The auditor is reviewing the data prior to defining the question.

Question 89

A retail organization mistakenly did not include $10,000 of inventory in the physical count at the end of the year. What was the impact to the organization’s financial statements?

Options:

A.

Cost of sales and net income are understated

B.

Cost of sales and net income are overstated

C.

Cost of sales is understated and net income is overstated

D.

Cost of sales is overstated and net income is understated

Question 90

According to IIA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?

Options:

A.

Report identifying data that is outside of system parameters.

B.

Report identifying general ledger transactions by time and individual.

C.

Report comparing processing results with original input.

D.

Report confirming that the general ledger data was processed without error.

Question 91

Given the information below, which organization is in the weakest position to pay short-term debts?

Organization A: Current assets constitute $1,200,000; Current liabilities are $400,000

Organization B: Current assets constitute $1,000,000; Current liabilities are $1,000,000

Organization C: Current assets constitute $900,000; Current liabilities are $300,000

Organization D: Current assets constitute $1,000,000; Current liabilities are $250,000

Options:

A.

Organization A

B.

Organization B

C.

Organization C

D.

Organization D

Question 92

When using data analytics during a review of the procurement process, what is the first step in the analysis process?

Options:

A.

Identify data anomalies and outliers

B.

Define questions to be answered

C.

Identify data sources available

D.

Determine the scope of the data extract

Question 93

Which of the following authentication controls combines what a user knows with the unique characteristics of the user, respectively?

Options:

A.

Voice recognition and token

B.

Password and fingerprint

C.

Fingerprint and voice recognition

D.

Password and token

Question 94

Which of the following forms of compensation best indicates that an organization’s cost-saving objectives have been targeted?

Options:

A.

Gain sharing

B.

Commission

C.

Profit sharing

D.

Pension

Question 95

Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?

Options:

A.

Anti-malware software

B.

Authentication

C.

Spyware

D.

Rooting

Question 96

Which of the following statements is true regarding cost-volume-profit analysis?

Options:

A.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted

B.

Breakeven is the amount of units sold to cover variable costs

C.

Breakeven occurs when the contribution margin covers fixed costs

D.

Following breakeven, net operating income will increase by the excess of fixed costs less the variable costs per unit sold

Question 97

According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?

Options:

A.

Hot recovery plan

B.

Warm recovery plan

C.

Cold plan

D.

Absence of recovery plan

Question 98

Which of the following statements is true regarding the capital budgeting procedure known as the discounted payback period?

Options:

A.

It calculates the overall value of a project.

B.

It ignores the time value of money.

C.

It calculates the time a project takes to break even.

D.

It begins at time zero for the project.

Question 99

Which of the following is a systems software control?

Options:

A.

Restricting server room access to specific individuals.

B.

Housing servers with sensitive software away from environmental hazards.

C.

Ensuring that all user requirements are documented.

D.

Performing intrusion testing on a regular basis.

Question 100

The head of the research and development department at a manufacturing organization believes that his team lacks expertise in some areas and decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

Favorable labor efficiency variance

Adverse labor rate variance

Adverse labor efficiency variance

Favorable labor rate variance

Options:

A.

1 and 2.

B.

1 and 4.

C.

3 and 4.

D.

2 and 3.

Question 101

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various functions.

C.

Authority, responsibility, and accountability of the units involved may vary based on the project's life or the organization's culture.

D.

It is best suited for firms with scattered locations or for multi-line, large-scale firms.

Question 102

An organization that sells products to a foreign subsidiary wants to charge a price that will decrease import tariffs. Which of the following is the best course of action for the organization?

Options:

A.

Decrease the transfer price.

B.

Increase the transfer price.

C.

Charge at the arm’s length price.

D.

Charge at the optimal transfer price.

Question 103

A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?

Options:

A.

Fixed and variable manufacturing costs are less than the special offer selling price

B.

The manufacturer can fulfill the order without expanding the capacities of the production facilities

C.

Costs related to accepting this offer can be absorbed through the sale of other products

D.

The manufacturer’s production facilities are currently operating at full capacity

Question 104

Which of the following application controls is the most dependent on the password owner?

Options:

A.

Password selection.

B.

Password aging.

C.

Password lockout.

D.

Password rotation.

Question 105

Which of the following describes the most appropriate set of tests for auditing a workstation’s logical access controls?

Options:

A.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room

B.

Review the password length, frequency of change, and list of users for the workstation’s login process

C.

Review the list of people who attempted to access the workstation and failed, as well as error messages

D.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

Question 106

Which of the following types of data analytics would be used by a hospital to determine which patients are likely to require readmittance for additional treatment?

Options:

A.

Predictive analytics

B.

Prescriptive analytics

C.

Descriptive analytics

D.

Diagnostic analytics

Question 107

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange (EDI)?

Options:

A.

A just-in-time purchasing environment

B.

A large volume of custom purchases

C.

A variable volume sensitive to material cost

D.

A currently inefficient purchasing process

Question 108

Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Options:

A.

High-yield bonds

B.

Commodity-backed bonds

C.

Zero-coupon bonds

D.

Junk bonds

Question 109

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?

Options:

A.

Determining the frequency with which backups will be performed.

B.

Prioritizing the order in which business systems would be restored.

C.

Assigning who in the IT department would be involved in the recovery procedures.

D.

Assessing the resources needed to meet the data recovery objectives.

Question 110

An internal auditor found the following information while reviewing the monthly financial statements for a wholesaler of safety glasses: Opening inventory: 1,000 units at $2 per unit; Purchased: 5,000 units at $3 per unit; Sold: 3,000 units at $7 per unit. The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?

Options:

A.

Average cost method

B.

First-in, first-out (FIFO) method

C.

Specific identification method

D.

Activity-based costing method

Question 111

According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Options:

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Question 112

Which of the following is an advantage of a decentralized organizational structure, as opposed to a centralized structure?

Options:

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Question 113

Which of the following statements best describes the current state of data privacy regulation?

Options:

A.

Regulations related to privacy are evolving and complex, and the number of laws is increasing

B.

Most privacy laws are prescriptive and focused on organizations’ privacy rights

C.

The concept of data privacy is well established, privacy regulations are mature, and minimal regulatory changes are expected

D.

Because the concept of privacy is different around the world, data privacy is relatively unregulated

Question 114

Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of infringement on local regulations, such as copyright or privacy laws?

Options:

A.

Not installing anti-malware software.

B.

Updating operating software in a haphazard manner.

C.

Applying a weak password for access to a mobile device.

D.

Jailbreaking a locked smart device.

Question 115

Which of the following statements is most accurate concerning the management and audit of a web server?

Options:

A.

The file transfer protocol (FTP) should always be enabled

B.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts

C.

The number of ports and protocols allowed to access the web server should be maximized

D.

Secure protocols for confidential pages should be used instead of clear-text protocols such as HTTP or FTP

Question 116

Which of the following is an example of a physical control?

Options:

A.

Providing fire detection and suppression equipment

B.

Establishing a physical security policy and promoting it throughout the organization

C.

Performing business continuity and disaster recovery planning

D.

Keeping an offsite backup of the organization’s critical data

Question 117

Which of the following controls refers to requiring employees to use a combination of PINs, passwords, and/or biometrics to access an organization's smart device apps and data?

Options:

A.

Remote wipe.

B.

Software encryption.

C.

Device encryption.

D.

Authentication.

Question 118

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Options:

A.

Relationship with supervisor

B.

Salary

C.

Security.

D.

Achievement

Question 119

Which of the following organization structures would most likely be able to cope with rapid changes and uncertainties?

Options:

A.

Decentralized

B.

Centralized

C.

Departmentalized

D.

Tall structure

Question 120

An organization buys equity securities for trading purposes and sells them within a short time period. Which of the following is the correct way to value and report those securities at a financial statement date?

Options:

A.

At fair value with changes reported in the shareholders' equity section.

B.

At fair value with changes reported in net income.

C.

At amortized cost in the income statement.

D.

As current assets in the balance sheet

Question 121

An internal audit activity is piloting a data analytics model, which aims to identify anomalies in payments to vendors and potential fraud indicators. Which of the following would be the most appropriate criteria for assessing the success of the piloted model?

Options:

A.

The percentage of cases flagged by the model and confirmed as positives.

B.

The development and maintenance costs associated with the model

C.

The feedback of auditors involved with developing the model.

D.

The number of criminal investigations initiated based on the outcomes of the model

Question 122

Which of the following is required in effective IT change management?

Options:

A.

The sole responsibility for change management is assigned to an experienced and competent IT team

B.

Change management follows a consistent process and is done in a controlled environment.

C.

Internal audit participates in the implementation of change management throughout the organisation.

D.

All changes to systems must be approved by the highest level of authority within an organization.

Question 123

Which of the following backup methodologies would be most efficient in backing up a database in the production environment?

Options:

A.

Disk mirroring of the data being stored on the database.

B.

A differential backup that is performed on a weekly basis.

C.

An array of independent disks used to back up the database.

D.

An incremental backup of the database on a daily basis.

Question 124

Which of the following networks is suitable for an organization that has operations In multiple cities and countries?

Options:

A.

Wide area network.

B.

Local area network

C.

Metropolitan area network.

D.

Storage area network.

Question 125

Which of the following can be viewed as a potential benefit of an enterprisewide resource planning system?

Options:

A.

Real-time processing of transactions and elimination of data redundancies.

B.

Fewer data processing errors and more efficient data exchange with trading partners.

C.

Exploitation of opportunities and mitigation of risks associated with e-business.

D.

Integration of business processes into multiple operating environments and databases.

Question 126

Which of the following best describes a man-in-the-middle cyber-attack?

Options:

A.

The perpetrator is able to delete data on the network without physical access to the device.

B.

The perpetrator is able to exploit network activities for unapproved purposes.

C.

The perpetrator is able to take over control of data communication in transit and replace traffic.

D.

The perpetrator is able to disable default security controls and introduce additional vulnerabilities

Question 127

Which of the following common quantitative techniques used in capital budgeting is best associated with the use of a table that describes the present value of an annuity?

Options:

A.

Cash payback technique.

B.

Discounted cash flow technique: net present value.

C.

Annual rate of return

D.

Discounted cash flow technique: internal rate of return.

Question 128

Which of the following best describes a potential benefit of using data analyses?

Options:

A.

It easily aligns with existing internal audit competencies to reduce expenses

B.

It provides a more holistic view of the audited area.

C.

Its outcomes can be easily interpreted into audit: conclusions.

D.

Its application increases internal auditors' adherence to the Standards

Question 129

An organization contracted a third-party service provider to plan, design, and build a new facility. Senior management would like to transfer all of the risk to the builder. Which type of procurement contract would the organization use?

Options:

A.

Cost-plus contract.

B.

Turnkey contract.

C.

Service contract.

D.

Solutions contract.

Question 130

Which of the following types of budgets will best provide the basis for evaluating the organization's performance?

Options:

A.

Cash budget.

B.

Budgeted balance sheet.

C.

Selling and administrative expense budget.

D.

Budgeted income statement.

Question 131

Which of the following controls would enable management to receive timely feedback and help mitigate unforeseen risks?

Options:

A.

Measure product performance against an established standard.

B.

Develop standard methods for performing established activities.

C.

Require the grouping of activities under a single manager.

D.

Assign each employee a reasonable workload.

Question 132

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25.000 shirts. Actual sales total S300.000. What is margin of safety sales for the company?

Options:

A.

$100.000

B.

$200,000

C.

$275,000

D.

$500,000

Question 133

Which of the following is an example of a physical control designed to prevent security breaches?

Options:

A.

Preventing database administrators from initiating program changes

B.

Blocking technicians from getting into the network room.

C.

Restricting system programmers' access to database facilities

D.

Using encryption for data transmitted over the public internet

Question 134

Which of the following is true of bond financing, compared to common stock, when alJ other variables are equal?

Options:

A.

Lower shareholder control

B.

lower indebtedness

C.

Higher company earnings per share.

D.

Higher overall company earnings

Question 135

An internal auditor was assigned to test for ghost employees using data analytics. The auditor extracted employee data from human resources and payroll. Using spreadsheet functions, the auditor matched data sets by name and assumed that employees who were not present in each data set should be investigated further. However, the results seemed erroneous, as very few employees matched across all data sets. Which of the following data analytics steps has the auditor most likely omitted?

Options:

A.

Data analysis.

B.

Data diagnostics.

C.

Data velocity.

D.

Data normalization.

Question 136

A bond that matures after one year has a face value of S250,000 and a coupon of $30,000. if the market price of the bond is 5265,000, which of the following would be the market interest rate?

Options:

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12 50 percent.

Question 137

Which of the following performance measures includes both profits and investment base?

Options:

A.

Residual income

B.

A flexible budget

C.

Variance analysis.

D.

A contribution margin income statement by segment.

Question 138

Which of the following sites would an Internet service provider most likely use to restore operations after its servers were damaged by a natural disaster?

Options:

A.

On site.

B.

Cold site.

C.

Hot site.

D.

Warm site

Question 139

Which of the following statements is true concerning the basic accounting treatment of a partnership?

Options:

A.

The initial investment of each partner should be recorded at book value.

B.

The ownership ratio identifies the basis for dividing net income and net toss.

C.

A partner's capital only changes due to net income or net loss.

D.

The basis for sharing net incomes or net kisses must be fixed.

Question 140

When auditing databases, which of the following risks would an Internal auditor keep In mind In relation to database administrators?

Options:

A.

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

B.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

C.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

D.

The risk that database administrators could make hidden changes using privileged access.

Question 141

In accounting, which of the following statements is true regarding the terms debit and credit?

Options:

A.

Debit indicates the right side of an account and credit the left side

B.

Debit means an increase in an account and credit means a decrease.

C.

Credit indicates the right side of an account and debit the left side.

D.

Credit means an increase in an account and debit means a decrease

Question 142

A chief audit executive wants to implement an enterprisewide resource planning software. Which of the following internal audit assessments could provide overall assurance on the likelihood of the software implementation's success?

Options:

A.

Readiness assessment.

B.

Project risk assessment.

C.

Post-implementation review.

D.

Key phase review.

Question 143

Which of the following is an example of internal auditors applying data mining techniques for exploratory purposes?

Options:

A.

Internal auditors perform reconciliation procedures to support an external audit of financial reporting.

B.

Internal auditors perform a systems-focused analysis to review relevant controls.

C.

Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan

D.

Internal auditors test IT general controls with regard to operating effectiveness versus design

Question 144

Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organizations systems?

Options:

A.

Boundary defense

B.

Malware defense.

C.

Penetration tests

D.

Wireless access controls

Question 145

Which of the following Issues would be a major concern for internal auditors when using a free software to analyze a third-party vendor's big data?

Options:

A.

The ability to use the software with ease to perform the data analysis to meet the engagement objectives.

B.

The ability to purchase upgraded features of the software that allow for more In-depth analysis of the big data.

C.

The ability to ensure that big data entered into the software is secure from potential compromises or loss.

D.

The ability to download the software onto the appropriate computers for use in analyzing the big data.

Question 146

The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity's (lAArs) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA. Which of the following staffing approaches is the CAE most likely lo select?

Options:

A.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

B.

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

C.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

D.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

Question 147

An IT auditor is evaluating IT controls of a newly purchased information system. The auditor discovers that logging is not configured al database and application levels. Operational management explains that they do not have enough personnel to manage the logs and they see no benefit in keeping logs. Which of the fallowing responses best explains risks associated with insufficient or absent logging practices?

Options:

A.

The organization will be unable to develop preventative actions based on analytics.

B.

The organization will not be able to trace and monitor the activities of database administers.

C.

The organization will be unable to determine why intrusions and cyber incidents took place.

D.

The organization will be unable to upgrade the system to newer versions.

Question 148

Which of the following statements is true regarding user developed applications (UDAs) and traditional IT applications?

Options:

A.

UDAs arid traditional JT applications typically follow a similar development life cycle

B.

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

C.

Unlike traditional IT applications. UDAs typically are developed with little consideration of controls.

D.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Question 149

Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?

Options:

A.

Phishing.

B.

Ransomware.

C.

Hacking.

D.

Makvare

Question 150

Which of the following statements is true regarding activity-based costing (ABC)?

Options:

A.

An ABC costing system is similar to conventional costing systems in how it treats the allocation of manufacturing overhead.

B.

An ABC costing system uses a single unit-level basis to allocate overhead costs to products.

C.

An ABC costing system may be used with either a job order or a process cost accounting system.

D.

The primary disadvantage of an ABC costing system is less accurate product costing.

Question 151

Management is pondering the following question:

"How does our organization compete?"

This question pertains to which of the following levels of strategy?

Options:

A.

Functional-level strategy

B.

Corporate-level strategy.

C.

Business-level strategy,

D.

DepartmentsHevet strategy

Question 152

According to I1A guidance on IT. which of the following activities regarding information security Is most likely to be the responsibility of line management as opposed to executive management, internal auditors, or the board?

Options:

A.

Review and monitor security controls.

B.

Dedicate sufficient security resources.

C.

Provide oversight to the security function.

D.

Assess information control environments.

Question 153

A new clerk in the managerial accounting department applied the high-low method and computed the difference between the high and low levels of maintenance costs. Which type of maintenance costs did the clerk determine?

Options:

A.

Fixed maintenance costs.

B.

Variable maintenance costs.

C.

Mixed maintenance costs.

D.

Indirect maintenance costs.

Question 154

Which of the following items best describes the strategy of outsourcing?

Options:

A.

Contracting the work to Foreign Service providers to obtain lower costs

B.

Contracting functions or knowledge-related work with an external service provider.

C.

Contract -ng operation of some business functions with an internal service provider

D.

Contracting a specific external service provider to work with an internal service provider

Demo: 154 questions
Total 516 questions