During which phase of the contracting process ere contracts drafted for a proposed business activity?
A one-time password would most likely be generated in which of the following situations?
Which of the following statements is true regarding data backup?
An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?
Based on lest results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?
When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?
Which of the following job design techniques would most likely be used to increase employee motivation through job responsibility and recognition?
Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?
An organization has a declining inventory turnover but an Increasing gross margin rate, Which of the following statements can best explain this situation?
Which of the following is a systems software control?
Which of the following principles s shared by both hierarchies and open organizational structures?
1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions.
2. A supervisor's span of control should not exceed seven subordinates.
3. Responsibility should be accompanied by adequate authority.
4. Employees at all levels should be empowered to make decisions.
Which of the following is the best example of IT governance controls?
Which of the following should be included in a data privacy poky?
1. Stipulations for deleting certain data after a specified period of time.
2. Guidance on acceptable methods for collecting personal data.
3. A requirement to retain personal data indefinitely to ensure a complete audit trail,
4. A description of what constitutes appropriate use of personal data.
An organization's account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?
An organization uses the management-by-objectives method whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?
Which of the following statements is true regarding cost-volume-profit analysis?
What kind of strategy would be most effective for an organization to adopt in order to Implement a unique advertising campaign for selling identical product lines across all of its markets?
Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?
Which of the following is a security feature that Involves the use of hardware and software to filter or prevent specific Information from moving between the inside network and the outs de network?
Which of the following network types should an organization choose if it wants to allow access only to its own personnel?
Which of the following is classified as a product cost using the variable costing method?
1. Direct labor costs.
2. Insurance on a factory.
3. Manufacturing supplies.
4. Packaging and shipping costa.
An organization and its trading partner rely on a computer-to-computer exchange of digital business documents. Which of the following best describes this scenario?
A large retail customer made an offer to buy 10.000 units at a special price of $7 per unit. The manufacturer usually sells each unit for §10, Variable Manufacturing costs are 55 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?
For employees, the primary value of implementing job enrichment is which of the following?
Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?
Which of the following items represents the first thing that should be done with obtained dote in the data analytics process?
Which of the following statements. Is most accurate concerning the management and audit of a web server?
An internal auditor was asked to review an equal equity partnership, in one sampled transaction. Partner A transferred equipment into the partnership with a Self-declared value of 510 ,000, and Partner B contributed equipment with a self-declared value of 515,000. The capital accounts reach partner were subsequently credited with $12,500. Which of the following statements Is true regarding this transection?
An organization that soils products to a foreign subsidiary wants to charge a price that wilt decrease import tariffs. Which of the following is the best course of action for the organization?
Which of the following scenarios best illustrates a spear phishing attack?
According to IIA guidance, which of the following is a broad collection of integrated policies, standards, and procedures used to guide the planning and execution of a project?
Which of the following is true of matrix organizations?
Which of the following techniques would best detect on inventory fraud scheme?
Which of the following types of date analytics would be used by a hospital to determine which patients are likely to require remittance for additional treatment?
Which of the following best explains why an organization would enter into a capital lease contract?
While auditing an organization's customer call center, an internal auditor notices that Key performance indicators show a positive trend, despite the fact that there have been increasing customer complaints over the same period. Which of the following audit recommendations would most likely correct the cause of this inconsistency?
With regard to project management, which of the following statements about project crashing Is true?
Which of the following risks would Involve individuals attacking an oil company's IT system as a sign of solidarity against drilling in a local area?
An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?
An internal audit uncovered high-risk issues that needed to be addressed by the organization. During the exit conference, the audit team discussed the high-risk issues with the manager responsible for addressing them. How should the chief audit executive respond if the manager agrees to correct the issues identified during the audit?
The sole internal auditor of a municipality wants to implement proper supervision over internal audit workpapers. Which of the following would be the most appropriate?
Which of the following is most influenced by a retained earnings policy?
How should internal auditors respond when the manager of an area under review disagrees with a finding?
An internal audit team performed an assurance engagement of the organization's IT security. The audit team found significant flaws in the design and implementation of the internal control framework. IT department managers often disagreed with the audit team on the significance of the findings, claiming that the controls in place partly mitigated the risks. Which of the following should be included when communicating the engagement results to senior management?
According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?
Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?
Which of the following best explains the matching principle?
Which of the following IT layers would require the organization to maintain communication with a vendor in a tightly controlled and monitored manner?
As part of internal audit's risk assessment, a chief audit executive is determining certain factors as part of planning the areas to audit within an organization that makes silicon chips. Which of the following would be considered a subjective factor as part of the risk assessment?
An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational capability in the event of a disaster, Which of the following best describes this approach to disaster recovery planning?
Which of the following documents would provide an internal auditor with information on the length of time to maintain documents after the completion of an engagement?
In an organization with a poor control environment, which of the following indicators would help an internal audit function measure its ability to provide risk-based assurance?
Which of the following best describes owner's equity?
An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks. The auditor grouped the related risks into three categories;
- Risks specific to the organization itself.
- Risks specific to the service provider.
- Risks shared by both the organization and the service provider
Which of the following risks should the auditor classify as specific to the service provider?
Which of the following inventory costing methods requires the organization to account for the actual cost paid for the unit being sold?
Upon completing a follow-up audit engagement, the chief audit executive (CAE) noted that management has not implemented any mitigation measures to address the high risks that were reported in the initial audit report. What initial step must the CAE take to address this situation?
Which of the following best describes a detective control designed to protect an organization from cyberthreats and attacks?
Which of the following best describes the purpose of fixed manufacturing costs?
Which approach should a chief audit executive take when preparing the internal audit plan?
Which of the following scenarios would require the chief audit executive (CAE) to change the internal audit plan and seek approval for the changes from the board?
Which of the following would an organization execute to effectively mitigate and manage risks created by a crisis or event?
Which of the following should the chief audit executive agree upon with the board before starting an external assessment of the internal audit function?
During an internal audit engagement, numerous deficiencies in the organization's management of customer data were discovered, entailing the risk of breaching personal data protection legislation. An improvement plan was approved by senior management. Which of the following conditions observed during the periodic follow-up process best justifies the chief audit executive's decision to escalate the issue to the board?
According to IIA guidance, which of the following statements is true regarding communication of engagement results?
During a routine bank branch audit, the internal audit function observed that the sole security guard at the branch only worked part time. The chief audit executive (CAE) believed that this increased the risk of loss of property and life in the event of a robbery. The branch security manager informed the CAE that a full-time guard was not needed because the branch was in close proximity to a police station. Still, the CAE found this to be an unacceptable risk due to the recent increase in robberies in that area. Which of the following is the most appropriate next step for the CAE to take?
The chief audit executive (CAE) and management of the area under review disagree over managing a significant risk item. According to IIA guidance, which of the following actions should the CAE take first?
The board and senior management agree to outsource the internal audit function. Which of the following is true regarding the company’s quality assurance and improvement program (QAIP)?
An organization's technician was granted a role that enables him to prioritize projects throughout the organization. Which type of authority will the technician most likely be exercising?
Which of the following is a necessary action for an internal audit function if senior management chooses not to take action to remediate the finding and accepts the risk?
Which statement is true regarding the development of a risk-based internal audit plan?
Which of the following activities best illustrates a user's authentication control?
When preparing the annual internal audit plan, which of the following should the chief audit executive (CAE) consider to optimize efficiency and effectiveness?
Which of the following best describes the chief audit executive's responsibility for assessing the organization's residual risk?
When auditing the account receivables for the first time, an internal auditor noted that the finance team had not—over many accounting periods—reviewed the accounts receivables for debts that could no longer be collected. How should the auditor proceed?
A manufacturer ss deciding whether to sell or process materials further. Which of the following costs would be relevant to this decision?
An internal auditor discovered that the organization was not in full compliance with a regulatory labeling requirement for one of its products. The responsible manager indicated that the current product labeling has been in use for several years without any problems. If discovered, this regulatory breach could result in significant fines for the organization. What should be the chief audit executive's next course of action?
A chief audit executive (CAE) is calculating the available internal audit resource hours while planning the annual internal audit plan. The CAE needs to calculate the total number of hours available for audits. Which of the following should be deducted in order to have time available only for engagements?
At which fundamental level of a quality assurance and improvement program is an opinion expressed about the entire spectrum of the internal audit function’s work?
Which of the following statements is true regarding the management-by-objectives (MBO) approach?
Which of the following is an example of a key systems development control typically found in the in-house development of an application system?
Which of the following are the most common characteristics of big data?
An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?
During which phase of the contracting process are contracts drafted for a proposed business activity?
Which of the following is a result of implementing an e-commerce system that relies heavily on electronic data interchange (EDI) and electronic funds transfer (EFT) for purchasing and billing?
Which of the following network types should an organization choose if it wants to allow access only to its own personnel?
IT governance begins with which of the following activities?
According to IIA guidance, which of the following statements is true regarding analytical procedures?
An internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?
A retail organization mistakenly did not include $10,000 of inventory in the physical count at the end of the year. What was the impact to the organization’s financial statements?
According to IIA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?
Given the information below, which organization is in the weakest position to pay short-term debts?
Organization A: Current assets constitute $1,200,000; Current liabilities are $400,000
Organization B: Current assets constitute $1,000,000; Current liabilities are $1,000,000
Organization C: Current assets constitute $900,000; Current liabilities are $300,000
Organization D: Current assets constitute $1,000,000; Current liabilities are $250,000
When using data analytics during a review of the procurement process, what is the first step in the analysis process?
Which of the following authentication controls combines what a user knows with the unique characteristics of the user, respectively?
Which of the following forms of compensation best indicates that an organization’s cost-saving objectives have been targeted?
Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?
Which of the following statements is true regarding cost-volume-profit analysis?
According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?
Which of the following statements is true regarding the capital budgeting procedure known as the discounted payback period?
Which of the following is a systems software control?
The head of the research and development department at a manufacturing organization believes that his team lacks expertise in some areas and decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?
Favorable labor efficiency variance
Adverse labor rate variance
Adverse labor efficiency variance
Favorable labor rate variance
Which of the following is true of matrix organizations?
An organization that sells products to a foreign subsidiary wants to charge a price that will decrease import tariffs. Which of the following is the best course of action for the organization?
A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?
Which of the following application controls is the most dependent on the password owner?
Which of the following describes the most appropriate set of tests for auditing a workstation’s logical access controls?
Which of the following types of data analytics would be used by a hospital to determine which patients are likely to require readmittance for additional treatment?
Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange (EDI)?
Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?
With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?
An internal auditor found the following information while reviewing the monthly financial statements for a wholesaler of safety glasses: Opening inventory: 1,000 units at $2 per unit; Purchased: 5,000 units at $3 per unit; Sold: 3,000 units at $7 per unit. The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?
According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?
Which of the following is an advantage of a decentralized organizational structure, as opposed to a centralized structure?
Which of the following statements best describes the current state of data privacy regulation?
Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of infringement on local regulations, such as copyright or privacy laws?
Which of the following statements is most accurate concerning the management and audit of a web server?
Which of the following is an example of a physical control?
Which of the following controls refers to requiring employees to use a combination of PINs, passwords, and/or biometrics to access an organization's smart device apps and data?
According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?
Which of the following organization structures would most likely be able to cope with rapid changes and uncertainties?
An organization buys equity securities for trading purposes and sells them within a short time period. Which of the following is the correct way to value and report those securities at a financial statement date?
An internal audit activity is piloting a data analytics model, which aims to identify anomalies in payments to vendors and potential fraud indicators. Which of the following would be the most appropriate criteria for assessing the success of the piloted model?
Which of the following is required in effective IT change management?
Which of the following backup methodologies would be most efficient in backing up a database in the production environment?
Which of the following networks is suitable for an organization that has operations In multiple cities and countries?
Which of the following can be viewed as a potential benefit of an enterprisewide resource planning system?
Which of the following best describes a man-in-the-middle cyber-attack?
Which of the following common quantitative techniques used in capital budgeting is best associated with the use of a table that describes the present value of an annuity?
Which of the following best describes a potential benefit of using data analyses?
An organization contracted a third-party service provider to plan, design, and build a new facility. Senior management would like to transfer all of the risk to the builder. Which type of procurement contract would the organization use?
Which of the following types of budgets will best provide the basis for evaluating the organization's performance?
Which of the following controls would enable management to receive timely feedback and help mitigate unforeseen risks?
A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25.000 shirts. Actual sales total S300.000. What is margin of safety sales for the company?
Which of the following is an example of a physical control designed to prevent security breaches?
Which of the following is true of bond financing, compared to common stock, when alJ other variables are equal?
An internal auditor was assigned to test for ghost employees using data analytics. The auditor extracted employee data from human resources and payroll. Using spreadsheet functions, the auditor matched data sets by name and assumed that employees who were not present in each data set should be investigated further. However, the results seemed erroneous, as very few employees matched across all data sets. Which of the following data analytics steps has the auditor most likely omitted?
A bond that matures after one year has a face value of S250,000 and a coupon of $30,000. if the market price of the bond is 5265,000, which of the following would be the market interest rate?
Which of the following performance measures includes both profits and investment base?
Which of the following sites would an Internet service provider most likely use to restore operations after its servers were damaged by a natural disaster?
Which of the following statements is true concerning the basic accounting treatment of a partnership?
When auditing databases, which of the following risks would an Internal auditor keep In mind In relation to database administrators?
In accounting, which of the following statements is true regarding the terms debit and credit?
A chief audit executive wants to implement an enterprisewide resource planning software. Which of the following internal audit assessments could provide overall assurance on the likelihood of the software implementation's success?
Which of the following is an example of internal auditors applying data mining techniques for exploratory purposes?
Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organizations systems?
Which of the following Issues would be a major concern for internal auditors when using a free software to analyze a third-party vendor's big data?
The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity's (lAArs) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA. Which of the following staffing approaches is the CAE most likely lo select?
An IT auditor is evaluating IT controls of a newly purchased information system. The auditor discovers that logging is not configured al database and application levels. Operational management explains that they do not have enough personnel to manage the logs and they see no benefit in keeping logs. Which of the fallowing responses best explains risks associated with insufficient or absent logging practices?
Which of the following statements is true regarding user developed applications (UDAs) and traditional IT applications?
Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?
Which of the following statements is true regarding activity-based costing (ABC)?
Management is pondering the following question:
"How does our organization compete?"
This question pertains to which of the following levels of strategy?
According to I1A guidance on IT. which of the following activities regarding information security Is most likely to be the responsibility of line management as opposed to executive management, internal auditors, or the board?
A new clerk in the managerial accounting department applied the high-low method and computed the difference between the high and low levels of maintenance costs. Which type of maintenance costs did the clerk determine?
Which of the following items best describes the strategy of outsourcing?