IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

Inform, direct, manage, and monitor.

Identify, assess, manage, and control.

Organize, assign, authorize, and implement.

Add value, improve, assure, and conform.

Electronic funds transfer.

Knowledge-based systems.

Biometrics.

Standardized graphical user interface.

$170,000

$280,000

$300,000

$540,000

Specific guidance must be followed when interacting with nongovernmental organizations.

Disclosure laws tend to be consistent from one jurisdiction to another.

There are several internationally recognized standards for dealing with financial donors.

Legal representation should be consulted before releasing internal audit information to other assurance

Scope and initiation phase.

Business impact analysis.

Plan development.

Testing.

Due to their small size and portability smart devices and their associated data are typically less susceptible to physical loss

The Bluetooth and WI-FI features of smart devices enhance the security of data while in transit

The global positioning system (GPS) capability of smart devices could be exploited to plan cyberattacks

When the user fads to perform jailbreaking or rooting, data security and privacy risks we increased

An attempt at phishing.

An attempt at penetration testing

An attempt to patch the server

An attempt to launch malware

Full or near capacity in processes.

Smooth workflow among processes.

Few or no defects.

Lowered inventory levels.

Tax deductions, exemptions, and tax filings.

Tax deductions, exemptions, and tax brackets.

Tax brackets, tax deductions, and tax payments.

Tax brackets, exemptions, and nominal tax receipts.

Fixed cost.

Variable cost.

Total maintenance cost.

Patient days.

Offer a standard product that is targeted in the recognized market.

Invest in commodity or commodity-like product businesses.

Enter into a slow-growing market.

Use an established distribution relationship.

Access is approved by the supervising manager.

User accounts specify expiration dates and are based on services provided.

Administrator access is provided for a limited period.

User accounts are deleted when the work is completed.

That do not have to be repaid for over one year.

That appear to be too risky for most lenders to consider.

Granted on the basis of a company's credit standing.

Backed by mortgaged assets.

Relatively fast market entry.

Improved cash flow of the acquiring organization.

Increased diversity of corporate culture.

Opportunity to influence local government policy.

Lack of awareness of the state of processing.

Increased cost and complexity of network traffic.

Interference of the mirrored data with the original source data.

Confusion about where customer data are stored.

A flexible budget.

Variance analysis.

A contribution margin income statement by segment.

Residual income.

Access control via biometric authentication.

Access control via passcode authentication.

Access control via swipe pattern authentication.

Access control via security question authentication.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause.

Applying administrative privileges to ensure right-to-access controls are appropriate

Creating a standing cybersecurity committee to identify and manage risks related to data security

Salary and status

Responsibility and advancement

Work conditions and security

Peer relationships and personal life

Cash budget.

Budgeted balance sheet.

Selling and administrative expense budget.

Budgeted income statement.

Logical access controls monitor application usage and generate audit trails.

The development process is designed to prevent, detect and correct errors that may occur

A record is maintained to track the process of data from input, to output, to storage

Business users' requirements are documented, and their achievement is monitored

Establish separate vendor creation and approval teams.

Develop and distribute a code of conduct that prohibits conflicts of interest.

Perform a regular review of the vendor master file.

Require submission of a conflict-of-interest declaration.

Draft separate audit reports for business and IT management

Connect IT audit findings to business issues

Include technical details to support IT issues

Include an opinion on financial reporting accuracy and completeness

All personal information, by definition is considered to be sensitive, requiring specialized controls.

Information is not considered personal if it can only be linked to or used to identify an individual indirectly.

Individuals who provide personal information to organizations share in the risk of inappropriate

disclosure.

Good protection controls remove any restrictions on the quantity of personal information that can be collected

12-digit password feature.

Security question feature.

Voice recognition feature.

Two-level sign-on feature.

A detailed budget that identifies hardware resources for the project

A Gantt chart that identifies the critical path for completing the project

Change management controls to avoid technical conflicts within the application

A project plan with a flexible scope to accommodate legislative requirements

Validation of the achievement of their goals and objectives.

Increased knowledge through the performance of additional tasks.

Support for personal growth and a meaningful work experience.

An increased opportunity to manage better the work done by their subordinates.

Network

Database

Operating system

Server

Commissions.

Stock options.

Gain-sharing bonuses.

Allowances.

Achievement-oriented style

People-oriented style

Goal-oriented style

Task-oriented style

Maintenance service items such as production support

Management of infrastructure services including network management

Physical hosting of mainframes and distributed servers

End-to-end security architecture design

Determining the frequency with which backups will be performed.

Prioritizing the order in which business systems would be restored.

Assigning who in the IT department would be involved in the recovery procedures.

Assessing the resources needed to meet the data recovery objectives

Reversing all previous closing adjustments is a mandatory step in the accounting cycle

Reversing entries should be completed at the end of the next accounting period after recording regular transactions of the period

Reversing entries are identical to the adjusting entries made in the previous period.

Reversing entries are the exact opposite of the adjustments made in the previous period.

Capital investment and not marketing

Marketing and not capital investment.

Efficiency and not input economy.

Effectiveness and not efficiency.

Continually evaluate the needs and opinions of all stakeholder groups.

Ensure strict compliance with applicable laws and regulations to avoid incidents.

Maintain a comprehensive publicity campaign that highlights the organization's efforts.

Increase goodwill through philanthropic activities among stakeholder communities.

Access system security.

Policy development.

Change management.

Operations processes.

Specializing in proven manufacturing techniques that have made the organization profitable in the past.

Substituting its own production technology with advanced techniques used by its competitors.

Forgoing profits over a period of time to gain market share from its competitors.

Using the same branding to sell its products through new sales channels to target new markets.

Embryonic, focused.

Fragmented, decline.

Mature, fragmented.

Competitive, embryonic.

Government pressure on organizations to increase or maintain employment.

Production orientation of management.

Lack of credible market leader in the industry.

Company diversification.

Improved integrity of programs and processing.

Enhanced ongoing maintenance of the system.

Greater accuracy of the testing phase.

Reduced need for unexpected software changes.

Lost sales, lost customers, and backorder.

Lost sales, safety stock, and backorder.

Lost customers, safety stock, and backorder.

Lost sales, lost customers, and safety stock.

The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition's cost.

The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.

The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.

50 percent of total organizational cost has been allocated on a volume basis.

1 and 3 only

2 and 4 only

1, 2, and 4 only

1, 2, 3, and 4

Normalization.

Velocity.

Structurization.

Veracity.

Operating rate.

Asset efficiency rate.

Resource utilization rate.

Productivity rate.

Production information maintained in relational tables.

Tweets and posts of users on social media.

Photos and videos stored in hard drive catalogs.

Sales reports documented in word processing software.

Less use of policies and procedures

Less organizational commitment by employees

Less emphasis on extrinsic rewards

Less employees turnover

Password selection

Password aging

Password lockout

Password rotation

Diversification

Vertical integration

Risk avoidance

Differentiation

Rooting.

Eavesdropping.

Man in the middle.

Session hijacking.

Assets liabilities and owners' equity would be understated

Assets net income and owners' equity would be unaffected

Assets and liabilities would be understated

Assets net income and owners' equity would be understated, but liabilities would be overstated

A debit to office supplies on hand for S2.500

A debit to office supplies on hand for $11,500

A debit to office supplies on hand for S20.500

A debit to office supplies on hand for S42.500

A revenue calculation spreadsheet supported with price and volume reports from the production department

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantitates

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances.

Process analysis.

Process mining.

Data analysis.

Data mining.

Input controls

Output controls

Processing controls

Integrity controls

Suspend assumptions and negative feedback

Weight suggestions based on the speaker's level of authority.

Discuss the details of all options presented

Provide documentation to support their positions

An employee receives an email that appears to be from the organization's bank, though it is not. The employee replies to the email and sends the requested confidential information.

An organization's website has been hacked. The hacker added political content that is not consistent with the organization's views.

An organization's systems have been compromised by malicious software. The software locks the organization's operating system until d ransom is paid.

An organization's communication systems have been intercepted. A communication session is controlled by an unauthorized third party.

Operational plans.

Tactical plans.

Strategic plans.

Mission plans.

Buying an insurance policy to protect against loss events.

Hedging against natural gas price fluctuations.

Selling a non-strategic business unit.

Outsourcing a high risk process to a third party.

An offboarding procedure is initiated monthly to determine redundant physical access rights

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns

Requests for additional access rights are sent for approval and validation by direct supervisors

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Each nation's total imports approximately equal its total exports.

Each good is produced by the nation that has the lowest opportunity cost for that good.

Goods that contribute to a nation's balance-of-payments deficit are no longer imported.

International trade is unrestricted and tariffs are not imposed.

Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files.

The database management system acts as a layer between the application software and the operating system.

Applications pass on the instructions for data manipulation which are then executed by the database

management system.

The data within the database management system can only be manipulated directly by the database management system administrator.

Borrowers may not sign all required mortgage loan documentation.

Fees paid by the borrower at the time of the loan may not be deposited in a timely manner.

The bank's loan documentation may not meet the government's disclosure requirements.

Loan officers may override the lending criteria established by senior management.

Chain.

All-channel.

Circle.

Wheel.

The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.

The highest risk assessment should always be assigned to the area with the largest potential loss.

The highest risk assessment should always be assigned to the area with the highest probability of

occurrence.

Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

Program design, system requirements, software design, analysis, coding, testing, operations.

System requirements, software design, analysis, program design, testing, coding, operations.

System requirements, software design, analysis, program design, coding, testing, operations.

System requirements, analysis, coding, software design, program design, testing, operations.

Established strategy of players.

Low number of new firms.

High unit costs.

Technical expertise.

Determine the optimal amount of resources for the organization to invest in CSR.

Align CSR program objectives with the organization's strategic plan.

Integrate CSR activities into the organization's decision-making process.

Determine whether the organization has an appropriate policy governing its CSR activities.

Basing performance evaluations on the number of projects completed.

Comparing results with those of other engineering departments.

Creating a quality council within the engineering department.

Conducting post-project surveys on performance.

Have to initiate a price war in order to enter the industry.

Face increased production costs.

Face increased marketing costs.

Face higher learning costs, which would increase fixed costs.