March Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

IIA IIA-CIA-Part3-3P Dumps

CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

Question 1

An organization allows employees to use mobile devices for business purposes.

Which of the following could cause decreased employee productivity in case of data loss?

Options:

A.

Malware resulting in data leakage.

B.

Exposure of sensitive data.

C.

Lack of data encryption.

D.

Lack of data back up.

Question 2

How do data analysis technologies affect internal audit testing?

Options:

A.

They improve the effectiveness of spot check testing techniques

B.

They allow greater insight into high risk areas.

C.

They reduce the overall scope of the audit engagement.

D.

They increase the internal auditor's objectivity

Question 3

During which phase of the contacting process ate contracts drafted for a proposed business activity?

Options:

A.

Initiation phase

B.

Bidding phase

C.

Development phase

D.

Management phase

Question 4

An organization has a total asset turnover of 3.0 times and a total debt-to-total assets ratio of 80 percent. If the organization has total debt of $1 000 000 what is the organization's sales level?

Options:

A.

$266.667

B.

$416,667

C.

$3.750.000

D.

$5 000.000

Question 5

Which of the following is a project planning methodology that involves a complex series ot required simulations to provide information about schedule risk?

Options:

Question 6

An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational

capability in the event of a disaster.

Which of the following best describes this approach to disaster recovery planning?

Options:

A.

Cold recovery plan.

B.

Outsourced recovery plan.

C.

Storage area network recovery plan.

D.

Hot recovery plan.

Question 7

An organization suffered significant damage to its local file and application servers as a result of a hurricane. Fortunately, the organization was able to recover all information backed up by its overseas third-party contractor.

Which of the following approaches has been used by the organization?

Options:

A.

Application management.

B.

Data center management.

C.

Managed security services.

D.

Systems integration.

Question 8

What is the most significant potential problem introduced by just-in-time inventory systems?

Options:

A.

They require significant computer resources.

B.

They are susceptible to supply-chain disruptions.

C.

They require complicated materials-supply contracts.

D.

They prevent manufacturers from scaling up or down to meet changing demands.

Question 9

Which of the following activities best illustrates a user's authentication control?

Options:

A.

Identity requests are approved in two steps.

B.

Logs are checked for misaligned identities and access rights.

C.

Users have to validate their identity with a smart card.

D.

Functions can be performed based on access rights.

Question 10

Which of me following statements is true regarding the reporting of tangible and intangible assets?

Options:

A.

For plant assets cost includes the purchase price and the cost of design and construction

B.

For intangible assets cost includes the purchase price and development costs

C.

Due to their indefinite nature intangible assets are not subject to amortization

D.

The organization must expense any cost incurred in developing a plant asset

Question 11

Which of the following statements is true regarding partnership liquidation?

Options:

A.

Operations can continue after the liquidation if all partners agree

B.

Partnership liquidation ends both the legal and economic life of an entity

C.

Partnership liquidation occurs when there is capital deficiency Stable

D.

When a partnership is liquidated, each partner pays creditors from cash received

Question 12

A small software development firm designs and produces custom applications for businesses. The application development team consists of employees from multiple departments who all report to a single project manager.

Which of the following organizational structures does this situation represent?

Options:

A.

Functional departmentalization.

B.

Product departmentalization.

C.

Matrix organization.

D.

Divisional organization.

Question 13

Which of the following types of data analytics would be used by a hospital to determine which patients are likely to require readmittance for additional treatment?

Options:

A.

Predictive analytics

B.

Prescriptive analytics

C.

Descriptive analytics

D.

Diagnostic analytics

Question 14

An organization invests excess snort-term cash in trading securities. When of the following actions should an internal auditor take to test the valuation of those securities?

Options:

A.

Use the equity method to recalculate the investment carrying value

B.

Confirm the securities held by the broker

C.

Perform a calculation of premium or discount amortization.

D.

Compare the carrying value with current market quotations

Question 15

What would an internal auditor do to ensure that a process to mitigate risk is in place for the organization's change management process?

Options:

A.

Develop and enforce change policies to ensure employees are continually trained.

B.

Apply a risk-based approach and impose segregation of duties related to the change management process.

C.

Conduct a high-level threat analysis and implement a compensating control.

D.

Validate authorization, segregation of duties, testing of changes, and approval to move changes into production.

Question 16

An internal auditor has been approved lo gather data directly horn the organization's relational database management system tor data analyses To collect the data which of the Wowing is most important for the auditor to know?

Options:

A.

Structured query language

B.

Spreadsheet software such as Excel

C.

Data management system such as Oracle

D.

Basic web development

Question 17

While reviewing the contracts for a large city, the internal auditor learns that the organization contracted to perform trash collection is paid based on the number of bins emptied each week as a result, the city has minimal control over payments Which of the following actions should the auditor recommend to give the city greater control over payments?

Options:

A.

Change the contract so payment is based on the distances traveled by the contractor during collection.

B.

Renegotiate a lump-sum contract when the contract is up for renewal

C.

Assign a city employee to verify the number of bins emptied each day

D.

Require that the contractor provide supervisory review of the number of bins emptied each day

Question 18

Which of the following application controls checks the integrity of data entered into a business application?

Options:

A.

Input controls.

B.

Output controls

C.

Processing controls

D.

Integrity controls

Question 19

Which of the following IT-related activities is most commonly performed by the second line of defense?

Options:

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide independent assessment of IT security.

Question 20

While auditing an organization's customer call center, an internal auditor notices that key performance indicators show a positive trend despite the fact that there have been increasing customer complaints over the same period Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Options:

A.

Review the the call center script used by customer service agents to interact with callers and update the script rf necessary

B.

De-emphasize the importance of call center employees completing a certain number of calls per hour

C.

Retrain call center staff on area processes and common technical issues that they will Likely be asked to resolve

D.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Question 21

A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital's patient records information system. From the hospital management's perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement?

Options:

A.

Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current

legislation requirements in both regions.

B.

Include a "right to audit" clause in the contract and impose detailed security obligations on the

outsourced vendor

C.

Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services

D.

Develop an incident monitoring and response plan to track breaches from internal and external sources

Question 22

Which component of an organization's cybersecurity risk assessment framework would allow management to implement user controls based on a user's role?

Options:

A.

Prompt response and remediation policy.

B.

Inventory of information assets.

C.

Information access management.

D.

Standard security configurations.

Question 23

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25,000 shirts. Actual sales total $300,000.

What is margin of safety sales for the company?

Options:

A.

$100,000

B.

$200,000

C.

$275,000

D.

$500,000

Question 24

According to MA guidance, which of the following would indicate poor change management control?

1) Low change success rate

2) Occasional planned outages

3) Low number of emergency changes.

4) Instances of unauthorized changes

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 25

During disaster recovery planning, the organization established a recovery point objective. Which of the following best describes this concept?

Options:

A.

The maximum tolerable downtime after the occurrence of an incident.

B.

The maximum tolerable data loss after the occurrence of an incident.

C.

The maximum tolerable risk related to the occurrence of an incident.

D.

The minimum recovery resources needed after the occurrence of an incident.

Question 26

Based on lest results an IT auditor concluded that the organization would suffer unacceptable toss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

Options:

A.

Requested backup tapes were not returned from the offsite vendor in a timely manner

B.

Returned backup tapes from the offsite vendor contained empty spaces

C.

Critical systems have been Backed up more frequently than required.

D.

Critical system backup tapes are taken off site less frequently than required.

Question 27

Which of the following cybersecurity-related activities is most likely to be performed by the second line of defense?

Options:

A.

Deploy intrusion detection systems and conduct penetration testing

B.

Administer security procedures, training, and testing.

C.

Monitor incidents, key risk indicators, and remediation

D.

implement vulnerability management with internal and external scans.

Question 28

An internal auditor was asked to review an equal equity partnership In one sampled transaction Partner A transferred equipment into the partnership with a self-declared value of $10,000 and Partner B contributed equipment with a self-declared value of $15 000 The capital accounts of each partner were subsequently credited with S12,500. Which of the following statements is true regarding this transaction?

Options:

A.

The capital accounts of the partners should be increased by the original cost of the contributed equipment.

B.

The capital accounts should be increased using a weighted average based on the current percentage of ownership

C.

No action is needed as the capital account of each partner was increased by the correct amount

D.

The capital accounts of the partners should be increased by the fair market value of their contribution

Question 29

The board of directors wants to implement an incentive program for senior management that is specifically tied to the long-term health of the organization.

Which of the following methods of compensation would be best to achieve this goal?

Options:

A.

Commissions.

B.

Stock options.

C.

Gain-sharing bonuses.

D.

Allowances.

Question 30

Which of the following authentication controls combines what a user knows with the unique characteristics of the user respectively?

Options:

A.

Voice recognition and token.

B.

Password and fingerprint.

C.

Fingerprint and voice recognition

D.

Password and token

Question 31

Which of me Wowing summarizes information about the cash receipts and cash payments for a specific time period?

Options:

A.

Income statement

B.

Statement of cash flows.

C.

Balance sheet

D.

Owner's equity statement

Question 32

Which of the following IT controls includes protection for mainframe computers and workstations?

Options:

A.

Change management controls

B.

Physical and environmental controls.

C.

System software controls

D.

Organization and management controls

Question 33

Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?

Options:

A.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

B.

Review the password length, frequency of change, and list of users for the workstation's login process.

C.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

D.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

Question 34

Which of the following is a likely result of outsourcing?

Options:

A.

Increased dependence on suppliers.

B.

Increased importance of market strategy.

C.

Decreased sensitivity to government regulation.

D.

Decreased focus on costs.

Question 35

Which of the following organization structures would most likely be able to cope with rapid changes and uncertainties?

Options:

A.

Decentralized.

B.

Centralized.

C.

Departmentalized.

D.

Tall structure.

Question 36

A bond that matures after one year has a face value of $250,000 and a coupon of $30,000. If the market price of the bond is $265,000, which of the following would be the market interest rate?

Options:

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12.50 percent.

Question 37

Which of the following security controls would provide the most efficient and effective authentication for customers to access their online shopping account?

Options:

A.

12-digit password feature.

B.

Security question feature.

C.

Voice recognition feature.

D.

Two-level sign-on feature.

Question 38

What are the objectives of governance as defined by the Standards?

Options:

A.

Inform, direct, manage, and monitor.

B.

Identify, assess, manage, and control.

C.

Organize, assign, authorize, and implement.

D.

Add value, improve, assure, and conform.

Question 39

When auditing an application change control process, which of the following procedures should be included in the scope of the audit?

1) Ensure system change requests are formally initiated, documented, and approved.

2) Ensure processes are in place to prevent emergency changes from taking place.

3) Ensure changes are adequately tested before being placed into the production environment.

4) Evaluate whether the procedures for program change management are adequate.

Options:

A.

1 only

B.

1 and 3 only

C.

2 and 4 only

D.

1, 3, and 4 only

Question 40

Which of the following would best prevent unauthorized external changes to an organization's data?

Options:

A.

Antivirus software, firewall, data encryption.

B.

Firewall, data encryption, backup procedures.

C.

Antivirus software, firewall, backup procedures.

D.

Antivirus software, data encryption, change logs.

Question 41

Which of the following are typical responsibilities for operational management within a risk management program?

1) Implementing corrective actions to address process deficiencies.

2) Identifying shifts in the organization's risk management environment.

3)( Providing guidance and training on risk management processes.

4) Assessing the impact of mitigation strategies and activities.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 42

Within an enterprise, IT governance relates to the:

1) Alignment between the enterprise's IT long term plan and the organization's objectives.

2) Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives.

3) Operational plans established to support the IT strategies and objectives.

4) Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.

Options:

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

Question 43

Under a value-added taxing system:

Options:

A.

Businesses must pay a tax only if they make a profit.

B.

The consumer ultimately bears the cost of the tax through higher prices.

C.

Consumer savings are discouraged.

D.

The amount of value added is the difference between an organization's sales and its cost of goods sold.

Question 44

Organizations use matrix management to accomplish which of the following?

Options:

A.

To improve the chain of command.

B.

To strengthen corporate headquarters.

C.

To focus better on a single market.

D.

To increase lateral communication.

Question 45

The economic order quantity for inventory is higher for an organization that has:

Options:

A.

Lower annual unit sales.

B.

Higher fixed inventory ordering costs.

C.

Higher annual carrying costs as a percentage of inventory value.

D.

A higher purchase price per unit of inventory.

Question 46

Capacity overbuilding is most likely to occur when management is focused on which of the following?

Options:

A.

Marketing.

B.

Finance.

C.

Production.

D.

Diversification.

Question 47

Which of the following is a major advantage of decentralized organizations, compared to centralized organizations?

Options:

A.

Decentralized organizations are more focused on organizational goals.

B.

Decentralized organizations streamline organizational structure.

C.

Decentralized organizations tend to be less expensive to operate.

D.

Decentralized organizations tend to be more responsive to market changes.

Question 48

Which of the following statements is true regarding the use of public key encryption to secure data while it is being transmitted across a network?

Options:

A.

Both the key used to encrypt the data and the key used to decrypt the data are made public.

B.

The key used to encrypt the data is kept private but the key used to decrypt the data is made public.

C.

The key used to encrypt the data is made public but the key used to decrypt the data is kept private.

D.

Both the key used to encrypt the data and the key used to decrypt the data are made private.

Question 49

Which of the following describes the result if an organization records merchandise as a purchase, but fails to include it in the closing inventory count?

Options:

A.

The cost of goods sold for the period will be understated.

B.

The cost of goods sold for the period will be overstated.

C.

The net income for the period will be understated.

D.

There will be no effect on the cost of goods sold or the net income for the period.

Question 50

Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?

Options:

A.

Forming stage.

B.

Norming stage.

C.

Performing stage.

D.

Storming stage.

Question 51

Which of the following descriptions of the internal control system are indicators that risks are managed effectively?

1) Existing controls promote compliance with applicable laws and regulations.

2) The control environment is designed to address all identified risks to the organization.

3) Key controls for significant risks to the organization remain consistent over time.

4) Monitoring systems are in place to alert management to unexpected events.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 52

Which of the following is not a method for implementing a new application system?

Options:

A.

Direct cutover.

B.

Parallel.

C.

Pilot.

D.

Test.

Question 53

Which of the following conditions could lead an organization to enter into a new business through internal development rather than through acquisition?

Options:

A.

It is expected that there will be slow retaliation from incumbents.

B.

The acquiring organization has information that the selling organization is weak.

C.

The number of bidders to acquire the organization for sale is low.

D.

The condition of the economy is poor.

Question 54

Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?

Options:

A.

Increasing complexity over time.

B.

Interface with corporate systems.

C.

Ability to meet user needs.

D.

Hidden data columns or worksheets.

Question 55

In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?

Options:

A.

Identifying the processes at the activity level.

B.

Analyzing the organization's strategic plan where the business processes are defined.

C.

Analyzing the organization's objectives and identifying the processes needed to achieve the objectives.

D.

Identifying the risks affecting the organization, the objectives, and then the processes concerned.

Question 56

The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

Options:

A.

Risk acceptance.

B.

Risk sharing.

C.

Risk avoidance.

D.

Risk reduction.

Question 57

Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:

Activity Level -

Maintenance Cost

Month

Patient Days

January

5,600

$7,900

February

7,100

$8,500

March

5,000

$7,400

April

6,500

$8,200

May

7,300

$9,100

June

8,000

$9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

Options:

A.

Fixed cost.

B.

Variable cost.

C.

Total maintenance cost.

D.

Patient days.

Question 58

Which of the following standards would be most useful in evaluating the performance of a customer-service group?

Options:

A.

The average time per customer inquiry should be kept to a minimum.

B.

Customer complaints should be processed promptly.

C.

Employees should maintain a positive attitude when dealing with customers.

D.

All customer inquiries should be answered within seven days of receipt.

Question 59

In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?

Options:

A.

The underlying causes of the risk.

B.

The impact of the risk on the organization's objectives.

C.

The risk levels of current and future events.

D.

The potential for eliminating risk factors.

Question 60

Which of the following costs would be incurred in an inventory stockout?

Options:

A.

Lost sales, lost customers, and backorder.

B.

Lost sales, safety stock, and backorder.

C.

Lost customers, safety stock, and backorder.

D.

Lost sales, lost customers, and safety stock.

Question 61

Which of the following statements about slack time and milestones are true?

1) Slack time represents the amount of time a task may be delayed without delaying the entire project.

2) A milestone is a moment in time that marks the completion of the project's major deliverables.

3) Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.

4) A milestone requires resource allocation and needs time to be completed.

Options:

A.

1 and 4 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, 3, and 4

Question 62

Which of the following corporate social responsibility strategies is likely to be most effective in minimizing confrontations with influential activists and lobbyists?

Options:

A.

Continually evaluate the needs and opinions of all stakeholder groups.

B.

Ensure strict compliance with applicable laws and regulations to avoid incidents.

C.

Maintain a comprehensive publicity campaign that highlights the organization's efforts.

D.

Increase goodwill through philanthropic activities among stakeholder communities.

Question 63

Which of the following factors is considered a disadvantage of vertical integration?

Options:

A.

It may reduce the flexibility to change partners.

B.

It may not reduce the bargaining power of suppliers.

C.

It may limit the organization's ability to differentiate the product.

D.

It may lead to limited control of proprietary knowledge.

Question 64

Which of the following statements regarding organizational governance is not correct?

Options:

A.

An effective internal audit function is one of the four cornerstones of good governance.

B.

Those performing governance activities are accountable to the customer.

C.

Accountability is one of the key elements of organizational governance.

D.

Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

Question 65

Where complex problems need to be addressed, which of the following communication networks would be most appropriate?

Options:

A.

Chain.

B.

All-channel.

C.

Circle.

D.

Wheel.

Question 66

Presented below are partial year-end financial statement data (000 omitted from dollar amounts) for companies A and B:

If company A has a quick ratio of 2:1, then it has an accounts receivable balance of:

Options:

A.

$100

B.

$200

C.

$300

D.

$500

Question 67

When writing a business memorandum, the writer should choose a writing style that achieves all of the following except:

Options:

A.

Draws positive attention to the writing style.

B.

Treats all receivers with respect.

C.

Suits the method of presentation and delivery.

D.

Develops ideas without overstatement.

Question 68

A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system. Which of the following is most likely the cause of the difficulty?

Options:

A.

High degree of masculinity.

B.

Low uncertainty avoidance.

C.

High collectivism.

D.

Low long-term orientation.

Question 69

Which of the following price adjustment strategies encourages prompt payment?

Options:

A.

Cash discounts.

B.

Quantity discounts.

C.

Functional discounts.

D.

Seasonal discounts.

Question 70

Which of the following budgets must be prepared first?

Options:

A.

Cash budget.

B.

Production budget.

C.

Sales budget.

D.

Selling and administrative expenses budget.

Question 71

One change control function that is required in client/server environments, but is not required in mainframe environments, is to ensure that:

Options:

A.

Program versions are synchronized across the network.

B.

Emergency move procedures are documented and followed.

C.

Appropriate users are involved in program change testing.

D.

Movement from the test library to the production library is controlled.

Question 72

Which of the following statements about COBIT is not true?

Options:

A.

COBIT helps management understand and manage the risks associated with information technology (IT) processes.

B.

Management needs to determine the cost-benefit ratio of adopting COBIT control objectives.

C.

COBIT control objectives are specific to various IT platforms and help determine minimum controls.

D.

COBIT provides management with the capability to conduct self-assessments against industry best practices.

Question 73

According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?

Options:

A.

Access system security.

B.

Policy development.

C.

Change management.

D.

Operations processes.