Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium IIA IIA-CIA-Part3 Dumps Questions Answers

Business Knowledge for Internal Auditing Questions and Answers

Question 1

Which of the following information security controls has the primary function of preventing unauthorized outside users from accessing an organization's data through the organization's network?

Options:

A.

Firewall.

B.

Encryption.

C.

Antivirus.

D.

Biometrics.

Buy Now
Question 2

Which of the following controls would an internal auditor consider the most relevant to reduce risks of project cost overruns?

Options:

A.

Scope change requests are reviewed and approved by a manager with a proper level of authority.

B.

Cost overruns are reviewed and approved by a control committee led by the project manager.

C.

There is a formal quality assurance process to review scope change requests before they are implemented

D.

There is a formal process to monitor the status of the project and compare it to the cost baseline

Question 3

At an organization that uses a periodic inventory system, the accountant accidentally understated the organization s beginning inventory. How would the accountant's accident impact the income statement?

Options:

A.

Cost of goods sold will be understated and net income will be overstated.

B.

Cost of goods sold will be overstated and net income will be understated

C.

Cost of goods sold will be understated and there Wi-Fi be no impact on net income.

D.

There will be no impact on cost of goods sold and net income will be overstated

Question 4

Which of the following lists best describes the classification of manufacturing costs?

Options:

A.

Direct materials, indirect materials, raw materials.

B.

Overhead costs, direct labor, direct materials.

C.

Direct materials, direct labor, depreciation on factory buildings.

D.

Raw materials, factory employees' wages, production selling expenses.

Question 5

According to IIA guidance, which of the following would be the best first stop to manage risk when a third party is overseeing the organization's network and data?

Options:

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C.

Applying administrative privileges to ensure right to access controls are appropriate.

D.

Creating a standing cyber-security committee to identify and manage risks related to data security

Question 6

Which of the following IT disaster recovery plans includes a remote site dessgnated for recovery with available space for basic services, such as internet and

telecommunications, but does not have servers or infrastructure equipment?

Options:

A.

Frozen site

B.

Cold site

C.

Warm site

D.

Hot site

Question 7

Which of the following best explains the matching principle?

Options:

A.

Revenues should be recognized when earned.

B.

Revenue recognition is matched with cash.

C.

Expense recognition is tied to revenue recognition.

D.

Expenses are recognized at each accounting period.

Question 8

Which of the following scenarios best illustrates a spear phishing attack?

Options:

A.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

B.

A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.

C.

A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

D.

Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.

Question 9

An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team's performance related to how project tasks are completed?

Options:

A.

A balanced scorecard.

B.

A quality audit

C.

Earned value analysis.

D.

Trend analysis

Question 10

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Options:

A.

Relationship with supervisor

B.

Salary

C.

Security.

D.

Achievement

Question 11

Which of the following contract concepts is typically given in exchange for the execution of a promise?

Options:

A.

Lawfulness.

B.

Consideration.

C.

Agreement.

D.

Discharge

Question 12

Which of the following principles s shared by both hierarchies and open organizational structures?

1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions.

2. A supervisor's span of control should not exceed seven subordinates.

3. Responsibility should be accompanied by adequate authority.

4. Employees at all levels should be empowered to make decisions.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 13

Which of the following sites would an Internet service provider most likely use to restore operations after its servers were damaged by a natural disaster?

Options:

A.

On site.

B.

Cold site.

C.

Hot site.

D.

Warm site

Question 14

According to The IIA's Three Lines Model, which of the following IT security activities is commonly shared by all three lines?

Options:

A.

Assessments of third parties and suppliers.

B.

Recruitment and retention of certified IT talent.

C.

Classification of data and design of access privileges.

D.

Creation and maintenance of secure network and device configuration.

Question 15

Which of the following authentication device credentials is the most difficult to revoke when an employee s access rights need to be removed?

Options:

A.

A traditional key lock

B.

A biometric device

C.

A card-key system

D.

A proximity device

Question 16

Which of the following should software auditors do when reporting internal audit findings related to enterprisewide resource planning?

Options:

A.

Draft separate audit reports for business and IT management.

B.

Conned IT audit findings to business issues.

C.

Include technical details to support IT issues.

D.

Include an opinion on financial reporting accuracy and completeness.

Question 17

Which of the following is a likely result of outsourcing?

Options:

A.

Increased dependence on suppliers.

B.

Increased importance of market strategy.

C.

Decreased sensitivity to government regulation

D.

Decreased focus on costs

Question 18

The manager of the sales department wants to Increase the organization's net profit margin by 7% (from 43% in the prior year to 50% in the current year). Given the information provided in the table below, what would be the targeted sales amount for the current year?

Options:

A.

$20,000,000

B.

$24.500.000

C.

$30.000.000

D.

$35.200.000

Question 19

An organization created a formalized plan for a large project. Which of the following should be the first step in the project management plan?

Options:

A.

Estimate time required to complete the whole project.

B.

Determine the responses to expected project risks.

C.

Break the project into manageable components.

D.

Identify resources needed to complete the project

Question 20

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

D.

Use management software scan and then prompt parch reminders when devices connect to the network

Question 21

An organization's account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?

Options:

A.

A debit to office supplies on hand for S2.500

B.

A debit to office supplies on hand for $11.500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Question 22

A small software development firm designs and produces custom applications for businesses. The application development team consists of employees from multiple departments who all report to a single project manager. Which of the following organizational structures does this situation represent?

Options:

A.

Functional departmentalization.

B.

Product departmentalization

C.

Matrix organization.

D.

Divisional organization

Question 23

Which of the following common quantitative techniques used in capital budgeting is best associated with the use of a table that describes the present value of an annuity?

Options:

A.

Cash payback technique.

B.

Discounted cash flow technique: net present value.

C.

Annual rate of return

D.

Discounted cash flow technique: internal rate of return.

Question 24

A manufacturer ss deciding whether to sell or process materials further. Which of the following costs would be relevant to this decision?

Options:

A.

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

B.

Joint costs, incremental processing costs, and variable manufacturing expenses.

C.

Incremental revenue, joint costs, and incremental processing costs.

D.

Variable manufacturing expenses, incremental revenue, and joint costs

Question 25

Management is designing its disaster recovery plan. In the event that there is significant damage to the organization's IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration. Which of the following is the ideal solution for management in this scenario?

Options:

A.

A warm recovery plan.

B.

A cold recovery plan.

C.

A hot recovery plan.

D.

A manual work processes plan

Question 26

The head of the research arid development department at a manufacturing organization believes that his team lacks expertise in some areas, and he decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

1. Favorable labor efficiency variance.

2. Adverse labor rate variance.

3. Adverse labor efficiency variance.

4. Favorable labor rate variance.

Options:

A.

1 and 2

B.

1 and 4

C.

3 and A

D.

2 and 3

Question 27

Which of the following IT layers would require the organization to maintain communication with a vendor in a tightly controlled and monitored manner?

Options:

A.

Applications

B.

Technical infrastructure.

C.

External connections.

D.

IT management

Question 28

Which of the following is a systems software control?

Options:

A.

Restricting server room access to specific individuals

B.

Housing servers with sensitive software away from environmental hazards

C.

Ensuring that all user requirements are documented

D.

Performing of intrusion testing on a regular basis

Question 29

Which of the following is an example of internal auditors applying data mining techniques for exploratory purposes?

Options:

A.

Internal auditors perform reconciliation procedures to support an external audit of financial reporting.

B.

Internal auditors perform a systems-focused analysis to review relevant controls.

C.

Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan

D.

Internal auditors test IT general controls with regard to operating effectiveness versus design

Question 30

Which of the following techniques would best detect an inventory fraud scheme?

Options:

A.

Analyze Invoice payments just under individual authorization limits.

B.

Analyze stratification of inventory adjustments by warehouse location.

C.

Analyze inventory invoice amounts and compare with approved contract amounts.

D.

Analyze differences discovered during duplicate payment testing

Question 31

Which of the following statements describes the typical benefit of using a flat organizational structure for the internal audit activity, compared to a hierarchical structure?

Options:

A.

A flat structure results in lower operating and support costs than a hierarchical structure.

B.

A flat structure results in a stable and very collaborative environment.

C.

A flat structure enables field auditors to report to and learn from senior auditors.

D.

A flat structure is more dynamic and offers more opportunities for advancement than a hierarchical structure.

Question 32

A rapidly expanding retail organisation continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals

C.

Suboptimal decision making

D.

Duplication of business activities

Question 33

Which of the following can be viewed as a potential benefit of an enterprisewide resource planning system?

Options:

A.

Real-time processing of transactions and elimination of data redundancies.

B.

Fewer data processing errors and more efficient data exchange with trading partners.

C.

Exploitation of opportunities and mitigation of risks associated with e-business.

D.

Integration of business processes into multiple operating environments and databases.

Question 34

Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

Options:

A.

Cost method.

B.

Equity method .

C.

Consolidation method.

D.

Fair value method.

Question 35

When examining; an organization's strategic plan, an internal auditor should expect to find which of the following components?

Options:

A.

Identification of achievable goals and timelines

B.

Analysis of the competitive environment.

C.

Plan for the procurement of resources

D.

Plan for progress reporting and oversight.

Question 36

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

Options:

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Question 37

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?

Options:

A.

Monitoring network traffic.

B.

Using whitelists and blacklists to manage network traffic.

C.

Restricting access and blocking unauthorized access to the network

D.

Educating employees throughout the company to recognize phishing attacks.

Question 38

Which of the following physical security controls is able to serve as both a detective and preventive control?

Options:

A.

Authentication logs.

B.

Card key readers.

C.

Biometric devices

D.

Video surveillance.

Question 39

An organization is considering integration of governance, risk., and compliance (GRC) activities into a centralized technology-based resource. In implementing this GRC

resource, which of the following is a key enterprise governance concern that should be fulfilled by the final product?

Options:

A.

The board should be fully satisfied that there is an effective system of governance in place through accurate, quality information provided.

B.

Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.

C.

Key compliance and risk metrics can be tracked and compared throughout the enterprise, aiding in identifying problem departments.

D.

Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization.

Question 40

Which of the following cost of capital methods identifies the time period required to recover She cost of the capital investment from the annual inflow produced?

Options:

A.

Cash payback technique

B.

Annual rate of return technique.

C.

Internal rate of return method.

D.

Net present value method.

Question 41

Which of the following would an organization execute to effectively mitigate and manage risks created by a crisis or event?

Options:

A.

Only preventive measures.

B.

Alternative and reactive measures.

C.

Preventive and alternative measures.

D.

Preventive and reactive measures.

Question 42

Which of the following best describes depreciation?

Options:

A.

It is a process of allocating cost of assets between periods.

B.

It is a process of assets valuation.

C.

It is a process of accumulating adequate funds to replace assets.

D.

It is a process of measuring decline in the value of assets because of obsolescence

Question 43

Which of the following is an example of a physical control?

Options:

A.

Providing fire detection and suppression equipment

B.

Establishing a physical security policy and promoting it throughout the organization

C.

Performing business continuity and disaster recovery planning

D.

Keeping an offsite backup of the organization's critical data

Question 44

Which of the following security controls focuses most on prevention of unauthorized access to the power plant?

Options:

A.

An offboarding procedure is initiated monthly to determine redundant physical access rights.

B.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

C.

Requests for additional access rights are sent for approval and validation by direct supervisors.

D.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Question 45

According to IIA guidance on IT, which of the following controls the routing of data packets to link computers?

Options:

A.

Operating system

B.

Control environment

C.

Network.

D.

Application program code

Question 46

Which of these instances accurately describes the responsibilities for big data governance?

Options:

A.

Management must ensure information storage systems are appropriately defined and processes to update critical data elements are clear.

B.

External auditors must ensure that analytical models are periodically monitored and maintained.

C.

The board must implement controls around data quality dimensions to ensure that they are effective.

D.

Internal auditors must ensure the quality and security of data, with a heightened focus on the riskiest data elements.

Question 47

How can the concept of relevant cost help management with behavioral analyses?

Options:

A.

It explains the assumption mat both costs and revenues are linear through the relevant range

B.

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

Question 48

Which of the following is a limitation of the remote wipe for a smart device?

Options:

A.

Encrypted data cannot be locked to prevent further access

B.

Default settings cannot be restored on the device.

C.

All data, cannot be completely removed from the device

D.

Mobile device management software is required for successful remote wipe

Question 49

Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?

Options:

A.

Key performance indicators.

B.

Reports of software customization.

C.

Change and patch management.

D.

Master data management

Question 50

Which of the following activities best illustrates a user's authentication control?

Options:

A.

Identity requests are approved in two steps.

B.

Logs are checked for misaligned identities and access rights.

C.

Users have to validate their identity with a smart card.

D.

Functions can toe performed based on access rights

Question 51

What security feature would Identity a legitimate employee using her own smart device to gam access to an application run by the organization?

Options:

A.

Using a jailbroken or rooted smart device feature.

B.

Using only smart devices previously approved by the organization.

C.

Obtaining written assurance from the employee that security policies and procedures are followed.

D.

Introducing a security question known only by the employee.