IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

Cash payback technique.

Annual rate of return technique.

Internal rate of return method.

Net present value method.

Voice recognition and token.

Password and fingerprint.

Fingerprint and voice recognition

Password and token

Troubleshoot end user problems

Provide production support.

Provide physical security of databases

Maintain database integrity

Conduct a risk assessment regarding the effectiveness of the data analytics process.

Analyze possible and available sources of raw data

Define the purpose and the anticipated value

Select data for cleaning and normalization procedures.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.

Cost of sales and net income are understated

Cost of sales and net income are overstated

Cost of sales is understated and net income is overstated.

Cost of sales is overstated and net income is understated.

To ensure that data input into business applications is valid, complete, and accurate.

To prevent or detect errors in data processed using business applications.

To ensure that business applications are protected from unauthorized logical access.

To ensure the validity, accuracy, and completeness of outputs from business applications.

Identity requests are approved in two steps.

Logs are checked for misaligned identities and access rights.

Users have to validate their identity with a smart card.

Functions can be performed based on access rights.

Assigning new roles and responsibilities for senior IT management.

Growing use of bring your own devices tor organizational matters

Expansion of operations into new markets with united IT access

Hiring new personnel within the IT department tor security purposes

Horizontal analysis

Vertical analysis

Common-size analysis

Ratio analysis

Identify data anomalies and outliers

Define questions to be answered

Identify data sources available

Determine the scope of the data extract.

Access control via biometric authentication.

Access control via passcode authentication.

Access control via swipe pattern authentication.

Access control via security question authentication.

Reversing all previous closing adjustments is a mandatory step in the accounting cycle

Reversing entries should be completed at the end of the next accounting period after recording regular transactions of the period

Reversing entries are identical to the adjusting entries made in the previous period.

Reversing entries are the exact opposite of the adjustments made in the previous period.

Detailed analytics

Predictive analytics

Diagnostic analytics

Prescriptive analytics

Boundary defense

Malware defense

Penetration tests

Wireless access controls

Application input controls

Firewall controls.

Transmission encryption controls

Change management controls

An extranet

A local area network.

An intranet

The internet

1 and 3 only.

1 and 4 only.

2 and 3 only

3 and 4 only.

$100,000

$200,000

$275,000

$500,000

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate.

1 and 2

1 and 3

2 and 4

3 and 4

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

1 only

1 and 3 only

2 and 4 only

1, 3, and 4 only

Each party's negotiator presents a menu of options to the other party.

Each party adopts one initial position from which to start.

Each negotiator minimizes the information provided to the other party.

Each negotiator starts with an offer, which is optimal from the negotiator's perspective.

Dairy manufacturing company taking over a large dairy farm.

A movie producer acquires movie theaters.

A petroleum processing company acquires an agro-processing firm.

A baker taking over a competitor.

The bargaining power of buyers is forcing a drop in market prices.

There is pressure from the competitor's substitute products.

Strategic analysis by the organization indicates feasibility of expanding to new market niches.

The competitor announces a new warranty program.

Draws positive attention to the writing style.

Treats all receivers with respect.

Suits the method of presentation and delivery.

Develops ideas without overstatement.

Fixed cost.

Variable cost.

Total maintenance cost.

Patient days.

An effective internal audit function is one of the four cornerstones of good governance.

Those performing governance activities are accountable to the customer.

Accountability is one of the key elements of organizational governance.

Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

Weak entrance barriers.

Significant scale economies.

Steep experience curve.

Strong negotiation power with suppliers.

Businesses must pay a tax only if they make a profit.

The consumer ultimately bears the cost of the tax through higher prices.

Consumer savings are discouraged.

The amount of value added is the difference between an organization's sales and its cost of goods sold.

Giving assurance that risks are evaluated correctly.

Developing the risk management strategy for the board's approval.

Facilitating the identification and evaluation of risks.

Coaching management in responding to risk.

The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition's cost.

The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.

The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.

50 percent of total organizational cost has been allocated on a volume basis.

Develop and test the organization's disaster recovery plan.

Install and test fire detection and suppression equipment.

Restrict access to tangible IT resources.

Ensure that at least one developer has access to both systems and operations.

Accommodating.

Compromising.

Collaborating.

Competing.

Access is approved by the supervising manager.

User accounts specify expiration dates and are based on services provided.

Administrator access is provided for a limited period.

User accounts are deleted when the work is completed.

In a matrix organization, conflict between functional and product managers may arise.

In a matrix organization, staff under dual command is more likely to suffer stress at work.

Matrix organizations offer the advantage of greater flexibility.

Matrix organizations minimize costs and simplify communication.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

Affective component.

Cognition component.

Thinking component.

Behavioral component.

A slower response to external change.

Less controlled decision making.

More burden on higher-level managers.

Less use of employees' true skills and abilities.

Formulas and static data are locked or protected.

The spreadsheet is stored on a network server that is backed up daily.

The purpose and use of the spreadsheet are documented.

Check-in and check-out software is used to control versions.

Accounts receivable in the short term

Bonds to be held to maturity.

Notes receivable in the short term

Bonds to be held for sale in the short term.

Monitoring access to the online database.

Backing up and maintaining archived data.

Responding to customer inquiries.

Maintaining and assuring network security.

Normalize the data

Obtain the data

identify the risks

Analyze the data

Export strategy

Transnational strategy.

Multi-domestic strategy

Globalization strategy.

A star

A cash cow

A Question mark

A dog

The percentage of cases flagged by the model and confirmed as positives.

The development and maintenance costs associated with the model

The feedback of auditors involved with developing the model

The number of criminal investigations initiated based on the outcomes of the model

1 2. and 3 only.

1. 2 and 4 only

1, 3. and 4 only.

1,2. 3, and 4

Password selection

Password aging

Password lockout

Password rotation

Decentralized.

Centralized.

Departmentalized.

Tall structure.

A list of trustworthy good traffic and a list of unauthorized blocked traffic.

Monitoring for vulnerabilities based on industry intelligence

Comprehensive service level agreements with vendors.

Firewall and other network penmeter protection tools.

It uses the same products in all countries.

It centralizes control with little decision-making authority given to the local level.

It is an effective strategy when large differences exist between countries.

It provides cost advantages, improves coordinated activities, and speeds product development.

$160

$210

$350

$490

Recognize that organizations use different techniques for managing risk.

Seek assurance that the key objectives of the risk management processes are being met.

Determine and accept the level of risk for the organization.

Treat the evaluation of risk management processes differently from the risk analysis used to plan audit engagements.

There is an external market for that service.

The selling department operates at 50 percent of its capacity.

The purchasing department has more negotiating power than the selling department.

There is no external market for that service.

Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files.

The database management system acts as a layer between the application software and the operating system.

Applications pass on the instructions for data manipulation which are then executed by the database

management system.

The data within the database management system can only be manipulated directly by the database management system administrator.

The process is not sustained and is not optimized as planned.

There is a lack of alignment to organizational strategies.

The operational quality is less than projected.

There is increased potential for loss of assets.

Product departmentalization.

Process departmentalization.

Functional departmentalization.

Customer departmentalization.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Production controls weakness.

Application controls weakness.

Authorization controls weakness.

Change controls weakness.

It may reduce the flexibility to change partners.

It may not reduce the bargaining power of suppliers.

It may limit the organization's ability to differentiate the product.

It may lead to limited control of proprietary knowledge.

The total liabilities and total stockholder equity both increased.

The total liabilities and total stockholder equity both decreased.

The total liabilities decreased, and the total stockholder equity increased.

The total liabilities increased, and the total stockholder equity decreased.

Inform, direct, manage, and monitor.

Identify, assess, manage, and control.

Organize, assign, authorize, and implement.

Add value, improve, assure, and conform.

Antivirus software, firewall, data encryption.

Firewall, data encryption, backup procedures.

Antivirus software, firewall, backup procedures.

Antivirus software, data encryption, change logs.

Internal strengths and weaknesses.

Break-even points.

External trends and events.

Internal risk factors.

A higher initial investment level.

A higher discount rate.

Cash inflows that are larger in the later years of the life of the project.

Cash inflows that are larger in the earlier years of the life of the project.

Have to initiate a price war in order to enter the industry.

Face increased production costs.

Face increased marketing costs.

Face higher learning costs, which would increase fixed costs.

A zero-based budget provides estimates of costs that would be incurred under different levels of activity.

A zero-based budget maintains focus on the budgeting process.

A zero-based budget is prepared each year and requires each item of expenditure to be justified.

A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.

1 and 4 only

2 and 3 only

2, 3, and 4 only

1, 2, and 4 only

To assess whether an annual control review is necessary.

To determine conformance with requirements and agreements.

To evaluate executive management oversight.

To promote environmental awareness.