IIA-CIA-Part3-3P Practice Exam Questions with Answers CIA Exam Part Three: Business Knowledge for Internal Auditing Certification

1, 2, and 3 only

1, 2, and 4 only

1, 3, and 4 only

2, 3, and 4 only

Determining the trends that will influence key factors in the organization's environment.

Selecting the issue or decision that will impact how the organization conducts future business.

Selecting leading indicators to alert the organization of future developments.

Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.

Cash discounts.

Quantity discounts.

Functional discounts.

Seasonal discounts.

A detailed budget that identifies hardware resources for the project

A Gantt chart that identifies the critical path for completing the project

Change management controls to avoid technical conflicts within the application

A project plan with a flexible scope to accommodate legislative requirements

Less than 12 percent.

12 percent.

Between 12.01 percent and 12.50 percent.

More than 12.50 percent.

Conversion of user requirements into system specifications

Conversion of user requirements into program codes

Conversion of test data into production data

Conversion of data from the old system into the new system

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.

Performing a system audit.

Making system changes.

Testing policy compliance.

Conducting system monitoring.

The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.

The highest risk assessment should always be assigned to the area with the largest potential loss.

The highest risk assessment should always be assigned to the area with the highest probability of

occurrence.

Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

Antivirus software, firewall, data encryption.

Firewall, data encryption, backup procedures.

Antivirus software, firewall, backup procedures.

Antivirus software, data encryption, change logs.

Set clear objectives.

Engage the various communities of practice within the organization.

Demonstrate support from senior management.

Establish key competencies.

Have to initiate a price war in order to enter the industry.

Face increased production costs.

Face increased marketing costs.

Face higher learning costs, which would increase fixed costs.

1 and 3 only

2 and 4 only

1, 2, and 3 only

1, 2, and 4 only

Program versions are synchronized across the network.

Emergency move procedures are documented and followed.

Appropriate users are involved in program change testing.

Movement from the test library to the production library is controlled.

That do not have to be repaid for over one year.

That appear to be too risky for most lenders to consider.

Granted on the basis of a company's credit standing.

Backed by mortgaged assets.

A zero-based budget provides estimates of costs that would be incurred under different levels of activity.

A zero-based budget maintains focus on the budgeting process.

A zero-based budget is prepared each year and requires each item of expenditure to be justified.

A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.

Conduct periodic assessments of the organization's governance systems.

Obtain assurance concerning the effectiveness of the organization's governance systems.

Implement an effective system of internal controls to support the organization's governance systems.

Review and approve operational goals and objectives.

The strategy is favored when unit costs fall with the increase in units produced.

The strategy is favored when buyers are relatively insensitive to price increases.

The strategy is favored when there is insufficient market capacity and competitors cannot increase market capacity.

The strategy is favored when high price is perceived as high quality.

Draws positive attention to the writing style.

Treats all receivers with respect.

Suits the method of presentation and delivery.

Develops ideas without overstatement.

Monitoring.

Control activities.

Risk assessment.

Control environment.

Access to read application logs is restricted to authorized users.

Account balance information is encrypted in the database.

The web server used to host the application is located in a physically secure area.

Sensitive data, such as account numbers, are submitted using encrypted communications.

1 only

2 only

3 only

2 and 3 only

Hot site

Cold site

Redundant data center

Regular testing of the disaster plan

Program design, system requirements, software design, analysis, coding, testing, operations.

System requirements, software design, analysis, program design, testing, coding, operations.

System requirements, software design, analysis, program design, coding, testing, operations.

System requirements, analysis, coding, software design, program design, testing, operations.

Use of a formal systems development lifecycle.

End-user involvement.

Adequate software documentation.

Formalized non-regression testing phase.

Specific guidance must be followed when interacting with nongovernmental organizations.

Disclosure laws tend to be consistent from one jurisdiction to another.

There are several internationally recognized standards for dealing with financial donors.

Legal representation should be consulted before releasing internal audit information to other assurance

Ensuring that the other party has a personal stake in the agreement.

Focusing on interests rather than on obtaining a winning position.

Considering a few select choices during the settlement phase.

Basing the agreement on negotiating power and positioning leverage.

21 days.

22 days.

27 days.

51 days.

Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.

Workstation contains software that controls information flow between the organization's network and the Internet.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.

Workstation contains software that manages user's access and processing of stored data on the organization's network.

Encourage compliance with policies and procedures.

Safeguard the resources of the organization.

Ensure the accuracy, reliability, and timeliness of information.

Provide reasonable assurance on the achievement of objectives.

Evaluate the proposed external auditor fee.

Recommend criteria to be used in the selection process.

Develop appropriate performance metrics.

Monitor the work of the external auditors.

Times interest earned, return on assets, and inventory turnover.

Accounts receivable turnover, inventory turnover in days, and the current ratio.

Accounts receivable turnover, return on assets, and the current ratio.

Inventory turnover in days, the current ratio, and return on equity.

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, and 4 only

The process is not sustained and is not optimized as planned.

There is a lack of alignment to organizational strategies.

The operational quality is less than projected.

There is increased potential for loss of assets.

Access system security.

Policy development.

Change management.

Operations processes.

Process element.

Key principles.

Maturity model.

Assurance.

An effective internal audit function is one of the four cornerstones of good governance.

Those performing governance activities are accountable to the customer.

Accountability is one of the key elements of organizational governance.

Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

Resisting both internal and external distractions.

Waiting to review key concepts until the speaker has finished talking.

Tuning out messages that do not seem to fit the meeting purpose.

Factoring in biases in order to evaluate the information being given.

$160

$210

$350

$490

Determining the cost of the product.

Developing pricing objectives.

Evaluating prices set by the competitors.

Selecting a pricing method.

Observation.

Inspection.

Original cost.

Vouching.

Submit batches of test transactions through the current system and verify with expected results.

Use a test program to simulate the normal data entering process.

Select a sample of records from the database and ensure it matches supporting documentation.

Evaluate compliance with the organization's change management process.

To improve the chain of command.

To strengthen corporate headquarters.

To focus better on a single market.

To increase lateral communication.

Established strategy of players.

Low number of new firms.

High unit costs.

Technical expertise.

Deploy the policy in the corporate headquarters' language, so everyone gets an unfiltered version simultaneously.

Introduce the policy region by region, using any lessons learned to change the subsequent version of the policy for the next area.

Consult with legal and operational management in each affected country to ensure the final version can be implemented globally, following audit committee approval.

Send the board-approved version of the policy to each country's senior leadership and empower them to tailor the policy to the local language and culture.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

Electronic funds transfer.

Knowledge-based systems.

Biometrics.

Standardized graphical user interface.

Lack of awareness of the state of processing.

Increased cost and complexity of network traffic.

Interference of the mirrored data with the original source data.

Confusion about where customer data are stored.

A higher initial investment level.

A higher discount rate.

Cash inflows that are larger in the later years of the life of the project.

Cash inflows that are larger in the earlier years of the life of the project.

To assess whether an annual control review is necessary.

To determine conformance with requirements and agreements.

To evaluate executive management oversight.

To promote environmental awareness.

Fragmented industries.

Declining industries.

Mature industries.

Emerging industries.

7 percent simple interest with a 10 percent compensating balance.

7 percent simple interest paid at the end of each year.

7 percent discount interest.

7 percent compounding interest.

In a matrix organization, conflict between functional and product managers may arise.

In a matrix organization, staff under dual command is more likely to suffer stress at work.

Matrix organizations offer the advantage of greater flexibility.

Matrix organizations minimize costs and simplify communication.

Formulate contingency plans.

Conduct a risk analysis.

Create a crisis management team.

Practice the response to a crisis.

Cash budget.

Production budget.

Sales budget.

Selling and administrative expenses budget.

1 and 2 only

3 and 4 only

1, 2, and 4 only

2, 3, and 4 only

Users determine the optimal level of safety stocks.

They are applicable only to large organizations.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

They rely heavily on high quality materials.

Conform with all other parts of The IIA's Standards and provide appropriate disclosures.

Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.

Continue the engagement without conforming with the other parts of The IIA's Standards.

Withdraw from the engagement.

Direct cutover.

Parallel.

Pilot.

Test.

Globally accepted standards for industries and processes.

Bridging the gaps among control requirements, technical issues, and business risks.

Practical guidance and benchmarks for all organizations that use information systems.

Frameworks and guidance on enterprise risk management, internal control, and fraud deterrence.

We are a people-and-goods mover.

We supply energy.

We make movies.

We provide climate control in the home.

Production controls weakness.

Application controls weakness.

Authorization controls weakness.

Change controls weakness.

Interviewing the organization's employees.

Observing the organization's operations.

Reading the board's minutes.

Inspecting manuals and documents.

Prior to testing the new application.

During testing of the new application.

During implementation of the new application.

During maintenance of the new application.

Decentralized organizations are more focused on organizational goals.

Decentralized organizations streamline organizational structure.

Decentralized organizations tend to be less expensive to operate.

Decentralized organizations tend to be more responsive to market changes.

It values inventory close to current replacement cost.

It generates the highest profit when prices are rising.

It approximates the physical flow of goods.

It minimizes current-period income taxes.

Identifying the processes at the activity level.

Analyzing the organization's strategic plan where the business processes are defined.

Analyzing the organization's objectives and identifying the processes needed to achieve the objectives.

Identifying the risks affecting the organization, the objectives, and then the processes concerned.

Chain.

All-channel.

Circle.

Wheel.

Giving assurance that risks are evaluated correctly.

Developing the risk management strategy for the board's approval.

Facilitating the identification and evaluation of risks.

Coaching management in responding to risk.

$350,000

$500,000

$850,000

$1,200,000

Weak entrance barriers.

Significant scale economies.

Steep experience curve.

Strong negotiation power with suppliers.

Increase shareholder value.

Maximize market share.

Improve operational efficiency.

Mitigate losses.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

Review the password length, frequency of change, and list of users for the workstation's login process.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

A revenue calculation spreadsheet supported with price and volume reports from the production department

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantitates

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances.

Data values fall within a prescribed range.

Error listings are generated and promptly remediated.

Report distribution is restricted to authorized personnel.

Field amounts contain an upper or lower limit.

Monitoring network traffic.

Using whitelists and blacklists to manage network traffic.

Restricting access and blocking unauthorized access to the network.

Educating employees throughout the company to recognize phishing attacks.

Normalization.

Velocity.

Structurization.

Veracity.

Company A owns Company B; Company B sells goods to Company A.

Company A does not own Company B. Company A charges Company B a fee to sell Company B's goods without taking ownership of the goods.

Company A owns both Company B and Company C; all three companies sell goods to the public.

Company A moves goods internally from one location to another.

Normalize the data

Obtain the data

identify the risks

Analyze the data

The auditor is normalizing data in preparation for analyzing it

The auditor is analyzing the data in preparation for communicating the results

The auditor is cleaning the data in preparation for determining which processes may tie involved

The auditor is reviewing the data prior to defining the question

Rooting.

Eavesdropping.

Man in the middle.

Session hijacking.

Liquidity.

Profitability.

Solvency.

Efficiency.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

Breakeven point is the amount of units sold to cover variable costs.

Breakeven occurs when the contribution margin covers fixed costs

Following breakeven, net operating income will increase by the excess of fixed costs less the variable costs per units sold

Assets liabilities and owners' equity would be understated

Assets net income and owners' equity would be unaffected

Assets and liabilities would be understated

Assets net income and owners' equity would be understated, but liabilities would be overstated

Determining the frequency with which backups will be performed.

Prioritizing the order in which business systems would be restored.

Assigning who in the IT department would be involved in the recovery procedures.

Assessing the resources needed to meet the data recovery objectives

The capital accounts of the partners should be increased by the original cost of the contributed equipment.

The capital accounts should be increased using a weighted average based on the current percentage of ownership

No action is needed as the capital account of each partner was increased by the correct amount

The capital accounts of the partners should be increased by the fair market value of their contribution

Costs are affected by changes in activity only.

The behavior of costs and revenues is inverse.

When more than one type of product is sold, the sales mix changes.

Only variable costs have to be classified accurately.

Management by objectives is most helpful in organizations that nave rapid changes.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

Management by objectives helps organizations to keep employees motivated.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Backup media is not properly stored, as the storage facility should be off-site.

Backup procedures are adequate and appropriate according to best practices.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

Backup schedule is not sufficient, as full backup should be conducted daily.

Horizontal analysis

Vertical analysis

Common-size analysis

Ratio analysis

Requested backup tapes were not returned from the offsite vendor in a timely manner

Returned backup tapes from the offsite vendor contained empty spaces

Critical systems have been Backed up more frequently than required.

Critical system backup tapes are taken off site less frequently than required.

The risk that users try to bypass controls and do not install required software updates.

The risk that smart devices can be lost or stolen due to their mobile nature.

The risk that an organization intrusively monitors personal information stored on smart devices.

The risk that proprietary information is not deleted from the device when an employee leaves.

It would provide the ability to monitor in real-time.

It would assist in securing sensitive data.

It would help detect cyberattacks in a more timely fashion.

It would assist in ensuring that data integrity is maintained.

Monitoring access to the online database.

Backing up and maintaining archived data.

Responding to customer inquiries.

Maintaining and assuring network security.

Functional departmentalization.

Product departmentalization.

Matrix organization.

Divisional organization.

Articulation of the data.

Availability of the data

Measurability of the data

Relevance of the data

Predictive analytics

Prescriptive analytics

Descriptive analytics

Diagnostic analytics

Open-book management

Quality control circles

Self-managed teams

Cross-functional teams

Compliance

Privacy

Strategic

Physical security.

Input controls

Output controls

Integrity controls

Processing controls

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports.

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing the financial information of the company.

Input controls.

Segregation of duties.

Physical controls.

Integrity controls.

An application control review

A source code review

A design review

An access control review

Hot recovery plan

Warm recovery plan

Cold recovery plan.

Absence of recovery plan

An attempt at phishing.

An attempt at penetration testing

An attempt to patch the server

An attempt to launch malware

Access to personally identifiable information is limited to those who need it to perform their job.

Confidential data must be backed up and recoverable within a 24-hour period.

Updates to systems containing sensitive data must be approved before being moved to production.

A record of employees with access to insider information must be maintained and those employees may not trade company stock during blackout periods

Input controls

Output controls

Processing controls

Integrity controls

The percentage of cases flagged by the model and confirmed as positives.

The development and maintenance costs associated with the model

The feedback of auditors involved with developing the model

The number of criminal investigations initiated based on the outcomes of the model

A clothing company designs makes and sells a new item.

A commercial constructor company is hired to build a warehouse.

A city department sets up a new firefighter training program.

A manufacturing organization acquires component parts from a contracted vendor

The initial investment of each partner should be recorded at book value.

The ownership ratio identifies the basis for dividing net income and net loss.

A partner's capital only changes due to net income or net loss.

The basis for sharing net incomes or net losses must be fixed.

A debit to office supplies on hand for S2.500

A debit to office supplies on hand for $11,500

A debit to office supplies on hand for S20.500

A debit to office supplies on hand for S42.500

Information integrity risk.

Privacy risk

Access risk

Software risk

Total manufacturing costs are determined at the end of each period.

Costs are summarized in a production cost repot for each department

Three manufacturing cost elements are tracked direct materials direct labor and manufacturing overhead.

The unit cost can be calculated by dividing the total manufacturing costs for the period by the units produced during the period

Non-disclosure agreements between the firm and its employees

Logs of user activity within the information system

Two-factor authentication for access into the information system

Limited access to information based on employee duties

Authorization

Architecture model

Firewall

Virtual private network

The business continuity management charter.

The business continuity risk assessment plan

The business impact analysis plan

The business case for business continuity planning

Not installing anti-malware software

Updating operating software in a haphazard manner

Applying a weak password for access to a mobile device

Jailbreaking a locked smart device.

1, 2, 3, 4

2, 1, 4, 3

2, 4, 1, 3

4, 2, 1, 3

Operational plans.

Tactical plans.

Strategic plans.

Mission plans.

Linking performance to profitability measures such as return on investment.

Linking performance to the stock price.

Linking performance to quotas such as units produced.

Linking performance to nonfinancial measures such as customer satisfaction and employees training.

Duplicate testing.

Joining data sources

Gap analysis

Classification

For plant assets cost includes the purchase price and the cost of design and construction

For intangible assets cost includes the purchase price and development costs

Due to their indefinite nature intangible assets are not subject to amortization

The organization must expense any cost incurred in developing a plant asset

Fixed costs per unit for each additional unit sold

Variable costs per unit for each additional unit sold

Contribution margin per unit for each additional unit sold

Gross margin per unit for each additional unit sold

Implementation and transition phase.

Monitoring and reporting phase

Decision-making and business-case phase.

Tendering and contracting phase.

1 and 3

1 and 4

2 and 3

2 and 4

Detailed analytics

Predictive analytics

Diagnostic analytics

Prescriptive analytics

Logical access controls monitor application usage and generate audit trails.

The development process is designed to prevent, detect and correct errors that may occur

A record is maintained to track the process of data from input, to output, to storage

Business users' requirements are documented, and their achievement is monitored

Diversification

Vertical integration

Risk avoidance

Differentiation

Achievement-oriented style

People-oriented style

Goal-oriented style

Task-oriented style

An extranet

A local area network.

An intranet

The internet

Require regular performance appraisals

Perform exit interviews

Encourage periodic rotation of employee duties.

Ensure mandatory vacations

1

2

3

4

Data is synchronized in real lime

Recovery time is expected to be less than one week

Servers are not available and need to be procured

Recovery resources and data restore processes have not been defined

Process analysis.

Process mining.

Data analysis.

Data mining.

Cost method

Equity method

Consolidation method

Fair value method

It is useful when losses are considered insignificant.

It provides a better alignment with revenue.

It is the preferred method according to The IIA.

It states receivables at net realizable value on the balance sheet.

Whether customers are asked to renew their consent for their data processing at least quarterly.

Whether private data is processed in accordance with the purpose for which the consent was obtained.

Whether the organization has established explicit and entitywide policies on data transfer to third parties.

Whether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

Identity data anomalies and outliers

Define questions to be answered

identify data sources available

Determine the scope of the data extract

Reversing all previous closing adjustments is a mandatory step in the accounting cycle

Reversing entries should be completed at the end of the next accounting period after recording regular transactions of the period

Reversing entries are identical to the adjusting entries made in the previous period.

Reversing entries are the exact opposite of the adjustments made in the previous period.

If the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

The fixed cost per unit will vary directly based on the number of bicycles produced during the

production cycle

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run

If the number of bicycles produced is increased by 30 percent the fixed cost per unit will decline