IIA-CIA-Part3 Topic 1
Question #: 1
Topic #: 2
An organization accomplishes its goal to obtain a 40 percent share of the domestic market, but is unable to get the desired return on investment and output per hour of labor. Based on this information, the organization is most likely focused on which of the following?
A. Capital investment and not marketing.
B. Marketing and not capital investment.
C. Efficiency and not input economy.
D. Effectiveness and not efficiency.
Selected Answer: D
Question #: 2
Topic #: 2
An organization that sells products to a foreign subsidiary wants to charge a price that will decrease import tariffs. Which of the following is the best course of action for the organization?
A. Decrease the transfer price.
B. Increase the transfer price.
C. Charge at the arm’s length price.
D. Charge at the optimal transfer price.
Selected Answer: A
Question #: 4
Topic #: 2
An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?
A. Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.
B. Orders, commands, and advice are sent to the subsidiaries from headquarters.
C. People of local nationality are developed for the best positions within their own country.
D. There is a significant amount of collaboration between headquarters and subsidiaries.
Selected Answer: B
Question #: 5
Topic #: 2
Which of the following data security policies is most likely to be the result of a data privacy law?
A. Access to personally identifiable information is limited to those who need it to perform their job.
B. Confidential data must be backed up and recoverable within a 24-hour period.
C. Updates to systems containing sensitive data must be approved before being moved to production.
D. A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods.
Selected Answer: A
Question #: 6
Topic #: 1
The first stage in the development of a crisis management program is to:
A. Formulate contingency plans.
B. Conduct a risk analysis.
C. Create a crisis management team.
D. Practice the response to a crisis.
Selected Answer: C
Question #: 6
Topic #: 2
A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?
A. Fixed and variable manufacturing costs are less than the special offer selling price.
B. The manufacturer can fulfill the order without expanding the capacities of the production facilities.
C. Costs related to accepting this offer can be absorbed through the sale of other products.
D. The manufacturer’s production facilities are currently operating at full capacity.
Selected Answer: A
Question #: 7
Topic #: 2
Which of the following responsibilities would ordinarily fall under the help desk function of an organization?
A. Maintenance service items such as production support.
B. Management of infrastructure services, including network management.
C. Physical hosting of mainframes and distributed servers.
D. End-to-end security architecture design.
Selected Answer: B
Question #: 8
Topic #: 2
As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized data?
A. The auditor eliminated duplicate information.
B. The auditor organized data to minimize useless information.
C. The auditor made data usable for a specific purpose by ensuring that anomalies were identified and corrected.
D. The auditor ensured data fields were consistent and that data could be used for a specific purpose.
Selected Answer: D
Question #: 9
Topic #: 2
Which of the following authentication device credentials is the most difficult to revoke when an employee’s access rights need to be removed?
A. A traditional key lock.
B. A biometric device.
C. A card-key system.
D. A proximity device.
Selected Answer: B
Question #: 11
Topic #: 2
Which of the following IT-related activities is most commonly performed by the second line of defense?
A. Block unauthorized traffic.
B. Encrypt data.
C. Review disaster recovery test results.
D. Provide independent assessment of IT security.
Selected Answer: D
Question #: 12
Topic #: 1
Which of the following steps should an internal auditor take during an audit of an organization’s business continuity plans?
1. Evaluate the business continuity plans for adequacy and currency.
2. Prepare a business impact analysis regarding the loss of critical business.
3. Identify key personnel who will be required to implement the plans.
4. Identify and prioritize the resources required to support critical business processes.
A. 1 only
B. 2 and 4 only
C. 1, 3, and 4 only
D. 1, 2, 3, and 4
Selected Answer: A
Question #: 12
Topic #: 2
With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?
A. Determining the frequency with which backups will be performed.
B. Prioritizing the order in which business systems would be restored.
C. Assigning who in the IT department would be involved in the recovery procedures.
D. Assessing the resources needed to meet the data recovery objectives.
Selected Answer: B
Question #: 13
Topic #: 2
An internal auditor observed that the organization’s disaster recovery solution will make use of a cold site in a town several miles away. Which of the following is likely to be a characteristic of this disaster recovery solution?
A. Data is synchronized in real time.
B. Recovery time is expected to be less than one week.
C. Servers are not available and need to be procured.
D. Recovery resources and data restore processes have not been defined.
Selected Answer: C
Question #: 13
Topic #: 1
Which of the following engagement observations would provide the least motivation for management to amend or replace an existing cost accounting system?
A. The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition’s cost.
B. The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.
C. The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.
D. 50 percent of total organizational cost has been allocated on a volume basis.
Selected Answer: B
Question #: 14
Topic #: 2
During her annual performance review, a sales manager admits that she experiences significant stress due to her job but stays with the organization because of the high bonuses she earns. Which of the following best describes her primary motivation to remain in the job?
A. Intrinsic reward.
B. Job enrichment.
C. Extrinsic reward.
D. The hierarchy of needs.
Selected Answer: D
Question #: 15
Topic #: 2
What kind of strategy would be most effective for an organization to adopt in order to implement a unique advertising campaign for selling identical product lines across all of its markets?
A. Export strategy.
B. Transnational strategy.
C. Multi-domestic strategy.
D. Globalization strategy.
Selected Answer: D
Question #: 15
Topic #: 1
For an engineering department with a total quality management program, important elements of quality management include all of the following except:
A. Basing performance evaluations on the number of projects completed.
B. Comparing results with those of other engineering departments.
C. Creating a quality council within the engineering department.
D. Conducting post-project surveys on performance.
Selected Answer: A
Question #: 16
Topic #: 2
Which of the following risks is best addressed by encryption?
A. Information integrity risk.
B. Privacy risk.
C. Access risk.
D. Software risk.
Selected Answer: B
Question #: 16
Topic #: 1
Refer to the exhibit.
The figure below shows the network diagram for the activities of a large project. What is the shortest number of days in which the project can be completed?
A. 21 days.
B. 22 days.
C. 27 days.
D. 51 days.
Selected Answer: C
Question #: 17
Topic #: 2
Which of the following is an example of a key systems development control typically found in the in-house development of an application system?
A. Logical access controls monitor application usage and generate audit trails.
B. The development process is designed to prevent, detect, and correct errors that may occur.
C. A record is maintained to track the process of data from input, to output, to storage.
D. Business users’ requirements are documented, and their achievement is monitored.
Selected Answer: B
Question #: 17
Topic #: 1
Which of the following is a characteristic of just-in-time inventory management systems?
A. Users determine the optimal level of safety stocks.
B. They are applicable only to large organizations.
C. They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.
D. They rely heavily on high quality materials.
Selected Answer: C
Question #: 18
Topic #: 2
When using data analytics during a review of the procurement process, what is the first step in the analysis process?
A. Identify data anomalies and outliers.
B. Define questions to be answered.
C. Identify data sources available.
D. Determine the scope of the data extract.
Selected Answer: B
Question #: 18
Topic #: 1
The economic order quantity for inventory is higher for an organization that has:
A. Lower annual unit sales.
B. Higher fixed inventory ordering costs.
C. Higher annual carrying costs as a percentage of inventory value.
D. A higher purchase price per unit of inventory.
Selected Answer: B
Question #: 19
Topic #: 2
According to IIA guidance, which of the following statements is true regarding analytical procedures?
A. Data relationships are assumed to exist and to continue where no known conflicting conditions exist.
B. Analytical procedures are intended primarily to ensure the accuracy of the information being examined.
C. Data relationships cannot include comparisons between operational and statistical data.
D. Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences.
Selected Answer: A
Question #: 19
Topic #: 1
What must be monitored in order to manage risk of consumer product inventory obsolescence?
1. Inventory balances.
2. Market share forecasts.
3. Sales returns.
4. Sales trends.
A. 1 only
B. 4 only
C. 1 and 4 only
D. 1, 2, and 3 only
Selected Answer: C
Question #: 20
Topic #: 2
Which of the following physical access controls is most likely to be based on “something you have” concept?
A. A retina characteristics reader.
B. A PIN code reader.
C. A card-key scanner.
D. A fingerprint scanner.
Selected Answer: C
Question #: 20
Topic #: 1
The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:
A. Use an aging schedule to more closely estimate uncollectible accounts.
B. Eliminate the need for an allowance for doubtful accounts.
C. Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.
D. Use a method that approximates the matching principle.
Selected Answer: C
Question #: 22
Topic #: 2
An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?
A. It is particularly helpful to management when the organization is facing rapid change.
B. It is a more successful approach when adopted by mechanistic organizations.
C. It is more successful when goal-setting is performed not only by management, but by all team members, including lower-level staff.
D. It is particularly successful in environments that are prone to having poor employer-employee relations.
Selected Answer: C
Question #: 23
Topic #: 1
In an analysis of alternative credit-management policies, which of the following components will cause the net present value of receivables on credit sales to increase, if everything else remains constant?
A. A tougher collections policy that reduces the bad debt loss ratio.
B. A higher cost per unit sold.
C. A longer average collection period.
D. An increase in the cost of capital.
Selected Answer: A
Question #: 24
Topic #: 2
An organization’s account for office supplies on hand had a balance of $9,000 at the end of year one. During year two, the organization recorded an expense of
$45,000 for purchasing office supplies. At the end of year two, a physical count determined that the organization has $11,500 in office supplies on hand. Based on this information, what would be recorded in the adjusting entry at the end of year two?
A. A debit to office supplies on hand for $2,500
B. A debit to office supplies on hand for $11,500
C. A debit to office supplies on hand for $20,500
D. A debit to office supplies on hand for $42,500
Selected Answer: A
Question #: 27
Topic #: 2
An organization requires an average of 58 days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables. If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?
A. 26 days.
B. 90 days.
C. 100 days.
D. 110 days.
Selected Answer: B
Question #: 28
Topic #: 1
An organization is projecting sales of 100,000 units, at a unit price of $12. Unit variable costs are $7. If fixed costs are $350,000, what is the projected total contribution margin?
A. $350,000
B. $500,000
C. $850,000
D. $1,200,000
Selected Answer: C
Question #: 29
Topic #: 2
Which of the following statements is true regarding data backup?
A. System backups should always be performed real time.
B. Backups should be stored in a secured location onsite for easy access.
C. The tape rotation schedule affects how long data is retained.
D. Backup media should be restored only in case of a hardware or software failure.
Selected Answer: C
Question #: 29
Topic #: 1
When applied to international economics, the theory of comparative advantage proposes that total worldwide output will be greatest when:
A. Each nation’s total imports approximately equal its total exports.
B. Each good is produced by the nation that has the lowest opportunity cost for that good.
C. Goods that contribute to a nation’s balance-of-payments deficit are no longer imported.
D. International trade is unrestricted and tariffs are not imposed.
Selected Answer: B
Question #: 31
Topic #: 2
Which of the following statements is true regarding managerial accounts?
A. They must be prepared at least on a monthly basis.
B. They should be verifiable by external auditors.
C. They should be easily understandable by all management team members.
D. They should exclusively meet the needs of the user.
Selected Answer: D
Question #: 32
Topic #: 2
A retail organization mistakenly did not include $10,000 of inventory in the physical count at the end of the year. What was the impact to the organization’s financial statements?
A. Cost of sales and net income are understated.
B. Cost of sales and net income are overstated.
C. Cost of sales is understated and net income is overstated.
D. Cost of sales is overstated and net income is understated.
Selected Answer: D
Question #: 33
Topic #: 1
One change control function that is required in client/server environments, but is not required in mainframe environments, is to ensure that:
A. Program versions are synchronized across the network.
B. Emergency move procedures are documented and followed.
C. Appropriate users are involved in program change testing.
D. Movement from the test library to the production library is controlled.
Selected Answer: A
Question #: 35
Topic #: 2
An internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?
A. The auditor is normalizing data in preparation for analyzing it.
B. The auditor is analyzing the data in preparation for communicating the results.
C. The auditor is cleaning the data in preparation for determining which processes may be involved.
D. The auditor is reviewing the data prior to defining the question.
Selected Answer: A
Question #: 36
Topic #: 2
An internal auditor was asked to review an equal equity partnership. In one sampled transaction, Partner A transferred equipment into the partnership with a self- declared value of $10,000, and Partner B contributed equipment with a self-declared value of $15,000. The capital accounts of each partner were subsequently credited with $12,500. Which of the following statements is true regarding this transaction?
A. The capital accounts of the partners should be increased by the original cost of the contributed equipment.
B. The capital accounts should be increased using a weighted average based on the current percentage of ownership.
C. No action is needed, as the capital account of each partner was increased by the correct amount.
D. The capital accounts of the partners should be increased by the fair market value of their contribution.
Selected Answer: A
Question #: 37
Topic #: 2
Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?
A. Requested backup tapes were not returned from the offsite vendor in a timely manner.
B. Returned backup tapes from the offsite vendor contained empty spaces.
C. Critical systems have been backed up more frequently than required.
D. Critical system backup tapes are taken off site less frequently than required
Selected Answer: D
Question #: 37
Topic #: 1
The first step in determining product price is:
A. Determining the cost of the product.
B. Developing pricing objectives.
C. Evaluating prices set by the competitors.
D. Selecting a pricing method.
Selected Answer: B
Question #: 38
Topic #: 2
Which of the following is a systems software control?
A. Restricting server room access to specific individuals.
B. Housing servers with sensitive software away from environmental hazards.
C. Ensuring that all user requirements are documented.
D. Performing of intrusion testing on a regular basis.
Selected Answer: D
Question #: 39
Topic #: 2
An organization has an established bring-your-own-device policy. Due to this policy, which of the following privacy risks would be most relevant to the organization?
A. Employees who consider updates of software or operating systems degrading to the performance of their devices might choose not to install the updates.
B. Confidential intellectual property of the organization may be compromised if the smart device is physically lost.
C. Concern by employees that the organization could intrusively monitor them through their smart devices.
D. Malware may infect smart devices that contain the organization’s confidential data if the device does not have adequate security restrictions.
Selected Answer: C
Question #: 40
Topic #: 2
An internal auditor found the following information while reviewing the monthly financial statements for a wholesaler of safety glasses:
Opening inventory: 1,000 units at $2 per unit
Purchased: 5,000 units at $3 per unit
Sold: 3,000 units at $7 per unit
The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?
A. Average cost method.
B. First-in, first-out (FIFO) method.
C. Specific identification method.
D. Activity-based costing method.
Selected Answer: A
Question #: 40
Topic #: 1
Which of the following statements pertaining to a market skimming pricing strategy is not true?
A. The strategy is favored when unit costs fall with the increase in units produced.
B. The strategy is favored when buyers are relatively insensitive to price increases.
C. The strategy is favored when there is insufficient market capacity and competitors cannot increase market capacity.
D. The strategy is favored when high price is perceived as high quality.
Selected Answer: C
Question #: 41
Topic #: 1
Which of the following statements is true regarding the use of public key encryption to secure data while it is being transmitted across a network?
A. Both the key used to encrypt the data and the key used to decrypt the data are made public.
B. The key used to encrypt the data is kept private but the key used to decrypt the data is made public.
C. The key used to encrypt the data is made public but the key used to decrypt the data is kept private.
D. Both the key used to encrypt the data and the key used to decrypt the data are made private.
Selected Answer: C
Question #: 41
Topic #: 2
Which of the following capital budgeting techniques considers the expected total net cash flows from investment?
A. Cash payback.
B. Annual rate of return.
C. Incremental analysis.
D. Net present value.
Selected Answer: D
Question #: 42
Topic #: 2
A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?
A. Lack of coordination among different business units.
B. Operational decisions are inconsistent with organizational goals.
C. Suboptimal decision-making.
D. Duplication of business activities.
Selected Answer: D
Question #: 42
Topic #: 1
The market price is the most appropriate transfer price to be charged by one department to another in the same organization for a service provided when:
A. There is an external market for that service.
B. The selling department operates at 50 percent of its capacity.
C. The purchasing department has more negotiating power than the selling department.
D. There is no external market for that service.
Selected Answer: B
Question #: 44
Topic #: 2
Which of the following is classified as a product cost using the variable costing method?
1. Direct labor costs.
2. Insurance on a factory.
3. Manufacturing supplies.
4. Packaging and shipping costs.
A. 1 and 2.
B. 1 and 3.
C. 2 and 4.
D. 3 and 4.
Selected Answer: B
Question #: 44
Topic #: 1
During the last year, an organization had an opening inventory of $300,000, purchases of $980,000, sales of $1,850,000, and a gross margin of 40 percent. What is the closing inventory if the periodic inventory system is used?
A. $170,000
B. $280,000
C. $300,000
D. $540,000
Selected Answer: C
Question #: 45
Topic #: 2
An organization has 1,000 units of a defect item in stock. Per unit, market price is $10; production cost is $4; and the defect selling price is $5. What is the carrying amount (inventory value) of defects at year end?
A. $0
B. $4,000
C. $5,000
D. $10,000
Selected Answer: C
Question #: 45
Topic #: 1
Which of the following describes the free trade zone in an e-commerce environment?
A. Zone that separates an organization’s servers from outside forces.
B. Area in which messages are scrutinized to determine if they are authorized.
C. Area where communication and transactions occur between trusted parties.
D. Zone where data is encrypted, users are authenticated, and user traffic is filtered.
Selected Answer: D
Question #: 46
Topic #: 1
An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows:
Product X –
Product Y –
Selling price per unit –
$10
$13
Materials per unit (at $1/kg)
2 kg
6 kg
Monthly demand –
100 units
120 units
In order to maximize profit, how much of product Y should the organization produce each month?
A. 50 units.
B. 60 units.
C. 100 units.
D. 120 units.
Selected Answer: A
Question #: 46
Topic #: 2
Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?
A. A clothing company designs, makes, and sells a new item.
B. A commercial construction company is hired to build a warehouse.
C. A city department sets up a new firefighter training program.
D. A manufacturing organization acquires component parts from a contracted vendor.
Selected Answer: B
Question #: 47
Topic #: 2
At an organization that uses a periodic inventory system, the accountant accidentally understated the organization’s beginning inventory. How would the accountant’s accident impact the income statement?
A. Cost of goods sold will be understated and net income will be overstated.
B. Cost of goods sold will be overstated and net income will be understated.
C. Cost of goods sold will be understated and there will be no impact on net income.
D. There will be no impact on cost of goods sold and net income will be overstated.
Selected Answer: A
Question #: 49
Topic #: 2
Which of the following application controls is the most dependent on the password owner?
A. Password selection.
B. Password aging.
C. Password lockout.
D. Password rotation.
Selected Answer: A
Question #: 50
Topic #: 2
According to Herzberg’s Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees?
A. Salary and status.
B. Responsibility and advancement.
C. Work conditions and security.
D. Peer relationships and personal life.
Selected Answer: B
Question #: 51
Topic #: 1
Listening effectiveness is best increased by:
A. Resisting both internal and external distractions.
B. Waiting to review key concepts until the speaker has finished talking.
C. Tuning out messages that do not seem to fit the meeting purpose.
D. Factoring in biases in order to evaluate the information being given.
Selected Answer: D
Question #: 52
Topic #: 2
When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?
A. Direct product costs.
B. Indirect product costs.
C. Direct period costs.
D. Indirect period costs.
Selected Answer: B
Question #: 53
Topic #: 2
Which of the following is a result of implementing an e-commerce system, which relies heavily on electronic data interchange and electronic funds transfer, for purchasing and billing?
A. Higher cash flow and treasury balances.
B. Higher inventory balances.
C. Higher accounts receivable
D. Higher accounts payable.
Selected Answer: A
Question #: 54
Topic #: 2
Which of the following focuses on finding statistical relationships in order to create profiles?
A. Process mining.
B. Process analysis.
C. Data mining.
D. Data analysis.
Selected Answer: C
Question #: 54
Topic #: 1
Which of the following is a product-oriented definition of a business rather than a market-oriented definition of a business?
A. We are a people-and-goods mover.
B. We supply energy.
C. We make movies.
D. We provide climate control in the home.
Selected Answer: D
Question #: 55
Topic #: 1
A global business organization is selecting managers to post to various international (expatriate) assignments. In the screening process, which of the following traits would be required to make a manager a successful expatriate?
1. Superior technical competence.
2. Willingness to attempt to communicate in a foreign language.
3. Ability to empathize with other people.
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 3 only
D. 1, 2, and 3
Selected Answer: C
Question #: 55
Topic #: 2
Which of the following controls helps protect externally stored sensitive or confidential data from cyberthreats?
A. Secure configurations and access controls.
B. Strong vendor contracts with control reports provided by service organizations.
C. Active and frequent monitoring of network traffic activities.
D. Firewalls to block unauthorized processing of transactions.
Selected Answer: A
Question #: 56
Topic #: 2
According to IIA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?
A. Report identifying data that is outside of system parameters.
B. Report identifying general ledger transactions by time and individual.
C. Report comparing processing results with original input.
D. Report confirming that the general ledger data was processed without error.
Selected Answer: B
Question #: 57
Topic #: 2
Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?
A. The risk that users try to bypass controls and do not install required software updates.
B. The risk that smart devices can be lost or stolen due to their mobile nature.
C. The risk that an organization intrusively monitors personal information stored on smart devices.
D. The risk that proprietary information is not deleted from the device when an employee leaves.
Selected Answer: A
