IIA-CIA-Part3 Topic 2
Question #: 57
Topic #: 1
When initiating international ventures, an organization should consider cultural dimensions in order to prevent misunderstandings. Which of the following does not represent a recognized cultural dimension in a work environment?
A. Self control.
B. Power distance.
C. Masculinity versus femininity.
D. Uncertainty avoidance.
Selected Answer: D
Question #: 59
Topic #: 1
According to Porter’s model of competitive strategy, which of the following is a generic strategy?
1. Differentiation.
2. Competitive advantage.
3. Focused differentiation.
4. Cost focus.
A. 2 only
B. 3 and 4 only
C. 1, 3, and 4 only
D. 1, 2, 3, and 4
Selected Answer: C
Question #: 60
Topic #: 1
International marketing activities often begin with:
A. Standardization.
B. Global marketing.
C. Limited exporting.
D. Domestic marketing.
Selected Answer: B
Question #: 61
Topic #: 2
An internal auditor is assessing the risks related to an organization’s mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internal auditor be most concerned about?
A. Compliance.
B. Privacy.
C. Strategic.
D. Physical security.
Selected Answer: B
Question #: 66
Topic #: 2
An internal auditor considers the financial statement of an organization as part of a financial assurance engagement. The auditor expresses the organization’s electricity and depreciation expenses as a percentage of revenue to be 10% and 7% respectively. Which of the following techniques was used by the internal auditor in this calculation?
A. Horizontal analysis.
B. Vertical analysis.
C. Ratio analysis.
D. Trend analysis.
Selected Answer: B
Question #: 67
Topic #: 2
Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?
A. Risk tolerance.
B. Performance.
C. Threats and opportunities.
D. Governance.
Selected Answer: C
Question #: 70
Topic #: 2
An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization’s network incurred by this environment?
A. Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.
B. Ensure that relevant access to key applications is strictly controlled through an approval and review process.
C. Institute detection and authentication controls for all devices used for network connectivity and data storage.
D. Use management software to scan and then prompt patch reminders when devices connect to the network.
Selected Answer: D
Question #: 73
Topic #: 2
A new manager received computations of the internal rate of return regarding his project proposal. What should the manager compare the computation results to in order to determine whether the project is potentially acceptable?
A. Compare to the annual cost of capital.
B. Compare to the annual interest rate.
C. Compare to the required rate of return
D. Compare to the net present value.
Selected Answer: C
Question #: 73
Topic #: 1
An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?
A. Develop and test the organization’s disaster recovery plan.
B. Install and test fire detection and suppression equipment.
C. Restrict access to tangible IT resources.
D. Ensure that at least one developer has access to both systems and operations.
Selected Answer: D
Question #: 74
Topic #: 2
Which of the following statements is true regarding cost-volume-profit analysis?
A. Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.
B. Breakeven point is the amount of units sold to cover variable costs.
C. Breakeven occurs when the contribution margin covers fixed costs.
D. Following breakeven, net operating income will increase by the excess of fixed costs less the variable costs per units sold.
Selected Answer: C
Question #: 75
Topic #: 1
Which audit approach should be employed to test the accuracy of information housed in a database on an un-networked computer?
A. Submit batches of test transactions through the current system and verify with expected results.
B. Use a test program to simulate the normal data entering process.
C. Select a sample of records from the database and ensure it matches supporting documentation.
D. Evaluate compliance with the organization’s change management process.
Selected Answer: D
Question #: 76
Topic #: 1
Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?
1. The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The IAA must assess whether the IT governance of the organization supports the organizations strategies and objectives.
3. The IAA may assess whether the IT governance of the organization supports the organizations strategies and objectives.
4. The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organizations strategies and objectives.
A. 1 only
B. 4 only
C. 2 and 4
D. 3 and 4
Selected Answer: C
Question #: 77
Topic #: 2
Which of the following statements is true regarding the “management-by-objectives” method?
A. Management by objectives is most helpful in organizations that have rapid changes.
B. Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.
C. Management by objectives helps organizations to keep employees motivated.
D. Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.
Selected Answer: C
Question #: 78
Topic #: 2
The head of the research and development department at a manufacturing organization believes that his team lacks expertise in some areas, and he decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?
1. Favorable labor efficiency variance.
2. Adverse labor rate variance.
3. Adverse labor efficiency variance.
4. Favorable labor rate variance.
A. 1 and 2.
B. 1 and 4.
C. 3 and 4.
D. 2 and 3.
Selected Answer: A
Question #: 79
Topic #: 2
According to Maslow’s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?
A. Esteem by colleagues.
B. Self-fulfillment.
C. Sense of belonging in the organization.
D. Job security.
Selected Answer: B
Question #: 79
Topic #: 1
The internal audit activity completed an initial risk analysis of the organization’s data storage center and found several areas of concern. Which of the following is the most appropriate next step?
A. Risk response.
B. Risk identification.
C. Identification of context.
D. Risk assessment.
Selected Answer: C
Question #: 80
Topic #: 2
An organization allows employees to use their personal mobile devices to access its database. Which of the following best maintains the confidentiality of different records within the database?
A. Regular remote wiping of the mobile devices accessing the database.
B. Encrypted data transmissions between mobile devices and the database.
C. Restrictions on the access permissions when mobile devices are used.
D. The use of two-factor authentication algorithms for those who use remote access.
Selected Answer: D
Question #: 81
Topic #: 2
According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?
A. Hot recovery plan.
B. Warm recovery plan.
C. Cold recovery plan.
D. Absence of recovery plan.
Selected Answer: D
Question #: 82
Topic #: 2
Which of the following describes the most appropriate set of tests for auditing a workstation’s logical access controls?
A. Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.
B. Review the password length, frequency of change, and list of users for the workstation’s login process.
C. Review the list of people who attempted to access the workstation and failed, as well as error messages.
D. Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.
Selected Answer: D
Question #: 84
Topic #: 2
Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?
A. Anti-malware software.
B. Authentication.
C. Spyware.
D. Rooting.
Selected Answer: A
Question #: 85
Topic #: 1
Which of the following best describes a market signal?
A. The bargaining power of buyers is forcing a drop in market prices.
B. There is pressure from the competitor’s substitute products.
C. Strategic analysis by the organization indicates feasibility of expanding to new market niches.
D. The competitor announces a new warranty program.
Selected Answer: C
Question #: 85
Topic #: 2
According to IIA guidance on IT, which of the following strategies would provide the most effective access control over an automated point-of-sale system?
A. Install and update anti-virus software.
B. Implement data encryption techniques.
C. Set data availability by user need.
D. Upgrade firewall configuration.
Selected Answer: D
Question #: 86
Topic #: 2
According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?
A. Individual workstation computer controls are not as important as companywide server controls.
B. Particular attention should be paid to housing workstations away from environmental hazards.
C. Cybersecurity issues can be controlled at an enterprise level, making workstation level controls redundant.
D. With security risks near an all-time high, workstations should not be connected to the company network.
Selected Answer: B
Question #: 86
Topic #: 1
Which of the following is a limiting factor for capacity expansion?
A. Government pressure on organizations to increase or maintain employment.
B. Production orientation of management.
C. Lack of credible market leader in the industry.
D. Company diversification.
Selected Answer: D
Question #: 87
Topic #: 1
Which of the following stages of group development is associated with accepting team responsibilities?
A. Forming stage.
B. Performing stage.
C. Norming stage.
D. Storming stage.
Selected Answer: C
Question #: 87
Topic #: 2
How do data analysis technologies affect internal audit testing?
A. They improve the effectiveness of spot check testing techniques.
B. They allow greater insight into high risk areas.
C. They reduce the overall scope of the audit engagement.
D. They increase the internal auditor’s objectivity.
Selected Answer: D
Question #: 88
Topic #: 1
Which of the following is false with regard to Internet connection firewalls?
A. Firewalls can protect against computer viruses.
B. Firewalls monitor attacks from the Internet.
C. Firewalls provide network administrators tools to retaliate against hackers.
D. Firewalls may be software-based or hardware-based.
Selected Answer: C
Question #: 89
Topic #: 2
Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of infringement on local regulations, such as copyright or privacy laws?
A. Not installing anti-malware software.
B. Updating operating software in a haphazard manner.
C. Applying a weak password for access to a mobile device.
D. Jailbreaking a locked smart device.
Selected Answer: D
Question #: 89
Topic #: 1
Which of the following application software features is the least effective control to protect passwords?
A. Suspension of user IDs after a user’s repeated attempts to sign on with an invalid password.
B. Encryption of passwords prior to their transmission or storage.
C. Forced change of passwords after a designated number of days.
D. Automatic logoff of inactive users after a specified time period of inactivity.
Selected Answer: B
Question #: 90
Topic #: 2
According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data?
A. Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.
B. Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause.
C. Applying administrative privileges to ensure right-to-access controls are appropriate.
D. Creating a standing cybersecurity committee to identify and manage risks related to data security.
Selected Answer: B
Question #: 90
Topic #: 1
Which of the following are likely indicators of ineffective change management?
1. IT management is unable to predict how a change will impact interdependent systems or business processes.
2. There have been significant increases in trouble calls or in support hours logged by programmers.
3. There is a lack of turnover in the systems support and business analyst development groups.
4. Emergency changes that bypass the normal control process frequently are deemed necessary.
A. 1 and 3 only
B. 2 and 4 only
C. 1, 2, and 4 only
D. 1, 2, 3, and 4
Selected Answer: B
Question #: 91
Topic #: 1
Which of the following is the primary benefit of including end users in the system development process?
A. Improved integrity of programs and processing.
B. Enhanced ongoing maintenance of the system.
C. Greater accuracy of the testing phase.
D. Reduced need for unexpected software changes.
Selected Answer: C
Question #: 91
Topic #: 2
Which of the following is a security feature that involves the use of hardware and software to filter or prevent specific information from moving between the inside network and the outside network?
A. Authorization.
B. Architecture model.
C. Firewall.
D. Virtual private network
Selected Answer: C
Question #: 92
Topic #: 2
Which of the following is most important for an internal auditor to check with regard to the database version?
A. Verify whether the organization uses the most recent database software version.
B. Verify whether the database software version is supported by the vendor.
C. Verify whether the database software version has been recently upgraded.
D. Verify whether access to database version information is appropriately restricted.
Selected Answer: B
Question #: 92
Topic #: 1
Which of the following is the most appropriate test to assess the privacy risks associated with an organization’s workstations?
A. Penetration test.
B. Social engineering test.
C. Vulnerability test.
D. Physical control test.
Selected Answer: C
Question #: 93
Topic #: 2
Which of the following is an advantage of a decentralized organizational structure, as opposed to a centralized structure?
A. Greater cost-effectiveness,
B. Increased economies of scale.
C. Larger talent pool.
D. Strong internal controls.
Selected Answer: C
Question #: 94
Topic #: 1
An organization needs to borrow a large amount of cash to fund its expansion plan. Which of the following annual interest rates is least expensive?
A. 7 percent simple interest with a 10 percent compensating balance.
B. 7 percent simple interest paid at the end of each year.
C. 7 percent discount interest.
D. 7 percent compounding interest.
Selected Answer: C
Question #: 94
Topic #: 2
Which of the following is an example of a physical control?
A. Providing fire detection and suppression equipment.
B. Establishing a physical security policy and promoting it throughout the organization.
C. Performing business continuity and disaster recovery planning.
D. Keeping an offsite backup of the organization’s critical data.
Selected Answer: A
Question #: 95
Topic #: 2
Which of the following contract concepts is typically given in exchange for the execution of a promise?
A. Lawfulness.
B. Consideration
C. Agreement
D. Discharge.
Selected Answer: A
Question #: 97
Topic #: 1
Which of the following statements is true regarding the roles and responsibilities associated with a corporate social responsibility (CSR) program?
A. The board has overall responsibility for the internal control processes associated with the CSR program.
B. Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with the CSR program.
C. The internal audit activity is responsible for ensuring that CSR principles are integrated into the organization’s policies and procedures.
D. Every employee has a responsibility for ensuring the success of the organization’s CSR objectives.
Selected Answer: B
Question #: 97
Topic #: 2
Which of the following is the most appropriate way to record each partner’s initial investment in a partnership?
A. At the value agreed upon by the partners.
B. At book value.
C. At fair value.
D. At the original cost.
Selected Answer: A
Question #: 99
Topic #: 1
Which of the following is true regarding the COSO enterprise risk management framework?
A. The framework categorizes an organization’s objectives to distinct, non overlapping objectives.
B. Control environment is one of the framework’s eight components.
C. The framework facilitates effective risk management, even if objectives have not been established.
D. The framework integrates with, but is not dependent upon, the corresponding internal control framework.
Selected Answer: B
Question #: 100
Topic #: 2
Which of the following analytical techniques would an internal auditor use to verify that none of an organization’s employees are receiving fraudulent invoice payments?
A. Perform gap testing.
B. Join different data sources.
C. Perform duplicate testing.
D. Calculate statistical parameters.
Selected Answer: C
Question #: 101
Topic #: 1
The economic order quantity can be calculated using the following formula:
Which of the following describes how the optimal order size will change if the annual demand increases by 36 percent?
A. Decrease by about 17 percent.
B. Decrease by about 7 percent.
C. Increase by about 7 percent.
D. Increase by about 17 percent.
Selected Answer: A
Question #: 103
Topic #: 2
Which of the following is a characteristic of big data?
A. Big data is often structured.
B. Big data analytic results often need to be visualized.
C. Big data is often generated slowly and is highly variable.
D. Big data comes from internal sources kept in data warehouses.
Selected Answer: B
Question #: 104
Topic #: 2
Senior management is trying to decide whether to use the direct write-off or allowance method for recording bad debt on accounts receivables.
Which of the following would be the best argument for using the direct write-off method?
A. It is useful when losses are considered insignificant.
B. It provides a better alignment with revenue.
C. It is the preferred method according to The IIA.
D. It states receivables at net realizable value on the balance sheet.
Selected Answer: A
Question #: 104
Topic #: 1
A chief audit executive (CAE) was asked to participate in the selection of an external auditor. Which of the following would not be a typical responsibility for the
CAE?
A. Evaluate the proposed external auditor fee.
B. Recommend criteria to be used in the selection process.
C. Develop appropriate performance metrics.
D. Monitor the work of the external auditors.
Selected Answer: A
Question #: 107
Topic #: 2
The management of working capital is most crucial for which of the following aspects of business?
A. Liquidity.
B. Profitability.
C. Solvency.
D. Efficiency.
Selected Answer: A
Question #: 108
Topic #: 2
Which of the following types of budgets will best provide the basis for evaluating the organization’s performance?
A. Cash budget.
B. Budgeted balance sheet.
C. Selling and administrative expense budget.
D. Budgeted income statement.
Selected Answer: D
Question #: 109
Topic #: 1
Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)?
A. PKI uses an independent administrator to manage the public key.
B. The public key is authenticated against reliable third-party identification.
C. PKI’s public accessibility allows it to be used readily for e-commerce.
D. The private key uniquely authenticates each party to a transaction.
Selected Answer: C
Question #: 110
Topic #: 2
While conducting audit procedures at the organization’s data center, an internal auditor noticed the following:
– Backup media was located on data center shelves.
– Backup media was organized by date.
– Backup schedule was one week in duration.
– The system administrator was able to present restore logs.
Which of the following is reasonable for the internal auditor to conclude?
A. Backup media is not properly stored, as the storage facility should be off-site.
B. Backup procedures are adequate and appropriate according to best practices.
C. Backup media is not properly indexed, as backup media should be indexed by system, not date.
D. Backup schedule is not sufficient, as full backup should be conducted daily.
Selected Answer: A
Question #: 111
Topic #: 2
An organization is considering outsourcing its IT services, and the internal auditor is assessing the related risks. The auditor grouped the related risks into three categories:
– Risks specific to the organization itself.
– Risks specific to the service provider.
– Risks shared by both the organization and the service provider.
Which of the following risks should the auditor classify as specific to the service provider?
A. Unexpected increases in outsourcing costs.
B. Loss of data privacy.
C. Inadequate staffing.
D. Violation of contractual terms.
Selected Answer: C
Question #: 111
Topic #: 1
Which of the following application-based controls is an example of a programmed edit check?
A. Reasonableness check.
B. Transaction log.
C. Input error correction.
D. Authorization for access.
Selected Answer: B
Question #: 112
Topic #: 2
At what stage of project integration management would a project manager and project management team typically coordinate the various technical and organizational interfaces that exist in the project?
A. Project plan development.
B. Project plan execution.
C. Integrated change control.
D. Project quality planning.
Selected Answer: B
Question #: 112
Topic #: 1
Which of the following describes the result if an organization records merchandise as a purchase, but fails to include it in the closing inventory count?
A. The cost of goods sold for the period will be understated.
B. The cost of goods sold for the period will be overstated.
C. The net income for the period will be understated.
D. There will be no effect on the cost of goods sold or the net income for the period.
Selected Answer: C
Question #: 113
Topic #: 2
Which of the following security controls would provide the most efficient and effective authentication for customers to access their online shopping account?
A. 12-digit password feature.
B. Security question feature.
C. Voice recognition feature.
D. Two-level sign-on feature.
Selected Answer: D
Question #: 114
Topic #: 1
An organization accumulated the following data for the prior fiscal year:
Value of –
Percentage of –
Quarter –
Output Produced –
Cost X –
$4,750,000
2.9
$4,700,000
3.0
$4,350,000
3.2
$4,000,000
3.5
Based on this data, which of the following describes the value of Cost X in relation to the value of Output Produced?
A. Cost X is a variable cost.
B. Cost X is a fixed cost.
C. Cost X is a semi-fixed cost.
D. Cost X and the value of Output Produced are unrelated.
Selected Answer: B
Question #: 115
Topic #: 1
Which of the following statements is false regarding the internal audit approach when a set of standards other than The IIA’s Standards is applicable to a specific engagement?
A. The internal auditor may cite the use of other standards during audit communications.
B. If the other standards are government-issued, the internal auditor should apply them in conjunction with The IIA’s Standards.
C. If there are inconsistencies between the other standards and The IIA’s Standards, the internal auditor must use the more restrictive standards.
D. If there are inconsistencies between the other standards and The IIA’s Standards, the internal auditor must use the less restrictive standards.
Selected Answer: A
Question #: 116
Topic #: 2
During a review of the accounts payable process, an internal auditor gathered all of the vendor payment transactions for the past 24 months. The auditor then used an analytics tool to identify the top five vendors that received the highest sum of payments.
Which of the following analytics techniques did the auditor apply?
A. Process analysis.
B. Process mining.
C. Data analysis.
D. Data mining.
Selected Answer: C
Question #: 116
Topic #: 1
An internal auditor is trying to assess control risk and the effectiveness of an organization’s internal controls. Which of the following audit procedures would not provide assurance to the auditor on this matter?
A. Interviewing the organization’s employees.
B. Observing the organization’s operations.
C. Reading the board’s minutes.
D. Inspecting manuals and documents.
Selected Answer: D
Question #: 119
Topic #: 1
According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?
1. Every employee generally has a responsibility for ensuring the success of CSR objectives.
2. The board has overall responsibility for the effectiveness of internal control processes associated with CSR.
3. Public reporting on the CSR governance process is expected.
4. Organizations generally have flexibility regarding what is included in a CSR program.
A. 1, 2, and 3 only
B. 1, 2, and 4 only
C. 1, 3, and 4 only
D. 2, 3, and 4 only
Selected Answer: B
Question #: 121
Topic #: 2
Which of the following attributes of data is the most significantly impacted by the internet of things?
A. Normalization.
B. Velocity.
C. Structurization.
D. Veracity.
Selected Answer: B
Question #: 122
Topic #: 1
Which of the following is an example of a risk avoidance response?
A. Buying an insurance policy to protect against loss events.
B. Hedging against natural gas price fluctuations.
C. Selling a non-strategic business unit.
D. Outsourcing a high risk process to a third party.
Selected Answer: A
Question #: 124
Topic #: 2
In accounting, which of the following statements is true regarding the terms debit and credit?
A. Debit indicates the right side of an account and credit the left side.
B. Debit means an increase in an account and credit means a decrease.
C. Credit indicates the right side of an account and debit the left side.
D. Credit means an increase in an account and debit means a decrease.
Selected Answer: C
Question #: 125
Topic #: 2
Which of the following controls is designed to mitigate a physical IT risk?
A. An automated fire prevention system.
B. Access control restrictions in a system.
C. Anti-malware protection software.
D. A network isolating firewall system.
Selected Answer: A
Question #: 126
Topic #: 1
Which of the following are typical responsibilities for operational management within a risk management program?
1. Implementing corrective actions to address process deficiencies.
2. Identifying shifts in the organization’s risk management environment.
3. Providing guidance and training on risk management processes.
4. Assessing the impact of mitigation strategies and activities.
A. 1 and 2 only
B. 1 and 4 only
C. 2 and 3 only
D. 3 and 4 only
Selected Answer: D
Question #: 130
Topic #: 2
Which of the following describes a third-party network that connects an organization specifically with its trading partners?
A. Value-added network (VAN).
B. Local area network (LAN).
C. Metropolitan area network (MAN).
D. Wide area network (WAN).
Selected Answer: A
Question #: 131
Topic #: 1
Which of the following should an organization consider when developing strategic objectives for its business processes?
1. Contribution to the success of the organization.
2. Reliability of operational information.
3. Behaviors and actions expected of employees.
4. How inputs combine with outputs to generate activities.
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Selected Answer: C
Question #: 132
Topic #: 2
A small software development firm designs and produces custom applications for businesses. The application development team consists of employees from multiple departments who all report to a single project manager.
Which of the following organizational structures does this situation represent?
A. Functional departmentalization.
B. Product departmentalization.
C. Matrix organization.
D. Divisional organization.
Selected Answer: C
Question #: 133
Topic #: 1
Which of the following phases of a business cycle are marked by an underuse of resources?
1. The trough.
2. The peak.
3. The recovery.
4. The recession.
A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only
Selected Answer: C
Question #: 135
Topic #: 1
Which of the following professional organizations sets standards for quality and environmental audits?
A. The Committee of Sponsoring Organizations of the Treadway Commission.
B. The Board of Environmental, Health, and Safety Auditor Certifications.
C. The International Organization of Supreme Audit Institutions.
D. The International Standards Organization.
Selected Answer: D
Question #: 136
Topic #: 2
Which of following best demonstrates the application of the cost principle?
A. A company reports trading and investment securities at their market cost.
B. A building purchased last year for $1 million is currently worth $1.2 million, but the company still reports the building at $1 million.
C. A building purchased last year for $1 million is currently worth $1.2 million, and the company adjusts the records to reflect the current value.
D. A company reports assets at either historical or fair value, depending which is closer to market value.
Selected Answer: B
Question #: 136
Topic #: 1
An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function. Which of the following is true regarding the supporting application software used by that provider compared to an in-house developed system?
1. Updating documentation is always a priority.
2. System availability is usually more reliable.
3. Data security risks are lower.
4. Overall system costs are lower.
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Selected Answer: A
Question #: 137
Topic #: 2
A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software that will remotely wipe data in case of theft or other incidents.
Which of the following should the organization ensure in exchange for the employees’ consent?
A. That those employees who do not consent to MDM software cannot have an email account.
B. That personal data on the device cannot be accessed and deleted by system administrators.
C. That monitoring of employees’ online activities is conducted in a covert way to avoid upsetting them.
D. That employee consent includes appropriate waivers regarding potential breaches to their privacy.
Selected Answer: B
Question #: 141
Topic #: 2
An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two.
Which of the following could be the reason for the decline in the net profit margin for year two?
A. Cost of sales increased relative to sales.
B. Total sales increased relative to expenses.
C. The organization had a higher dividend payout rate in year two.
D. The government increased the corporate tax rate.
Selected Answer: D
Question #: 142
Topic #: 2
Which of the following characteristics applies to an organization that adopts a flat structure?
A. The structure is dispersed geographically.
B. The hierarchy levels are more numerous.
C. The span of control is wide.
D. The lower-level managers are encouraged to exercise creativity when solving problems.
Selected Answer: C
Question #: 143
Topic #: 2
A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.
Which of the following controls would best address this risk?
A. Establish separate vendor creation and approval teams.
B. Develop and distribute a code of conduct that prohibits conflicts of interest.
C. Perform a regular review of the vendor master file.
D. Require submission of a conflict-of-interest declaration.
Selected Answer: D
Question #: 143
Topic #: 1
In which type of business environment are price cutting strategies and franchising strategies most appropriate?
A. Embryonic, focused.
B. Fragmented, decline.
C. Mature, fragmented.
D. Competitive, embryonic.
Selected Answer: A
Question #: 147
Topic #: 1
In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?
A. It uses the same products in all countries.
B. It centralizes control with little decision-making authority given to the local level.
C. It is an effective strategy when large differences exist between countries.
D. It provides cost advantages, improves coordinated activities, and speeds product development.
Selected Answer: A
Question #: 154
Topic #: 2
Which of the following security controls would be the most effective in preventing security breaches?
A. Approval of identity request.
B. Access logging.
C. Monitoring privileged accounts.
D. Audit of access rights.
Selected Answer: B
Question #: 155
Topic #: 2
The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity’s (IAA’s) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA.
Which of the following staffing approaches is the CAE most likely to select?
A. Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.
B. Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.
C. Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.
D. Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.
Selected Answer: C
Question #: 157
Topic #: 2
During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?
A. Initiation phase.
B. Bidding phase.
C. Development phase.
D. Negotiation phase.
Selected Answer: B
Question #: 158
Topic #: 2
A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25,000 shirts. Actual sales total $300,000.
What is margin of safety sales for the company?
A. $100,000
B. $200,000
C. $275,000
D. $500,000
Selected Answer: A
Question #: 163
Topic #: 1
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
A. Adequate segregation of duties between data processing controls and file security controls.
B. Documented procedures for remote job entry and for local data file retention.
C. Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
D. Established procedures to prevent and detect unauthorized changes to data files.
Selected Answer: B
Question #: 164
Topic #: 2
In reviewing an organization’s IT infrastructure risks, which of the following controls is to be tested as part of reviewing workstations?
A. Input controls.
B. Segregation of duties.
C. Physical controls.
D. Integrity controls.
Selected Answer: C
Question #: 164
Topic #: 1
Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?
A. Star network.
B. Bus network.
C. Token ring network.
D. Mesh network.
Selected Answer: B
Question #: 168
Topic #: 1
An organization has recorded the following profit and expenses:
Profit before interest and tax –
$200,000
Sales –
$2,300,000
Purchases of materials –
$700,000
Interest expenses –
$30,000
If the value-added tax (VAT) rate is 20 percent and the corporate tax rate is 30 percent, which of the following is the amount of VAT that the organization has to pay?
A. $34,000
B. $51,000
C. $60,000
D. $320,000
Selected Answer: B
Question #: 171
Topic #: 2
Which of the following controls would be the most effective in preventing the disclosure of an organization’s confidential electronic information?
A. Non-disclosure agreements between the firm and its employees.
B. Logs of user activity within the information system.
C. Two-factor authentication for access into the information system.
D. Limited access to information, based on employee duties.
Selected Answer: B
Question #: 171
Topic #: 1
All of the following are true with regard to the first-in, first-out inventory valuation method except:
A. It values inventory close to current replacement cost.
B. It generates the highest profit when prices are rising.
C. It approximates the physical flow of goods.
D. It minimizes current-period income taxes.
Selected Answer: C
Question #: 172
Topic #: 2
A chief audit executive wants to implement an enterprisewide resource planning software.
Which of the following internal audit assessments could provide overall assurance on the likelihood of the software implementation’s success?
A. Readiness assessment.
B. Project risk assessment.
C. Post-implementation review.
D. Key phase review.
Selected Answer: C
Question #: 172
Topic #: 1
Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:
Activity Level –
Maintenance Cost –
Month –
Patient Days –
Incurred –
January –
5,600
$7,900
February –
7,100
$8,500
March –
5,000
$7,400
April –
6,500
$8,200
May –
7,300
$9,100
June –
8,000
$9,800
If the cost of maintenance is expressed in an equation, what is the independent variable for this data?
A. Fixed cost.
B. Variable cost.
C. Total maintenance cost.
D. Patient days.
Selected Answer: D
Question #: 174
Topic #: 1
The process of scenario planning begins with which of the following steps?
A. Determining the trends that will influence key factors in the organization’s environment.
B. Selecting the issue or decision that will impact how the organization conducts future business.
C. Selecting leading indicators to alert the organization of future developments.
D. Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.
Selected Answer: B
Question #: 176
Topic #: 2
A company produces water buckets with the following costs per bucket:
Direct labor = $2 –
Direct material = $5 –
Fixed manufacturing = $3.50 –
Variable manufacturing = $2.50 –
The water buckets are usually sold for $15. However, the company received a special order for 50,000 water buckets at $11 each.
Assuming there is adequate manufacturing capacity and all other variables are constant, what is the relevant cost per unit to consider when deciding whether to accept this special order at the reduced price?
A. $9.50
B. $10.50
C. $11
D. $13
Selected Answer: D
