IIA-CIA-Part3 Topic 3
Question #: 176
Topic #: 1
Which of the following corporate social responsibility strategies is likely to be most effective in minimizing confrontations with influential activists and lobbyists?
A. Continually evaluate the needs and opinions of all stakeholder groups.
B. Ensure strict compliance with applicable laws and regulations to avoid incidents.
C. Maintain a comprehensive publicity campaign that highlights the organization’s efforts.
D. Increase goodwill through philanthropic activities among stakeholder communities.
Selected Answer: B
Question #: 177
Topic #: 1
When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?
1. Managements tolerance for specific risks.
2. The cost versus benefit of implementing a control.
3. Whether a control can mitigate multiple risks.
4. The ability to test the effectiveness of the control.
A. 1, 2, and 3
B. 1, 2, and 4
C. 1, 3, and 4
D. 2, 3, and 4
Selected Answer: C
Question #: 179
Topic #: 1
Which of the following price adjustment strategies encourages prompt payment?
A. Cash discounts.
B. Quantity discounts.
C. Functional discounts.
D. Seasonal discounts.
Selected Answer: A
Question #: 181
Topic #: 1
Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?
A. Promote closer linkage between organizational strategy and information.
B. Provide users with greater online access to information systems.
C. Enhance the functionality of application systems.
D. Expand the use of automated controls.
Selected Answer: A
Question #: 182
Topic #: 1
According to IIA guidance, which of the following is a typical risk associated with the tender process and contracting stage of an organization’s IT outsourcing life cycle?
A. The process is not sustained and is not optimized as planned.
B. There is a lack of alignment to organizational strategies.
C. The operational quality is less than projected.
D. There is increased potential for loss of assets.
Selected Answer: D
Question #: 182
Topic #: 2
According to Herzberg’s Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?
A. Security
B. Status
C. Recognition
D. Relationship with coworkers
Selected Answer: C
Question #: 183
Topic #: 2
Which of the following techniques would best detect an inventory fraud scheme?
A. Analyze invoice payments just under individual authorization limits
B. Analyze stratification of inventory adjustments by warehouse location
C. Analyze inventory invoice amounts and compare with approved contract amounts
D. Analyze differences discovered during duplicate payment testing
Selected Answer: A
Question #: 184
Topic #: 2
Which of the following storage options would give the organization the best chance of recovering data?
A. Encrypted physical copies of the data and their encryption keys are stored together at the organization and are readily available upon request
B. Encrypted physical copies of the data are stored separately from their encryption keys: and both are held in secure locations a few hours away from the organization
C. Encrypted reports on usage and database structure changes are stored on a cloud-based secured database that is readily accessible
D. Encrypted copies of the data are stored in a separate secure location a few hours away while the encryption keys are stored at the organization and are readily available
Selected Answer: A
Question #: 184
Topic #: 1
Which stage in the industry life cycle is characterized by many different product variations?
A. Introduction.
B. Growth.
C. Maturity.
D. Decline.
Selected Answer: C
Question #: 186
Topic #: 2
An organization decided to reorganize into a flatter structure. Which of the following changes would be expected with this new structure?
A. Lower costs
B. Slower decision making at the senior executive level
C. Limited creative freedom in lower-level managers
D. Senior-level executives more focused on short-term routine decision making
Selected Answer: B
Question #: 186
Topic #: 1
A retail organization is considering acquiring a composite textile company. The retailer’s due diligence team determined the value of the textile company to be $50 million. The financial experts forecasted net present value of future cash flows to be $60 million. Experts at the textile company determined their company’s market value to be $55 million if purchased by another entity. However, the textile company could earn more than $70 million from the retail organization due to synergies.
Therefore, the textile company is motivated to make the negotiation successful. Which of the following approaches is most likely to result in a successful negotiation?
A. Develop a bargaining zone that lies between $50 million and $70 million and create sets of outcomes between $50 million and $70 million.
B. Adopt an added-value negotiating strategy, develop a bargaining zone between $50 million and $70 million, and create sets of outcomes between $50 million and $70 million.
C. Involve a mediator as a neutral party who can work with the textile company’s management to determine a bargaining zone.
D. Develop a bargaining zone that lies between $55 million and $60 million and create sets of outcomes between $55 million and $60 million.
Selected Answer: C
Question #: 188
Topic #: 1
According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?
A. Access system security.
B. Policy development.
C. Change management.
D. Operations processes.
Selected Answer: C
Question #: 189
Topic #: 2
Which of the following represents a basis for consolidation under the International Financial Reporting Standards?
A. Variable entity approach
B. Control ownership
C. Risk and reward
D. Voting interest
Selected Answer: B
Question #: 190
Topic #: 2
Which of the following is the most important contract term to audit, because it typically impacts business efficiency?
A. Warranty service
B. Extraordinary circumstance clause
C. Indemnities
D. Limitation of liability
Selected Answer: D
Question #: 190
Topic #: 1
Which of the following describes a typical desktop workstation used by most employees in their daily work?
A. Workstation contains software that prevents unauthorized transmission of information into and out of the organization’s network.
B. Workstation contains software that controls information flow between the organization’s network and the Internet.
C. Workstation contains software that enables the processing of transactions and is not shared among users of the organization’s network.
D. Workstation contains software that manages user’s access and processing of stored data on the organization’s network.
Selected Answer: C
Question #: 192
Topic #: 2
An internal auditor is reviewing results from software development integration testing. What is the purpose of integration testing?
A. To verify that the application meets stated user requirements
B. To verify that standalone programs match code specifications
C. To verify that the application would work appropriately for the intended number of users
D. To verify that all software and hardware components work together as intended
Selected Answer: C
Question #: 193
Topic #: 1
Which of the following is an example of a nonfinancial internal failure quality cost?
A. Decreasing gross profit margins over time.
B. Foregone contribution margin on lost sales.
C. Defective units shipped to customers.
D. Excessive time to convert raw materials into finished goods.
Selected Answer: B
Question #: 194
Topic #: 1
A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system. Which of the following is most likely the cause of the difficulty?
A. High degree of masculinity.
B. Low uncertainty avoidance.
C. High collectivism.
D. Low long-term orientation.
Selected Answer: A
Question #: 195
Topic #: 1
According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1. Consult on CSR program design and implementation.
2. Serve as an advisor on CSR governance and risk management.
3. Review third parties for contractual compliance with CSR terms.
4. Identify and mitigate risks to help meet the CSR program objectives.
A. 1, 2, and 3
B. 1, 2, and 4
C. 1, 3, and 4
D. 2, 3, and 4
Selected Answer: B
Question #: 196
Topic #: 1
Which of the following roles would be least appropriate for the internal audit activity to undertake with regard to an organization’s corporate social responsibility
(CSR) program?
A. Consult on project design and implementation of the CSR program.
B. Serve as an advisor on internal controls related to CSR.
C. Identify and prioritize the CSR issues that are important to the organization.
D. Evaluate the effectiveness of the organization’s CSR efforts.
Selected Answer: C
Question #: 198
Topic #: 1
Senior management has decided to implement the Three Lines of Defense model for risk management. Which of the following best describes senior management’s duties with regard to this model?
A. Ensure compliance with the model.
B. Identify management functions.
C. Identify emerging issues.
D. Set goals for implementation.
Selected Answer: D
Question #: 199
Topic #: 2
An organization’s internal audit activity is performing an audit of human resources. As part of the audit a survey of employees was conducted. The survey indicated that employees were concerned about IT security when working outside of the office. The IT department suggested implementing a network that allows employees to send and receive data as if they were connected to a private network. Which of the following networks is IT recommending?
A. Global area network (GAN)
B. Wide area network (WAN)
C. Virtual private network (VPN)
D. Local area network (LAN)
Selected Answer: A
Question #: 202
Topic #: 1
Which of the following statements is true regarding outsourced business processes?
A. Outsourced business processes should not be considered in the internal audit universe because the controls are owned by the external service provider.
B. Generally, independence is improved when the internal audit activity reviews outsourced business processes.
C. The key controls of outsourced business processes typically are more difficult to audit because they are designed and managed externally.
D. The system of internal controls may be better and more efficient when the business process is outsourced compared to internally sourced.
Selected Answer: B
Question #: 203
Topic #: 2
An organization sells 1,000 shares of its treasury stock at $15 per share previously acquired at $10 per share. Which of the following statements is true?
A. The organization should record a $5,000 gain on sale of treasury stock
B. The organization should record $15,000 as a debit to treasury stock
C. The organization should record $5,000 as a credit to paid-in capital
D. The organization should record a $10,000 debit to paid-capital account
Selected Answer: C
Question #: 204
Topic #: 2
Which of the following is likely to have an expiration date and may contain stored clear text passwords?
A. Cookie
B. Universal resource locator (URL)
C. Hypertext transport protocol (HTTP)
D. Browser
Selected Answer: B
Question #: 206
Topic #: 2
A restaurant decided to expand its business to include delivery services, rather than relying on third-party food delivery services. Which of the following best describes the restaurant’s strategy?
A. Diversification
B. Vertical integration
C. Risk avoidance
D. Differentiation
Selected Answer: C
Question #: 206
Topic #: 1
Which of the following statements about slack time and milestones are true?
1. Slack time represents the amount of time a task may be delayed without delaying the entire project.
2. A milestone is a moment in time that marks the completion of the project’s major deliverables.
3. Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.
4. A milestone requires resource allocation and needs time to be completed.
A. 1 and 4 only
B. 2 and 3 only
C. 1, 2, and 3 only
D. 1, 2, 3, and 4
Selected Answer: D
Question #: 208
Topic #: 2
Which of the following scenarios indicates an effective use of financial leverage?
A. An organization has a rate of return on equity of 20% and a rate of return on assets of 15%
B. An organization has a current ratio of 2 and an inventory turnover of 12
C. An organization has a debt to total assets ratio of 0 2 and an interest coverage ratio of 10
D. An organization has a profit margin of 30% and an assets turnover of 7%
Selected Answer: C
Question #: 208
Topic #: 1
At what point during the systems development process should an internal auditor verify that the new application’s connectivity to the organization’s other systems has been established correctly?
A. Prior to testing the new application.
B. During testing of the new application.
C. During implementation of the new application.
D. During maintenance of the new application.
Selected Answer: B
Question #: 209
Topic #: 2
Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized. As such, which of the following would be a characteristic of the now highly centralized organization?
A. Top management does little monitoring of the decisions made at lower levels
B. The decisions made at the lower levels of management are considered very important.
C. Decisions made at lower levels in the organizational structure are few
D. Reliance is placed on top management decision making by few of the organization’s departments
Selected Answer: C
Question #: 210
Topic #: 1
According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization’s IT contingency plan?
A. To ensure that adequate controls exist to prevent any significant business interruptions.
B. To identify and address potential security weaknesses within the system.
C. To ensure that tests contribute to improvement of the program.
D. To ensure that deficiencies identified by the audit are promptly addressed.
Selected Answer: A
Question #: 213
Topic #: 2
An organization has a declining inventory turnover but an increasing gross margin rate. Which of the following statements can best explain this situation?
A. The organization’s operating expenses are increasing
B. The organization has adopted just-in-time inventory
C. The organization is experiencing inventory theft
D. The organization’s inventory is overstated
Selected Answer: D
Question #: 216
Topic #: 2
While performing an audit of a car tire manufacturing plant, an internal auditor noticed a significant decrease in the number of tires produced from the previous operating period. To determine whether worker inefficiency caused the decrease, what additional information should the auditor request?
A. Total tire production labor hours for the operating period
B. Total tire production costs for the operating period
C. Plant production employee headcount average for the operating period
D. Tire production machinery utilization rates
Selected Answer: C
Question #: 224
Topic #: 2
Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?
A. Key performance indicators
B. Reports of software customization
C. Change and patch management.
D. Master data management
Selected Answer: A
Question #: 228
Topic #: 2
What is the primary risk associated with an organization adopting a decentralized structure?
A. Inability to adapt
B. Greater costs of control function
C. Inconsistency in decision making
D. Lack of resilience
Selected Answer: C
Question #: 230
Topic #: 2
Which of the following best describes the purpose of fixed manufacturing costs?
A. To ensure availability of production facilities
B. To decrease direct expenses related to production
C. To incur stable costs despite operating capacity
D. To increase the total unit cost under absorption costing
Selected Answer: A
Question #: 232
Topic #: 2
Which of the following is true regarding the use of remote wipe for smart devices?
A. It can restore default settings and lock encrypted data when necessary
B. It enables the erasure and reformatting of secure digital (SD) cards
C. It can delete data backed up to a desktop for complete protection if required
D. It can wipe data that is backed up via cloud computing
Selected Answer: B
Question #: 240
Topic #: 2
An organization that relies heavily on IT wants to contain the impact of potential business disruption to a period of approximately four to seven days. Which of the following business recovery strategies would most efficiently meet this organization’s needs?
A. A recovery strategy whereby a separate site has not yet been determined but hardware has been reserved for purchase and data backups
B. A recovery strategy whereby a separate site has been secured and is ready for use. with fully configured hardware and real-time synchronized data
C. A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved
D. A recovery strategy whereby a separate site has been secured with configurable hardware and data backups
Selected Answer: D
Question #: 243
Topic #: 2
Which of the following controls would be most efficient to protect business data from corruption and errors?
A. Controls to ensure data is unable to be accessed without authorization
B. Controls to calculate batch totals to identify an error before approval
C. Controls to encrypt the data so that corruption is likely ineffective
D. Controls to quickly identify malicious intrusion attempts
Selected Answer: A
Question #: 244
Topic #: 2
Which of the following describes a mechanistic organizational structure?
A. Primary direction of communication tends to be lateral
B. Definition of assigned tasks tends to be broad and general
C. Type of knowledge required tends to be broad and professional
D. Reliance on self-control tends to be low
Selected Answer: C
Question #: 254
Topic #: 2
An internal auditor is assigned to perform data analytics. Which of the following is the next step the auditor should undertake after she has ascertained the value expected from the review?
A. Normalize the data
B. Obtain the data
C. Identify the risks
D. Analyze the data
Selected Answer: B
Question #: 255
Topic #: 2
Which of the following actions would senior management need to consider as part of new IT guidelines regarding the organization’s cybersecurity policies?
A. Assigning new roles and responsibilities for senior IT management
B. Growing use of bring your own devices for organizational matters
C. Expansion of operations into new markets with limited IT access
D. Hiring new personnel within the IT department for security purposes
Selected Answer: D
Question #: 260
Topic #: 2
A newly appointed board member received an email that appeared to be from the company’s CEO. The email stated:
“Good morning. As you remember, the closure of projects is our top priority. Kindly organize prompt payment of the attached invoice for our new solar energy partners.”
The board member quickly replied to the email and asked under which project the expense should be accounted. Only then did he realize that the sender’s mail domain was different from the company’s. Which of the following cybersecurity risks nearly occurred in the situation described?
A. A risk of spyware and malware
B. A risk of corporate espionage
C. A ransomware attack risk
D. A social engineering risk
Selected Answer: D
Question #: 261
Topic #: 2
Which of the following best describes the use of predictive analytics?
A. A supplier of electrical parts analyzed all instances where different types of spare parts were out of stock prior to scheduled deliveries of those parts.
B. A supplier of electrical parts analyzed sales, applied assumptions related to weather conditions, and identified locations where stock levels would decrease more quickly.
C. A supplier of electrical parts analyzed all instances of a part being out of stock prior to its scheduled delivery date and discovered that increases in sales of that part consistently correlated with stormy weather.
D. A supplier of electrical parts analyzed sales and stock information and modelled different scenarios for making decisions on stock reordering and delivery.
Selected Answer: D
Question #: 263
Topic #: 2
An organization was forced to stop production unexpectedly, as raw materials could not be delivered due to a military conflict in the region. Which of the following plans have most likely failed to support the organization?
A. Just-in-time delivery plans.
B. Backup plans.
C. Contingency plans.
D. Standing plans.
Selected Answer: B
Question #: 264
Topic #: 2
Which of the following can be viewed as a potential benefit of an enterprisewide resource planning system?
A. Real-time processing of transactions and elimination of data redundancies.
B. Fewer data processing errors and more efficient data exchange with trading partners.
C. Exploitation of opportunities and mitigation of risks associated with e-business.
D. Integration of business processes into multiple operating environments and databases.
Selected Answer: D
Question #: 267
Topic #: 2
Which of the following statements describes the typical benefit of using a flat organizational structure for the internal audit activity, compared to a hierarchical structure?
A. A flat structure results in lower operating and support costs than a hierarchical structure.
B. A flat structure results in a stable and very collaborative environment.
C. A flat structure enables field auditors to report to and learn from senior auditors.
D. A flat structure is more dynamic and offers more opportunities for advancement than a hierarchical structure.
Selected Answer: D
