IIA-CIA-Part3 Business Knowledge for Internal Auditing Questions and Answers

Primary direction of communication tends to be lateral.

Definition of assigned tasks tends to be broad and general.

Type of knowledge required tends to be broad and professional.

Reliance on self-control tends to be low.

Six Sigma,

Quality circle.

Value chain analysis.

Theory of constraints.

Individual workstation computer controls are not as important as companywide server controls.

Particular attention should be paid to housing workstations away from environmental hazards.

Cyber security issues can be controlled at an enterprise level, making workstation level controls redundant.

With security risks near an all-time high, workstations should not be connected to the company network.

Initiation phase

Bidding phase

Development phase

Negotiation phase

A star

A cash cow

A question mark

A dog

Restricting server room access to specific individuals

Housing servers with sensitive software away from environmental hazards

Ensuring that all user requirements are documented

Performing of intrusion testing on a regular basis

That those employees who do not consent to MDM software cannot have an email account.

That personal data on the device cannot be accessed and deleted by system administrators.

That monitoring of employees' online activities is conducted in a covert way to avoid upsetting them.

That employee consent includes appropriate waivers regarding potential breaches to their privacy.

System backups should always be performed real time.

Backups should be stored in a secured location onsite for easy access.

The tape rotation schedule affects how long data is retained

Backup media should be restored only m case of a hardware or software failure

The spam filter removed Incoming communication that included certain keywords and domains.

The spam filter deleted commercial ads automatically, as they were recognized as unwanted.

The spam filter routed to the "junk|r folder a newsletter that appeared to include links to fake websites.

The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.

Contracting the work to Foreign Service providers to obtain lower costs

Contracting functions or knowledge-related work with an external service provider.

Contract -ng operation of some business functions with an internal service provider

Contracting a specific external service provider to work with an internal service provider

A KPI that defines the process owner's tolerance for performance deviations.

A KPI that defines the importance of performance levels and disbursement statistics being measured.

A KPI that defines timeliness with regard to reporting disbursement data errors to authorized personnel.

A KPI that defines operating ratio objectives of the disbursement process.

The structure is dispersed geographically

The hierarchy levels are more numerous.

The span of control is wide

The tower-level managers are encouraged to exercise creativity when solving problems

An incorrect program fix was implemented just prior to the database backup.

The organization is preparing to train all employees on the new self-service benefits system.

There was a data center failure that requires restoring the system at the backup site.

There is a need to access prior year-end training reports for all employees in the human resources database

$9.50

$10.50

$11

$13

Cash payback technique

Annual rate of return technique.

Internal rate of return method.

Net present value method.

Linking performance to profitability measures such as return on investment.

Linking performance to the stock price.

Linking performance to quotas such as units produced.

Linking performance to nonfinancial measures such as customer satisfaction and employees training

Process analysis

Process mining

Data analysis.

Data mining

HTTP sites provide sufficient security to protect customers' credit card information.

Web servers store credit cardholders' information submitted for payment.

Database servers send cardholders’ information for authorization in clear text.

Payment gatewaysauthorizecredit cardonlinepayments.

Input controls

Segregation of duties

Physical controls

Integrity controls

Identification of achievable goals and timelines

Analysis of the competitive environment.

Plan for the procurement of resources

Plan for progress reporting and oversight.

Management by objectives is most helpful in organizations that have rapid changes.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

Management by objectives helps organizations to keep employees motivated.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.

The organization's operating expenses are increasing.

The organization has adopted just-in-time inventory.

The organization is experiencing Inventory theft

The organization's inventory is overstated.

Fixed and Variable manufacturing costs are less than the special offer selling price.

The manufacturer can fulfill the order without expanding the capacities of the production facilities.

Costs related to accepting this offer can be absorbed through the sale of other products.

The manufacturer’s production facilities are currently operating at full capacity.

Anti-malware software

Authentication

Spyware

Rooting

Initiation.

Planning.

Execution.

Monitoring.

Verify whether the organization uses the most recent database software version.

Verify whether the database software version is supported by the vendor.

Verify whether the database software version has been recently upgraded.

Verify whether .access to database version information is appropriately restricted.

A witness verifies the quantities of the copies signed.

A witness verifies that the contract was signed with the free consent of the promisor and promisee.

A witness ensures the completeness of the contract between the promisor and promisee.

A witness validates that the signatures on the contract were signed by the promisor and promisee.

Reviewing the customer's wire activity to determine whether the request is typical.

Calling the customer at the phone number on record to validate the request.

Replying to the customer via email to validate the sender and request.

Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.

To ensure data processing is complete, accurate, and authorized.

To ensure data being processed remains consistent and intact.

To monitor the effectiveness of other controls

To ensure the output aligns with the intended result.

Shoulder suiting

Pharming,

Phishing.

Social engineering.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

Use management software scan and then prompt parch reminders when devices connect to the network

Resource planning.

Cost estimating

Cost budgeting.

Cost control.

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

Joint costs, incremental processing costs, and variable manufacturing expenses.

Incremental revenue, joint costs, and incremental processing costs.

Variable manufacturing expenses, incremental revenue, and joint costs

Application program code.

Database system.

Operating system.

Networks.

Approval of identity request

Access logging.

Monitoring privileged accounts

Audit of access rights

Report identifying data that is outside of system parameters

Report identifying general ledger transactions by time and individual.

Report comparing processing results with original Input

Report confirming that the general ledger data was processed without error

Big data is being generated slowly due to volume.

Big data must be relevant for the purposes of organizations.

Big data comes from a single type of formal.

Big data is always changing

Block unauthorized traffic.

Encrypt data.

Review disaster recovery test results.

Provide independent assessment of IT security.

Income statement accounts.

Balance sheet accounts.

Permanent accounts.

Real accounts.

Backup media is not properly stored, as the storage facility should be off-site.

Backup procedures are adequate and appropriate according to best practices.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

Backup schedule is not sufficient, as full backup should be conducted daily.

2 and 3 only.

1, 2, and 3 only

1, 3, and 4 only

2, 3, and 4 only

There is a higher reliance on organizational culture.

There are clear expectations set for employees.

There are electronic monitoring techniques employed

There is a defined code far employee behavior.

Password selection

Password aging

Password lockout

Password rotation

Beginning inventory was overstated for the year.

Cost of goods sold was understated for the year.

Ending inventory was understated for the year.

Cost of goods sold was overstated for the year.

The term describes budgets that exclude fixed costs.

Flexible budgets exclude outcome projections, which are hard to determine, and instead rely on the most recent actual outcomes.

The term is a red flag for weak budgetary control activities.

Flexible budgets project data for different levels of activity.

The board should be fully satisfied that there is an effective system of governance in place through accurate, quality information provided.

Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.

Key compliance and risk metrics can be tracked and compared throughout the enterprise, aiding in identifying problem departments.

Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization.

Acid-test (quick) ratio

Average collection period

Current ratio.

Inventory turnover.

On site.

Cold site.

Hot site.

Warm site