IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Question and Answers

Refer to the exhibit.

The figure below shows the network diagram for the activities of a large project. What is the shortest number of days in which the project can be completed?

Which of the following is the most appropriate test to assess the privacy risks associated with an organization's workstations?

Which of the following is a strategy that organizations can use to stimulate innovation?

1) Source from the most advanced suppliers.

2) Establish employee programs that reward initiative.

3) Identify best practice competitors as motivators.

4) Ensure that performance targets are always achieved.

For a multinational organization, which of the following is a disadvantage of an ethnocentric staffing policy?

1) It significantly raises compensation and staffing costs.

2) It produces resentment among the organization's employees in host countries.

3) It limits career mobility for parent-country nationals.

4) It can lead to cultural myopia.

A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.

Copy 1 was solely for backup purposes.

Copy 2 was for use by another member of the department.

In terms of software licenses and copyright law, which of the following is correct?

According to the Standards, which of the following is based on the assertion that the quality of an organization's risk management process should improve with time?

The audit committee of a global corporation has mandated a change in the organization's business ethics policy. Which of the following approaches describes the best way to accomplish the policy's diffusion worldwide?

Which of the following is an example of a risk avoidance response?

Which of the following best describes a market signal?

Which mindset promotes the most comprehensive risk management strategy?

A company's financial balance sheet is presented below:

The company has net working capital of:

Which of the following application software features is the least effective control to protect passwords?

According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?

1) Every employee generally has a responsibility for ensuring the success of CSR objectives.

2) The board has overall responsibility for the effectiveness of internal control processes associated with CSR.

3) Public reporting on the CSR governance process is expected.

4) Organizations generally have flexibility regarding what is included in a CSR program.

Which of the following stages of group development is associated with accepting team responsibilities?

A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:

According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?

Which of the following statements regarding program change management is not correct?

Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)?

In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?

Which of the following are typical responsibilities for operational management within a risk management program?

1) Implementing corrective actions to address process deficiencies.

2) Identifying shifts in the organization's risk management environment.

3)( Providing guidance and training on risk management processes.

4) Assessing the impact of mitigation strategies and activities.

Which of the following best describes the concept of relevant cost?

Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?

1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.

2) The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.

3) The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.

4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.

In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?

Which of the following are typical audit considerations for a review of authentication?

1) Authentication policies and evaluation of controls transactions.

2) Management of passwords, independent reconciliation, and audit trail.

3) Control self-assessment tools used by management.

4) Independent verification of data integrity and accuracy.

An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function. Which of the following is true regarding the supporting application software used by that provider compared to an in-house developed system?

1) Updating documentation is always a priority.

2) System availability is usually more reliable.

3) Data security risks are lower.

4) Overall system costs are lower.

Which of the following statements is true regarding the use of public key encryption to secure data while it is being transmitted across a network?

A retail organization is considering acquiring a composite textile company. The retailer's due diligence team determined the value of the textile company to be $50 million. The financial experts forecasted net present value of future cash flows to be $60 million. Experts at the textile company determined their company's market value to be $55 million if purchased by another entity. However, the textile company could earn more than $70 million from the retail organization due to synergies. Therefore, the textile company is motivated to make the negotiation successful. Which of the following approaches is most likely to result in a successful negotiation?

Which of the following strategies is most appropriate for an industry that is in decline?

In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?

What are the objectives of governance as defined by the Standards?

Which of the following would not impair the objectivity of internal auditor?

Which stage in the industry life cycle is characterized by many different product variations?

Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?

Which of the following application-based controls is an example of a programmed edit check?

Which of the following should software auditors do when reporting internal audit findings related to enterprise wide resource planning?

When using data analytics during a review of the procurement process, what is the first step in the analysis process?

Based on lest results an IT auditor concluded that the organization would suffer unacceptable toss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

Which of the following best describes a transformational leader, as opposed to a transactional leader?

An internal auditor was asked to review an equal equity partnership In one sampled transaction Partner A transferred equipment into the partnership with a self-declared value of $10,000 and Partner B contributed equipment with a self-declared value of $15 000 The capital accounts of each partner were subsequently credited with S12,500. Which of the following statements is true regarding this transaction?

In the years after the mind-service point of a depreciable asset which of the following depreciation methods will result in the highest depreciation expense?

During an audit of the organization's annual financial statements, the internal auditor notes that the current cost of goods sold percentage is substantially higher than in prior years. Which of the following is the most likely explanation for this increase?

While auditing an organization's customer call center, an internal auditor notices that key performance indicators show a positive trend despite the fact that there have been increasing customer complaints over the same period Which of the following audit recommendations would most likely correct the cause of this inconsistency?

According to MA guidance, which of the following would indicate poor change management control?

1) Low change success rate

2) Occasional planned outages

3) Low number of emergency changes.

4) Instances of unauthorized changes

A bond that matures after one year has a face value of $250,000 and a coupon of $30,000. If the market price of the bond is $265,000, which of the following would be the market interest rate?

Which of the following devices best controls both physical and logical access to information systems?

Division A produces a product with a variable cost of $5 per unit and an allocated fixed cost of $3 per unit The market price of the product is $15 plus 20% selling cost. Division B currently purchases this product from an external supplier but is going to purchase it from division A for $18 Which of the following methods of transfer pricing is being used?

Which of the following situations best applies to an organization that uses a project rather man a process to accomplish its business activities?

During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

Operational management in the IT department has introduced performance evaluation policies that are linked to employees achieving continuing education hours. This activity is designed to prevent which of the following conditions?

According to IIA guidance, which of the following statements is true regarding analytical procedures?

Which of the following factors is most likely to lead to a lack of cohesiveness in a project team?

An internal auditor reviewed Finance Department records to obtain a list of current vendor addresses The auditor then compared the vendor addresses to a record of employee addresses maintained by the Payroll Department Which of the following types of data analysis did the auditor perform?

A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?

During a review of the accounts payable process, an internal auditor gathered all of the vendor payment transactions for the past 24 months. The auditor then used an analytics tool to identify the top five vendors that received the highest sum of payments.

Which of the following analytics techniques did the auditor apply?

Senior management is trying to decide whether to use the direct write-off or allowance method for recording bad debt on accounts receivables.

Which of the following would be the best argument for using the direct write-off method?

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Which of the following statements is true regarding an organization's servers?

When would a contract be closed out?

Which of the following is a primary objective of the theory of constraints?

An internal audit activity is piloting a data analytics model, which aims to identify anomalies in payments to vendors and potential fraud indicators Which of the following would be the most appropriate criteria for assessing the success of the piloted model?

According to HerzBerg's Two-Factor Theory of Motivation, which of the following factors ate mentioned most often By satisfied employees?

When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?

Which of the following statements is true regarding cybersecurity risk?

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?

Which of the following assists in ensuring mat information exchanged over IT systems is encrypted?

A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.

Which of the following controls would best address this risk?

Which component of an organization's cybersecurity risk assessment framework would allow management to implement user controls based on a user's role?

Which of the following statements is true regarding the "management-by-objectives" method?

What is the most significant potential problem introduced by just-in-time inventory systems?

The leadership of an organization encourages employees to form voluntary problem-solving groups whereby several employees from the same work area meet regularity during work hours to discuss improvements and creative ways to reduce costs. Which of the following best describes this approach?