Certified Internal Auditor Questions + Answers Part 19
Posted: Tue Mar 01, 2022 5:12 am
QUESTION 67
An organization accumulated the following data for the prior fiscal year: Value of
Percentage of
Quarter
Output Produced
Cost X
1 $4,750,000 2.9
2 $4,700,000 3.0
3 $4,350,000 3.2
4 $4,000,000 3.5
Based on this data, which of the following describes the value of Cost X in relation to the value of Output Produced?
A. Cost X is a variable cost.
B. Cost X is a fixed cost.
C. Cost X is a semi-fixed cost.
D. Cost X and the value of Output Produced are unrelated.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 68
An internal auditor is trying to assess control risk and the effectiveness of an organization's internal controls. Which of the following audit procedures would not provide assurance to the auditor on this matter?
A. Interviewing the organization's employees. B. Observing the organization's operations. C. Reading the board's minutes.
D. Inspecting manuals and documents.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Within an enterprise, IT governance relates to the:
1. Alignment between the enterprise's IT long term plan and the organization's objectives.
2. Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives. 3. Operational plans established to support the IT strategies and objectives.
4. Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.
A. 1 and 2 only
B. 3 and 4 only
C. 1, 2, and 4 only D. 2, 3, and 4 only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 70
According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?
1. Every employee generally has a responsibility for ensuring the success of CSR objectives.
2. The board has overall responsibility for the effectiveness of internal control processes associated with CSR. 3. Public reporting on the CSR governance process is expected.
4. Organizations generally have flexibility regarding what is included in a CSR program.
A. 1, 2, and 3 only B. 1, 2, and 4 only C. 1, 3, and 4 only
D. 2, 3, and 4 only
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Which of the following would not impair the objectivity of internal auditor?
A. Management assurance on risks.
B. Implementing risk responses on behalf of management.
C. Providing assurance that risks assessed are correctly evaluated. D. Setting the risk appetite.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 72
In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?
A. Giving assurance that risks are evaluated correctly.
B. Developing the risk management strategy for the board's approval. C. Facilitating the identification and evaluation of risks.
D. Coaching management in responding to risk.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Which of the following statements are true regarding the use of heat maps as risk assessment tools?
1. They focus primarily on known risks, limiting the ability to identify new risks. 2. They rely heavily on objective assessments and related risk tolerances.
3. They are too complex to provide an easily understandable view of key risks. 4. They are helpful but limited in value in a rapidly changing environment.
A. 1 and 2 only B. 1 and 4 only C. 2 and 3 only D. 3 and 4 only
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 74
In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?
A. Identifying the processes at the activity level.
B. Analyzing the organization's strategic plan where the business processes are defined.
C. Analyzing the organization's objectives and identifying the processes needed to achieve the objectives. D. Identifying the risks affecting the organization, the objectives, and then the processes concerned.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 75
In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?
A. The underlying causes of the risk.
B. The impact of the risk on the organization's objectives.
C. The risk levels of current and future events. D. The potential for eliminating risk factors.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 76
An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud. Which of the following controls would be least effective in detecting any potential fraudulent activity?
A. Exception report identifying payment anomalies.
B. Documented policy and procedures.
C. Periodic account reconciliation of contractor charges. D. Monthly management review of all contractor activity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 77
Which of the following should an organization consider when developing strategic objectives for its business processes?
1. Contribution to the success of the organization.
2. Reliability of operational information.
3. Behaviors and actions expected of employees.
4. How inputs combine with outputs to generate activities.
A. 1 and 2 only B. 1 and 3 only C. 2 and 4 only D. 3 and 4 only
Correct Answer: B
Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Which of the following phases of a business cycle are marked by an underuse of resources?
1. The trough.
2. The peak.
3. The recovery. 4. The recession.
A. 1 and 3 only B. 1 and 4 only C. 2 and 3 only D. 2 and 4 only
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 79
According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?
A. Key processes across the entity which impact quality must be identified and included.
B. The quality management system must be documented in the articles of incorporation, quality manual, procedures, work instructions, and records.
C. Management must review the quality policy, analyze data about quality management system performance, and assess opportunities for improvement and the need for change.
D. The entity must have processes for inspections, testing, measurement, analysis, and improvement.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which of the following professional organizations sets standards for quality and environmental audits?
A. The Committee of Sponsoring Organizations of the Treadway Commission. B. The Board of Environmental, Health, and Safety Auditor Certifications.
C. The International Organization of Supreme Audit Institutions.
D. The International Standards Organization.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 81
An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function. Which of the following is true regarding the supporting application software used by that provider compared to an in-house developed system?
1. Updating documentation is always a priority. 2. System availability is usually more reliable. 3. Data security risks are lower.
4. Overall system costs are lower.
A. 1 and 2 only B. 1 and 3 only C. 2 and 4 only D. 3 and 4 only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:
A. Motivation.
B. Performance.
C. Organizational structure. D. Communication.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which of the following is a strategy that organizations can use to stimulate innovation?
1. Source from the most advanced suppliers.
2. Establish employee programs that reward initiative.
3. Identify best practice competitors as motivators.
4. Ensure that performance targets are always achieved.
A. 1 and 3 only
B. 2 and 4 only
C. 1, 2, and 3 only D. 1, 2, 3, and 4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Which of the following statements about market signaling is correct?
1. The organization releases information about a new product generation.
2. The organization limits a challenger's access to the best source of raw materials or labor. 3. The organization announces that it is fighting a new process technology.
4. The organization makes exclusive arrangements with the channels.
A. 1 and 3 only B. 1 and 4 only C. 2 and 3 only D. 2 and 4 only
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which of the following strategies would most likely prevent an organization from adjusting to evolving industry market conditions?
A. Specializing in proven manufacturing techniques that have made the organization profitable in the past. B. Substituting its own production technology with advanced techniques used by its competitors.
C. Forgoing profits over a period of time to gain market share from its competitors.
D. Using the same branding to sell its products through new sales channels to target new markets.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 86
According to Porter, which of the following is associated with fragmented industries?
A. Weak entrance barriers.
B. Significant scale economies.
C. Steep experience curve.
D. Strong negotiation power with suppliers.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 87
In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?
A. It uses the same products in all countries.
B. It centralizes control with little decision-making authority given to the local level.
C. It is an effective strategy when large differences exist between countries.
D. It provides cost advantages, improves coordinated activities, and speeds product development.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Organizational activities that complement each other and create a competitive advantage are called a:
A. Merger.
B. Strategic fit. C. Joint venture. D. Strategic goal.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 89
Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?
A. Forming stage. B. Norming stage.
C. Performing stage. D. Storming stage.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which of the following statements is true regarding the resolution of interpersonal conflict?
A. Unrealized expectations can be avoided with open and honest discussion.
B. Reorganization would probably not help ambiguous or overlapping jurisdictions.
C. Deferring action should be used until there is sufficient time to fully deal with the issue.
D. Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 91
When granting third parties temporary access to an entity's computer systems, which of the following is the most effective control?
A. Access is approved by the supervising manager.
B. User accounts specify expiration dates and are based on services provided. C. Administrator access is provided for a limited period.
D. User accounts are deleted when the work is completed.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 92
Which of the following statements regarding program change management is not correct?
A. The goal of the change management process is to sustain and improve organizational operations.
B. The degree of risk associated with a proposed change determines if the change request requires authorization.
C. In order to protect the production environment, changes must be managed in a repeatable, defined, and predictable manner. D. All changes should be tested in a non-production environment before migrating to the production environment.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 93
When auditing an application change control process, which of the following procedures should be included in the scope of the audit?
1. Ensure system change requests are formally initiated, documented, and approved.
2. Ensure processes are in place to prevent emergency changes from taking place.
3. Ensure changes are adequately tested before being placed into the production environment. 4. Evaluate whether the procedures for program change management are adequate.
A. 1 only
B. 1 and 3 only
C. 2 and 4 only
D. 1, 3, and 4 only
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 94
An internal auditor discovered that several unauthorized modifications were made to the production version of an organization's accounting application. Which of the following best describes this deficiency?
A. Production controls weakness. B. Application controls weakness. C. Authorization controls weakness. D. Change controls weakness.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which of the following would provide the most relevant assurance that the application under development will provide maximum value to the organization?
A. Use of a formal systems development lifecycle. B. End-user involvement.
C. Adequate software documentation.
D. Formalized non-regression testing phase.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which of the following statements regarding database management systems is not correct?
A. Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files. B. The database management system acts as a layer between the application software and the operating system.
C. Applications pass on the instructions for data manipulation which are then executed by the database management system.
D. The data within the database management system can only be manipulated directly by the database management system administrator.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 97
A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.
Copy 1 was solely for backup purposes.
Copy 2 was for use by another member of the department.
In terms of software licenses and copyright law, which of the following is correct?
A. Both copies are legal. B. Only copy 1 is legal. C. Only copy 2 is legal. D. Neither copy is legal.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 98
During which phase of disaster recovery planning should an organization identify the business units, assets, and systems that are critical to continuing an acceptable level of operations?
A. Scope and initiation phase. B. Business impact analysis. C. Plan development.
D. Testing.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 99
Which of the following are the most appropriate measures for evaluating the change in an organization's liquidity position?
A. Times interest earned, return on assets, and inventory turnover.
B. Accounts receivable turnover, inventory turnover in days, and the current ratio. C. Accounts receivable turnover, return on assets, and the current ratio.
D. Inventory turnover in days, the current ratio, and return on equity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Unsecured loans are loans:
A. That do not have to be repaid for over one year.
B. That appear to be too risky for most lenders to consider. C. Granted on the basis of a company's credit standing.
D. Backed by mortgaged assets.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:
Activity Level - Maintenance Cost
Month Patient Days Incurred
January
5,600 $7,900
February 7,100 $8,500
March 5,000 $7,400
April 6,500 $8,200
May 7,300 $9,100
June 8,000 $9,800
If the cost of maintenance is expressed in an equation, what is the independent variable for this data?
A. Fixed cost.
B. Variable cost.
C. Total maintenance cost. D. Patient days.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Import quotas that limit the quantities of goods that a domestic subsidiary can buy from its foreign parent company represent which type of barrier to the parent company?
A. Political. B. Financial. C. Social. D. Tariff.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 103
Which of the following corporate social responsibility strategies is likely to be most effective in minimizing confrontations with influential activists and lobbyists?
A. Continually evaluate the needs and opinions of all stakeholder groups.
B. Ensure strict compliance with applicable laws and regulations to avoid incidents.
C. Maintain a comprehensive publicity campaign that highlights the organization's efforts. D. Increase goodwill through philanthropic activities among stakeholder communities.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 104
When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?
1. Management’s tolerance for specific risks.
2. The cost versus benefit of implementing a control. 3. Whether a control can mitigate multiple risks.
4. The ability to test the effectiveness of the control.
A. 1, 2, and 3 B. 1, 2, and 4 C. 1, 3, and 4 D. 2, 3, and 4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 105
According to the COSO enterprise risk management (ERM) framework, which of the following is not a typical responsibility of the chief risk officer?
A. Establishing risk category definitions and a common risk language for likelihood and impact measures. B. Defining ERM roles and responsibilities.
C. Providing the board with an independent, objective risk perspective on financial reporting.
D. Guiding integration of ERM with other management activities.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Which of the following price adjustment strategies encourages prompt payment?
A. Cash discounts.
B. Quantity discounts. C. Functional discounts. D. Seasonal discounts.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 107
According to IIA guidance, which of the following is a typical risk associated with the tender process and contracting stage of an organization's IT outsourcing life
cycle?
A. The process is not sustained and is not optimized as planned. B. There is a lack of alignment to organizational strategies.
C. The operational quality is less than projected.
D. There is increased potential for loss of assets.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which of the following is true regarding an organization's relationship with external stakeholders?
A. Specific guidance must be followed when interacting with nongovernmental organizations.
B. Disclosure laws tend to be consistent from one jurisdiction to another.
C. There are several internationally recognized standards for dealing with financial donors.
D. Legal representation should be consulted before releasing internal audit information to other assurance providers.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Capacity overbuilding is most likely to occur when management is focused on which of the following?
A. Marketing.
B. Finance.
C. Production.
D. Diversification.
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
QUESTION 110
According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?
A. Access system security. B. Policy development.
C. Change management. D. Operations processes.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 111
According to the waterfall cycle approach to systems development, which of the following sequence of events is correct?
A. Program design, system requirements, software design, analysis, coding, testing, operations. B. System requirements, software design, analysis, program design, testing, coding, operations. C. System requirements, software design, analysis, program design, coding, testing, operations. D. System requirements, analysis, coding, software design, program design, testing, operations.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Which of the following describes a typical desktop workstation used by most employees in their daily work?
A. Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.
B. Workstation contains software that controls information flow between the organization's network and the Internet.
C. Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network. D. Workstation contains software that manages user's access and processing of stored data on the organization's network.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which of the following must be adjusted to index a progressive tax system to inflation?
A. Tax deductions, exemptions, and tax filings.
B. Tax deductions, exemptions, and tax brackets.
C. Tax brackets, tax deductions, and tax payments.
D. Tax brackets, exemptions, and nominal tax receipts.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which of the following is not a common feature of cumulative preferred stock?
A. Priority over common stock with regard to dilution of shares. B. Priority over common stock with regard to earnings.
C. Priority over common stock with regard to dividend payment. D. Priority over common stock with regard to assets.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which of the following is an example of a nonfinancial internal failure quality cost?
A. Decreasing gross profit margins over time.
B. Foregone contribution margin on lost sales.
C. Defective units shipped to customers.
D. Excessive time to convert raw materials into finished goods.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 116
A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system. Which of the following is most likely the cause of the difficulty?
A. High degree of masculinity. B. Low uncertainty avoidance. C. High collectivism.
D. Low long-term orientation.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?
A. Control environment.
B. Control activities.
C. Information and communication.
D. Monitoring.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which of the following principles is shared by both hierarchical and open organizational structures?
1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions. 2. A supervisor's span of control should not exceed seven subordinates.
3. Responsibility should be accompanied by adequate authority.
4. Employees at all levels should be empowered to make decisions.
A. 1 and 3 only. B. 1 and 4 only. C. 2 and 3 only. D. 3 and 4 only.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Which of the following statements about matrix organizations is false?
A. In a matrix organization, conflict between functional and product managers may arise.
B. In a matrix organization, staff under dual command is more likely to suffer stress at work. C. Matrix organizations offer the advantage of greater flexibility.
D. Matrix organizations minimize costs and simplify communication.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Which of the following are typical audit considerations for a review of authentication?
1. Authentication policies and evaluation of controls transactions.
2. Management of passwords, independent reconciliation, and audit trail. 3. Control self-assessment tools used by management.
4. Independent verification of data integrity and accuracy.
A. 1, 2, and 3 B. 1, 2, and 4 C. 1, 3, and 4 D. 2, 3, and 4
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 121
At what point during the systems development process should an internal auditor verify that the new application's connectivity to the organization's other systems has been established correctly?
A. Prior to testing the new application.
B. During testing of the new application.
C. During implementation of the new application. D. During maintenance of the new application.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Refer to the exhibit.
If the profit margin of an organization decreases, and all else remains equal, which of the following describes how the "Funds Needed" line in the graph below will shift?
A. The "Funds Needed" line will remain pointed upward, but will become less steep. B. The "Funds Needed" line will remain pointed upward, but will become more steep. C. The "Funds Needed" line will point downward with a minimal slope.
D. The "Funds Needed" line will point downward with an extreme slope.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 123
If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the auditor should do which of the following?
A. Conform with all other parts of The IIA's Standards and provide appropriate disclosures.
B. Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.
C. Continue the engagement without conforming with the other parts of The IIA's Standards. D. Withdraw from the engagement.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Which of the following is the most appropriate way to record each partner's initial investment in a partnership?
A. At the value agreed upon by the partners. B. At book value.
C. At fair value.
D. At the original cost.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: QUESTION 125
Which of the following is an example of a physical control?
A. Providing fire detection and suppression equipment.
B. Establishing a physical security policy and promoting it throughout the organization. C. Performing business continuity and disaster recovery planning.
D. Keeping an offsite backup of the organization's critical data.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Which of the following is an advantage of a decentralized organizational structure, as opposed to a centralized structure?
A. Greater cost-effectiveness,
B. Increased economies of scale. C. Larger talent pool.
D. Strong internal controls.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://www.economicsdiscussion.net/man ... tion/31848 QUESTION 127
Which of the following is most important for an internal auditor to check with regard to the database version?
A. Verify whether the organization uses the most recent database software version. B. Verify whether the database software version is supported by the vendor.
C. Verify whether the database software version has been recently upgraded.
D. Verify whether access to database version information is appropriately restricted.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 128
For employees, the primary value of implementing job enrichment is which of the following?
A. Validation of the achievement of their goals and objectives.
B. Increased knowledge through the performance of additional tasks.
C. Support for personal growth and a meaningful work experience.
D. An increased opportunity to manage better the work done by their subordinates.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://na.theiia.org/about-us/Public%2 ... 20Bond.pdf QUESTION 129
How do data analysis technologies affect internal audit testing?
A. They improve the effectiveness of spot check testing techniques. B. They allow greater insight into high risk areas.
C. They reduce the overall scope of the audit engagement.
D. They increase the internal auditor's objectivity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 130
According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?
A. Individual workstation computer controls are not as important as companywide server controls.
B. Particular attention should be paid to housing workstations away from environmental hazards.
C. Cybersecurity issues can be controlled at an enterprise level, making workstation level controls redundant. D. With security risks near an all-time high, workstations should not be connected to the company network.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 131
During which phase of the contracting process are contracts drafted for a proposed business activity?
A. Initiation phase.
B. Bidding phase.
C. Development phase. D. Management phase.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 132
Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?
A. Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room. B. Review the password length, frequency of change, and list of users for the workstation's login process.
C. Review the list of people who attempted to access the workstation and failed, as well as error messages.
D. Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 133
According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?
A. Hot recovery plan.
B. Warm recovery plan.
C. Cold recovery plan.
D. Absence of recovery plan.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 134
According to Maslow’s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?
A. Esteem by colleagues.
B. Self-fulfillment.
C. Sense of belonging in the organization. D. Job security.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://opentextbc.ca/businessopenstax/ ... -of-needs/ QUESTION 135
Which of the following statements is true regarding the "management-by-objectives” method?
A. Management by objectives is most helpful in organizations that have rapid changes.
B. Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.
C. Management by objectives helps organizations to keep employees motivated.
D. Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://www.investopedia.com/terms/m/ma ... ctives.asp
QUESTION 136
A technology developer has entered a two-year contract with another organization to design new software. According to IIA guidance, which of the following provisions of this agreement would be the most effective to protect the developer's product knowledge and expertise?
A. The right to audit.
B. A performance measurement system. C. Defined roles and responsibilities.
D. Intellectual property rights.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Which of the following statements is true regarding cost-volume-profit analysis?
A. Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.
B. Breakeven point is the amount of units sold to cover variable costs.
C. Breakeven occurs when the contribution margin covers fixed costs.
D. Following breakeven, net operating income will increase by the excess of fixed costs less the variable costs per units sold.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://courses.lumenlearning.com/acctm ... n%20margin% 20represents%20sales,%2C%20the%20name%20contribution%20margin
QUESTION 138
An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?
A. Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data. B. Ensure that relevant access to key applications is strictly controlled through an approval and review process. C. Institute detection and authentication controls for all devices used for network connectivity and data storage. D. Use management software to scan and then prompt patch reminders when devices connect to the network.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 139
Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?
A. Risk tolerance.
B. Performance.
C. Threats and opportunities. D. Governance.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 140
Which of the following is improved by the use of smart devices?
A. Version control.
B. Privacy.
C. Portability.
D. Secure authentication
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 141
Which of the following is a project planning methodology that involves a complex series of required simulations to provide information about schedule risk?
A. Monte Carlo Analysis.
B. Project Management Information System (PMIS)
C. Earned Value Management (EVM). D. Integrated Project Plan.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://opentextbc.ca/projectmanagement ... anagement/
QUESTION 142
The audit committee has asked the internal audit activity to integrate data analytics into all work programs going forward. To accomplish this, which of the following describes the first step an audit team should take when planning for an audit?
A. Ensure that there are sufficient audit resources or train personnel in data analytics.
B. Obtain and assess as much data as possible for the audit.
C. Identify the business question or need, data required, and expected results.
D. Gain management's approval and willingness to accept audit findings based on data analytics.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 143
In an organization that produces chocolate, the leadership team decides that the organization will open a milk production facility for its milk chocolate. Which of the following strategies has the organization chosen?
A. Vertical integration.
B. Unrelated diversification. C. Differentiation.
D. Focus.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 144
Which of the following describes the most effective control that restricts access to secure areas?
A. Employee security policy. B. Access log reviews.
C. Biometric authorization. D. Security cameras.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 145
Which of the following controls helps protect externally stored sensitive or confidential data from cyberthreats?
A. Secure configurations and access controls.
B. Strong vendor contracts with control reports provided by service organizations. C. Active and frequent monitoring of network traffic activities.
D. Firewalls to block unauthorized processing of transactions.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 146
Which of the following focuses on finding statistical relationships in order to create profiles?
A. Process mining. B. Process analysis. C. Data mining.
D. Data analysis.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://www.researchgate.net/profile/Mo ... tive_data/ attachment/59d659ca79197b80779af218/AS%3A543750520664064%401506651634578/download/CHAPTER+6-+DATA+ANALYSIS+AND +INTERPRET A TION.pdf
QUESTION 147
According to Herzberg's Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees?
A. Salary and status.
B. Responsibility and advancement. C. Work conditions and security.
D. Peer relationships and personal life.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://www.mindtools.com/pages/article ... actors.htm
QUESTION 148
At an organization that uses a periodic inventory system, the accountant accidentally understated the organization's beginning inventory. How would the accountant's accident impact the income statement?
A. Cost of goods sold will be understated and net income will be overstated.
B. Cost of goods sold will be overstated and net income will be understated.
C. Cost of goods sold will be understated and there will be no impact on net income. D. There will be no impact on cost of goods sold and net income will be overstated.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 149
Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?
A. A clothing company designs, makes, and sells a new item.
B. A commercial construction company is hired to build a warehouse.
C. A city department sets up a new firefighter training program.
D. A manufacturing organization acquires component parts from a contracted vendor.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 150
Which of the following is classified as a product cost using the variable costing method?
1. Direct labor costs.
2. Insurance on a factory.
3. Manufacturing supplies.
4. Packaging and shipping costs.
A. 1 and 2. B. 1 and 3. C. 2 and 4. D. 3 and 4.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 151
Which of the following statements is true regarding the capital budgeting procedure known as discounted payback period?
A. It calculates the overall value of a project.
B. It ignores the time value of money.
C. It calculates the time a project takes to break even. D. It begins at time zero for the project.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://www.investopedia.com/terms/d/di ... me%20value %20of%20money
QUESTION 152
A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?
A. Lack of coordination among different business units.
B. Operational decisions are inconsistent with organizational goals. C. Suboptimal decision-making.
D. Duplication of business activities.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 153
An internal auditor found the following information while reviewing the monthly financial statements for a wholesaler of safety glasses:
Opening inventory: Purchased:
Sold:
1,000 units at $2 per unit 5,000 units at $3 per unit
3,000 units at $7 per unit
The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?
A. Average cost method.
B. First-in, first-out (FIFO) method.
C. Specific identification method. D. Activity-based costing method.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 154
Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?
A. Requested backup tapes were not returned from the offsite vendor in a timely manner. B. Returned backup tapes from the offsite vendor contained empty spaces.
C. Critical systems have been backed up more frequently than required.
D. Critical system backup tapes are taken off site less frequently than required
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 155
An internal auditor was asked to review an equal equity partnership. In one sampled transaction, Partner A transferred equipment into the partnership with a self- declared value of $10,000, and Partner B contributed equipment with a self-declared value of $15,000. The capital accounts of each partner were subsequently credited with $12,500. Which of the following statements is true regarding this transaction?
A. The capital accounts of the partners should be increased by the original cost of the contributed equipment.
B. The capital accounts should be increased using a weighted average based on the current percentage of ownership. C. No action is needed, as the capital account of each partner was increased by the correct amount.
D. The capital accounts of the partners should be increased by the fair market value of their contribution.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 156
An internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?
A. The auditor is normalizing data in preparation for analyzing it.
B. The auditor is analyzing the data in preparation for communicating the results.
C. The auditor is cleaning the data in preparation for determining which processes may be involved. D. The auditor is reviewing the data prior to defining the question.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Which of the following is an example of an application control?
A. Automated password change requirements. B. System data backup process.
C. User testing of system changes.
D. Formatted data fields.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://chapters.theiia.org/montreal/Ch ... ntrols.pdf
QUESTION 158
A retail organization mistakenly did not include $10,000 of inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?
A. Cost of sales and net income are understated. B. Cost of sales and net income are overstated.
C. Cost of sales is understated and net income is overstated. D. Cost of sales is overstated and net income is understated.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 159
Which of the following statements is most accurate concerning the management and audit of a web server?
A. The file transfer protocol (FTP) should always be enabled.
B. The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.
C. The number of ports and protocols allowed to access the web server should be maximized.
D. Secure protocols for confidential pages should be used instead of clear-text protocols such as HTTP or FTP.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 160
Which of the following statements is true regarding data backup?
A. System backups should always be performed real time.
B. Backups should be stored in a secured location onsite for easy access.
C. The tape rotation schedule affects how long data is retained.
D. Backup media should be restored only in case of a hardware or software failure.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 161
According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?
A. Formulas and static data are locked or protected.
B. The spreadsheet is stored on a network server that is backed up daily. C. The purpose and use of the spreadsheet are documented.
D. Check-in and check-out software is used to control versions.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 162
An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?
A. It is particularly helpful to management when the organization is facing rapid change.
B. It is a more successful approach when adopted by mechanistic organizations.
C. It is more successful when goal-setting is performed not only by management, but by all team members, including lower-level staff. D. It is particularly successful in environments that are prone to having poor employer-employee relations.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Which of the following physical access controls is most likely to be based on “something you have” concept?
A. A retina characteristics reader. B. A PIN code reader.
C. A card-key scanner.
D. A fingerprint scanner.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 164
When using data analytics during a review of the procurement process, what is the first step in the analysis process?
A. Identify data anomalies and outliers.
B. Define questions to be answered.
C. Identify data sources available.
D. Determine the scope of the data extract.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Which of the following is an example of a key systems development control typically found in the in-house development of an application system?
A. Logical access controls monitor application usage and generate audit trails.
B. The development process is designed to prevent, detect, and correct errors that may occur. C. A record is maintained to track the process of data from input, to output, to storage.
D. Business users’ requirements are documented, and their achievement is monitored.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 166
What is the primary purpose of data and systems backup?
A. To restore all data and systems immediately after the occurrence of an incident.
B. To set the maximum allowable downtime to restore systems and data after the occurrence of an incident. C. To set the point in time to which systems and data must be recovered after the occurrence of an incident. D. To restore data and systems to a previous point in time after the occurrence of an incident.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 167
Which of the following authentication device credentials is the most difficult to revoke when an employee's access rights need to be removed?
A. A traditional key lock. B. A biometric device. C. A card-key system. D. A proximity device.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 168
A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?
A. Fixed and variable manufacturing costs are less than the special offer selling price.
B. The manufacturer can fulfill the order without expanding the capacities of the production facilities. C. Costs related to accepting this offer can be absorbed through the sale of other products.
D. The manufacturer's production facilities are currently operating at full capacity.
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
QUESTION 169
Which of the following data security policies is most likely to be the result of a data privacy law?
A. Access to personally identifiable information is limited to those who need it to perform their job.
B. Confidential data must be backed up and recoverable within a 24-hour period.
C. Updates to systems containing sensitive data must be approved before being moved to production.
D. A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 170
An organization that sells products to a foreign subsidiary wants to charge a price that will decrease import tariffs. Which of the following is the best course of action for the organization?
A. Decrease the transfer price.
B. Increase the transfer price.
C. Charge at the arm’s length price.
D. Charge at the optimal transfer price.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 171
An organization accomplishes its goal to obtain a 40 percent share of the domestic market, but is unable to get the desired return on investment and output per hour of labor. Based on this information, the organization is most likely focused on which of the following?
A. Capital investment and not marketing. B. Marketing and not capital investment. C. Efficiency and not input economy.
D. Effectiveness and not efficiency.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
An organization accumulated the following data for the prior fiscal year: Value of
Percentage of
Quarter
Output Produced
Cost X
1 $4,750,000 2.9
2 $4,700,000 3.0
3 $4,350,000 3.2
4 $4,000,000 3.5
Based on this data, which of the following describes the value of Cost X in relation to the value of Output Produced?
A. Cost X is a variable cost.
B. Cost X is a fixed cost.
C. Cost X is a semi-fixed cost.
D. Cost X and the value of Output Produced are unrelated.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 68
An internal auditor is trying to assess control risk and the effectiveness of an organization's internal controls. Which of the following audit procedures would not provide assurance to the auditor on this matter?
A. Interviewing the organization's employees. B. Observing the organization's operations. C. Reading the board's minutes.
D. Inspecting manuals and documents.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Within an enterprise, IT governance relates to the:
1. Alignment between the enterprise's IT long term plan and the organization's objectives.
2. Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives. 3. Operational plans established to support the IT strategies and objectives.
4. Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.
A. 1 and 2 only
B. 3 and 4 only
C. 1, 2, and 4 only D. 2, 3, and 4 only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 70
According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?
1. Every employee generally has a responsibility for ensuring the success of CSR objectives.
2. The board has overall responsibility for the effectiveness of internal control processes associated with CSR. 3. Public reporting on the CSR governance process is expected.
4. Organizations generally have flexibility regarding what is included in a CSR program.
A. 1, 2, and 3 only B. 1, 2, and 4 only C. 1, 3, and 4 only
D. 2, 3, and 4 only
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Which of the following would not impair the objectivity of internal auditor?
A. Management assurance on risks.
B. Implementing risk responses on behalf of management.
C. Providing assurance that risks assessed are correctly evaluated. D. Setting the risk appetite.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 72
In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?
A. Giving assurance that risks are evaluated correctly.
B. Developing the risk management strategy for the board's approval. C. Facilitating the identification and evaluation of risks.
D. Coaching management in responding to risk.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Which of the following statements are true regarding the use of heat maps as risk assessment tools?
1. They focus primarily on known risks, limiting the ability to identify new risks. 2. They rely heavily on objective assessments and related risk tolerances.
3. They are too complex to provide an easily understandable view of key risks. 4. They are helpful but limited in value in a rapidly changing environment.
A. 1 and 2 only B. 1 and 4 only C. 2 and 3 only D. 3 and 4 only
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 74
In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?
A. Identifying the processes at the activity level.
B. Analyzing the organization's strategic plan where the business processes are defined.
C. Analyzing the organization's objectives and identifying the processes needed to achieve the objectives. D. Identifying the risks affecting the organization, the objectives, and then the processes concerned.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 75
In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?
A. The underlying causes of the risk.
B. The impact of the risk on the organization's objectives.
C. The risk levels of current and future events. D. The potential for eliminating risk factors.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 76
An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud. Which of the following controls would be least effective in detecting any potential fraudulent activity?
A. Exception report identifying payment anomalies.
B. Documented policy and procedures.
C. Periodic account reconciliation of contractor charges. D. Monthly management review of all contractor activity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 77
Which of the following should an organization consider when developing strategic objectives for its business processes?
1. Contribution to the success of the organization.
2. Reliability of operational information.
3. Behaviors and actions expected of employees.
4. How inputs combine with outputs to generate activities.
A. 1 and 2 only B. 1 and 3 only C. 2 and 4 only D. 3 and 4 only
Correct Answer: B
Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Which of the following phases of a business cycle are marked by an underuse of resources?
1. The trough.
2. The peak.
3. The recovery. 4. The recession.
A. 1 and 3 only B. 1 and 4 only C. 2 and 3 only D. 2 and 4 only
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 79
According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?
A. Key processes across the entity which impact quality must be identified and included.
B. The quality management system must be documented in the articles of incorporation, quality manual, procedures, work instructions, and records.
C. Management must review the quality policy, analyze data about quality management system performance, and assess opportunities for improvement and the need for change.
D. The entity must have processes for inspections, testing, measurement, analysis, and improvement.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which of the following professional organizations sets standards for quality and environmental audits?
A. The Committee of Sponsoring Organizations of the Treadway Commission. B. The Board of Environmental, Health, and Safety Auditor Certifications.
C. The International Organization of Supreme Audit Institutions.
D. The International Standards Organization.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 81
An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function. Which of the following is true regarding the supporting application software used by that provider compared to an in-house developed system?
1. Updating documentation is always a priority. 2. System availability is usually more reliable. 3. Data security risks are lower.
4. Overall system costs are lower.
A. 1 and 2 only B. 1 and 3 only C. 2 and 4 only D. 3 and 4 only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:
A. Motivation.
B. Performance.
C. Organizational structure. D. Communication.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which of the following is a strategy that organizations can use to stimulate innovation?
1. Source from the most advanced suppliers.
2. Establish employee programs that reward initiative.
3. Identify best practice competitors as motivators.
4. Ensure that performance targets are always achieved.
A. 1 and 3 only
B. 2 and 4 only
C. 1, 2, and 3 only D. 1, 2, 3, and 4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Which of the following statements about market signaling is correct?
1. The organization releases information about a new product generation.
2. The organization limits a challenger's access to the best source of raw materials or labor. 3. The organization announces that it is fighting a new process technology.
4. The organization makes exclusive arrangements with the channels.
A. 1 and 3 only B. 1 and 4 only C. 2 and 3 only D. 2 and 4 only
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which of the following strategies would most likely prevent an organization from adjusting to evolving industry market conditions?
A. Specializing in proven manufacturing techniques that have made the organization profitable in the past. B. Substituting its own production technology with advanced techniques used by its competitors.
C. Forgoing profits over a period of time to gain market share from its competitors.
D. Using the same branding to sell its products through new sales channels to target new markets.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 86
According to Porter, which of the following is associated with fragmented industries?
A. Weak entrance barriers.
B. Significant scale economies.
C. Steep experience curve.
D. Strong negotiation power with suppliers.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 87
In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?
A. It uses the same products in all countries.
B. It centralizes control with little decision-making authority given to the local level.
C. It is an effective strategy when large differences exist between countries.
D. It provides cost advantages, improves coordinated activities, and speeds product development.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Organizational activities that complement each other and create a competitive advantage are called a:
A. Merger.
B. Strategic fit. C. Joint venture. D. Strategic goal.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 89
Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?
A. Forming stage. B. Norming stage.
C. Performing stage. D. Storming stage.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which of the following statements is true regarding the resolution of interpersonal conflict?
A. Unrealized expectations can be avoided with open and honest discussion.
B. Reorganization would probably not help ambiguous or overlapping jurisdictions.
C. Deferring action should be used until there is sufficient time to fully deal with the issue.
D. Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 91
When granting third parties temporary access to an entity's computer systems, which of the following is the most effective control?
A. Access is approved by the supervising manager.
B. User accounts specify expiration dates and are based on services provided. C. Administrator access is provided for a limited period.
D. User accounts are deleted when the work is completed.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 92
Which of the following statements regarding program change management is not correct?
A. The goal of the change management process is to sustain and improve organizational operations.
B. The degree of risk associated with a proposed change determines if the change request requires authorization.
C. In order to protect the production environment, changes must be managed in a repeatable, defined, and predictable manner. D. All changes should be tested in a non-production environment before migrating to the production environment.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 93
When auditing an application change control process, which of the following procedures should be included in the scope of the audit?
1. Ensure system change requests are formally initiated, documented, and approved.
2. Ensure processes are in place to prevent emergency changes from taking place.
3. Ensure changes are adequately tested before being placed into the production environment. 4. Evaluate whether the procedures for program change management are adequate.
A. 1 only
B. 1 and 3 only
C. 2 and 4 only
D. 1, 3, and 4 only
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 94
An internal auditor discovered that several unauthorized modifications were made to the production version of an organization's accounting application. Which of the following best describes this deficiency?
A. Production controls weakness. B. Application controls weakness. C. Authorization controls weakness. D. Change controls weakness.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which of the following would provide the most relevant assurance that the application under development will provide maximum value to the organization?
A. Use of a formal systems development lifecycle. B. End-user involvement.
C. Adequate software documentation.
D. Formalized non-regression testing phase.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which of the following statements regarding database management systems is not correct?
A. Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files. B. The database management system acts as a layer between the application software and the operating system.
C. Applications pass on the instructions for data manipulation which are then executed by the database management system.
D. The data within the database management system can only be manipulated directly by the database management system administrator.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 97
A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.
Copy 1 was solely for backup purposes.
Copy 2 was for use by another member of the department.
In terms of software licenses and copyright law, which of the following is correct?
A. Both copies are legal. B. Only copy 1 is legal. C. Only copy 2 is legal. D. Neither copy is legal.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 98
During which phase of disaster recovery planning should an organization identify the business units, assets, and systems that are critical to continuing an acceptable level of operations?
A. Scope and initiation phase. B. Business impact analysis. C. Plan development.
D. Testing.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 99
Which of the following are the most appropriate measures for evaluating the change in an organization's liquidity position?
A. Times interest earned, return on assets, and inventory turnover.
B. Accounts receivable turnover, inventory turnover in days, and the current ratio. C. Accounts receivable turnover, return on assets, and the current ratio.
D. Inventory turnover in days, the current ratio, and return on equity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Unsecured loans are loans:
A. That do not have to be repaid for over one year.
B. That appear to be too risky for most lenders to consider. C. Granted on the basis of a company's credit standing.
D. Backed by mortgaged assets.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:
Activity Level - Maintenance Cost
Month Patient Days Incurred
January
5,600 $7,900
February 7,100 $8,500
March 5,000 $7,400
April 6,500 $8,200
May 7,300 $9,100
June 8,000 $9,800
If the cost of maintenance is expressed in an equation, what is the independent variable for this data?
A. Fixed cost.
B. Variable cost.
C. Total maintenance cost. D. Patient days.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Import quotas that limit the quantities of goods that a domestic subsidiary can buy from its foreign parent company represent which type of barrier to the parent company?
A. Political. B. Financial. C. Social. D. Tariff.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 103
Which of the following corporate social responsibility strategies is likely to be most effective in minimizing confrontations with influential activists and lobbyists?
A. Continually evaluate the needs and opinions of all stakeholder groups.
B. Ensure strict compliance with applicable laws and regulations to avoid incidents.
C. Maintain a comprehensive publicity campaign that highlights the organization's efforts. D. Increase goodwill through philanthropic activities among stakeholder communities.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 104
When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?
1. Management’s tolerance for specific risks.
2. The cost versus benefit of implementing a control. 3. Whether a control can mitigate multiple risks.
4. The ability to test the effectiveness of the control.
A. 1, 2, and 3 B. 1, 2, and 4 C. 1, 3, and 4 D. 2, 3, and 4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 105
According to the COSO enterprise risk management (ERM) framework, which of the following is not a typical responsibility of the chief risk officer?
A. Establishing risk category definitions and a common risk language for likelihood and impact measures. B. Defining ERM roles and responsibilities.
C. Providing the board with an independent, objective risk perspective on financial reporting.
D. Guiding integration of ERM with other management activities.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Which of the following price adjustment strategies encourages prompt payment?
A. Cash discounts.
B. Quantity discounts. C. Functional discounts. D. Seasonal discounts.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 107
According to IIA guidance, which of the following is a typical risk associated with the tender process and contracting stage of an organization's IT outsourcing life
cycle?
A. The process is not sustained and is not optimized as planned. B. There is a lack of alignment to organizational strategies.
C. The operational quality is less than projected.
D. There is increased potential for loss of assets.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which of the following is true regarding an organization's relationship with external stakeholders?
A. Specific guidance must be followed when interacting with nongovernmental organizations.
B. Disclosure laws tend to be consistent from one jurisdiction to another.
C. There are several internationally recognized standards for dealing with financial donors.
D. Legal representation should be consulted before releasing internal audit information to other assurance providers.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Capacity overbuilding is most likely to occur when management is focused on which of the following?
A. Marketing.
B. Finance.
C. Production.
D. Diversification.
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
QUESTION 110
According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?
A. Access system security. B. Policy development.
C. Change management. D. Operations processes.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 111
According to the waterfall cycle approach to systems development, which of the following sequence of events is correct?
A. Program design, system requirements, software design, analysis, coding, testing, operations. B. System requirements, software design, analysis, program design, testing, coding, operations. C. System requirements, software design, analysis, program design, coding, testing, operations. D. System requirements, analysis, coding, software design, program design, testing, operations.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Which of the following describes a typical desktop workstation used by most employees in their daily work?
A. Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.
B. Workstation contains software that controls information flow between the organization's network and the Internet.
C. Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network. D. Workstation contains software that manages user's access and processing of stored data on the organization's network.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which of the following must be adjusted to index a progressive tax system to inflation?
A. Tax deductions, exemptions, and tax filings.
B. Tax deductions, exemptions, and tax brackets.
C. Tax brackets, tax deductions, and tax payments.
D. Tax brackets, exemptions, and nominal tax receipts.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which of the following is not a common feature of cumulative preferred stock?
A. Priority over common stock with regard to dilution of shares. B. Priority over common stock with regard to earnings.
C. Priority over common stock with regard to dividend payment. D. Priority over common stock with regard to assets.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which of the following is an example of a nonfinancial internal failure quality cost?
A. Decreasing gross profit margins over time.
B. Foregone contribution margin on lost sales.
C. Defective units shipped to customers.
D. Excessive time to convert raw materials into finished goods.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 116
A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system. Which of the following is most likely the cause of the difficulty?
A. High degree of masculinity. B. Low uncertainty avoidance. C. High collectivism.
D. Low long-term orientation.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?
A. Control environment.
B. Control activities.
C. Information and communication.
D. Monitoring.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which of the following principles is shared by both hierarchical and open organizational structures?
1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions. 2. A supervisor's span of control should not exceed seven subordinates.
3. Responsibility should be accompanied by adequate authority.
4. Employees at all levels should be empowered to make decisions.
A. 1 and 3 only. B. 1 and 4 only. C. 2 and 3 only. D. 3 and 4 only.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Which of the following statements about matrix organizations is false?
A. In a matrix organization, conflict between functional and product managers may arise.
B. In a matrix organization, staff under dual command is more likely to suffer stress at work. C. Matrix organizations offer the advantage of greater flexibility.
D. Matrix organizations minimize costs and simplify communication.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Which of the following are typical audit considerations for a review of authentication?
1. Authentication policies and evaluation of controls transactions.
2. Management of passwords, independent reconciliation, and audit trail. 3. Control self-assessment tools used by management.
4. Independent verification of data integrity and accuracy.
A. 1, 2, and 3 B. 1, 2, and 4 C. 1, 3, and 4 D. 2, 3, and 4
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 121
At what point during the systems development process should an internal auditor verify that the new application's connectivity to the organization's other systems has been established correctly?
A. Prior to testing the new application.
B. During testing of the new application.
C. During implementation of the new application. D. During maintenance of the new application.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Refer to the exhibit.
If the profit margin of an organization decreases, and all else remains equal, which of the following describes how the "Funds Needed" line in the graph below will shift?
A. The "Funds Needed" line will remain pointed upward, but will become less steep. B. The "Funds Needed" line will remain pointed upward, but will become more steep. C. The "Funds Needed" line will point downward with a minimal slope.
D. The "Funds Needed" line will point downward with an extreme slope.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 123
If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the auditor should do which of the following?
A. Conform with all other parts of The IIA's Standards and provide appropriate disclosures.
B. Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.
C. Continue the engagement without conforming with the other parts of The IIA's Standards. D. Withdraw from the engagement.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Which of the following is the most appropriate way to record each partner's initial investment in a partnership?
A. At the value agreed upon by the partners. B. At book value.
C. At fair value.
D. At the original cost.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: QUESTION 125
Which of the following is an example of a physical control?
A. Providing fire detection and suppression equipment.
B. Establishing a physical security policy and promoting it throughout the organization. C. Performing business continuity and disaster recovery planning.
D. Keeping an offsite backup of the organization's critical data.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Which of the following is an advantage of a decentralized organizational structure, as opposed to a centralized structure?
A. Greater cost-effectiveness,
B. Increased economies of scale. C. Larger talent pool.
D. Strong internal controls.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://www.economicsdiscussion.net/man ... tion/31848 QUESTION 127
Which of the following is most important for an internal auditor to check with regard to the database version?
A. Verify whether the organization uses the most recent database software version. B. Verify whether the database software version is supported by the vendor.
C. Verify whether the database software version has been recently upgraded.
D. Verify whether access to database version information is appropriately restricted.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 128
For employees, the primary value of implementing job enrichment is which of the following?
A. Validation of the achievement of their goals and objectives.
B. Increased knowledge through the performance of additional tasks.
C. Support for personal growth and a meaningful work experience.
D. An increased opportunity to manage better the work done by their subordinates.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://na.theiia.org/about-us/Public%2 ... 20Bond.pdf QUESTION 129
How do data analysis technologies affect internal audit testing?
A. They improve the effectiveness of spot check testing techniques. B. They allow greater insight into high risk areas.
C. They reduce the overall scope of the audit engagement.
D. They increase the internal auditor's objectivity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 130
According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?
A. Individual workstation computer controls are not as important as companywide server controls.
B. Particular attention should be paid to housing workstations away from environmental hazards.
C. Cybersecurity issues can be controlled at an enterprise level, making workstation level controls redundant. D. With security risks near an all-time high, workstations should not be connected to the company network.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 131
During which phase of the contracting process are contracts drafted for a proposed business activity?
A. Initiation phase.
B. Bidding phase.
C. Development phase. D. Management phase.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 132
Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?
A. Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room. B. Review the password length, frequency of change, and list of users for the workstation's login process.
C. Review the list of people who attempted to access the workstation and failed, as well as error messages.
D. Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 133
According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?
A. Hot recovery plan.
B. Warm recovery plan.
C. Cold recovery plan.
D. Absence of recovery plan.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 134
According to Maslow’s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?
A. Esteem by colleagues.
B. Self-fulfillment.
C. Sense of belonging in the organization. D. Job security.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://opentextbc.ca/businessopenstax/ ... -of-needs/ QUESTION 135
Which of the following statements is true regarding the "management-by-objectives” method?
A. Management by objectives is most helpful in organizations that have rapid changes.
B. Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.
C. Management by objectives helps organizations to keep employees motivated.
D. Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://www.investopedia.com/terms/m/ma ... ctives.asp
QUESTION 136
A technology developer has entered a two-year contract with another organization to design new software. According to IIA guidance, which of the following provisions of this agreement would be the most effective to protect the developer's product knowledge and expertise?
A. The right to audit.
B. A performance measurement system. C. Defined roles and responsibilities.
D. Intellectual property rights.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Which of the following statements is true regarding cost-volume-profit analysis?
A. Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.
B. Breakeven point is the amount of units sold to cover variable costs.
C. Breakeven occurs when the contribution margin covers fixed costs.
D. Following breakeven, net operating income will increase by the excess of fixed costs less the variable costs per units sold.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://courses.lumenlearning.com/acctm ... n%20margin% 20represents%20sales,%2C%20the%20name%20contribution%20margin
QUESTION 138
An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?
A. Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data. B. Ensure that relevant access to key applications is strictly controlled through an approval and review process. C. Institute detection and authentication controls for all devices used for network connectivity and data storage. D. Use management software to scan and then prompt patch reminders when devices connect to the network.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 139
Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?
A. Risk tolerance.
B. Performance.
C. Threats and opportunities. D. Governance.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 140
Which of the following is improved by the use of smart devices?
A. Version control.
B. Privacy.
C. Portability.
D. Secure authentication
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 141
Which of the following is a project planning methodology that involves a complex series of required simulations to provide information about schedule risk?
A. Monte Carlo Analysis.
B. Project Management Information System (PMIS)
C. Earned Value Management (EVM). D. Integrated Project Plan.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://opentextbc.ca/projectmanagement ... anagement/
QUESTION 142
The audit committee has asked the internal audit activity to integrate data analytics into all work programs going forward. To accomplish this, which of the following describes the first step an audit team should take when planning for an audit?
A. Ensure that there are sufficient audit resources or train personnel in data analytics.
B. Obtain and assess as much data as possible for the audit.
C. Identify the business question or need, data required, and expected results.
D. Gain management's approval and willingness to accept audit findings based on data analytics.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 143
In an organization that produces chocolate, the leadership team decides that the organization will open a milk production facility for its milk chocolate. Which of the following strategies has the organization chosen?
A. Vertical integration.
B. Unrelated diversification. C. Differentiation.
D. Focus.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 144
Which of the following describes the most effective control that restricts access to secure areas?
A. Employee security policy. B. Access log reviews.
C. Biometric authorization. D. Security cameras.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 145
Which of the following controls helps protect externally stored sensitive or confidential data from cyberthreats?
A. Secure configurations and access controls.
B. Strong vendor contracts with control reports provided by service organizations. C. Active and frequent monitoring of network traffic activities.
D. Firewalls to block unauthorized processing of transactions.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 146
Which of the following focuses on finding statistical relationships in order to create profiles?
A. Process mining. B. Process analysis. C. Data mining.
D. Data analysis.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://www.researchgate.net/profile/Mo ... tive_data/ attachment/59d659ca79197b80779af218/AS%3A543750520664064%401506651634578/download/CHAPTER+6-+DATA+ANALYSIS+AND +INTERPRET A TION.pdf
QUESTION 147
According to Herzberg's Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees?
A. Salary and status.
B. Responsibility and advancement. C. Work conditions and security.
D. Peer relationships and personal life.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://www.mindtools.com/pages/article ... actors.htm
QUESTION 148
At an organization that uses a periodic inventory system, the accountant accidentally understated the organization's beginning inventory. How would the accountant's accident impact the income statement?
A. Cost of goods sold will be understated and net income will be overstated.
B. Cost of goods sold will be overstated and net income will be understated.
C. Cost of goods sold will be understated and there will be no impact on net income. D. There will be no impact on cost of goods sold and net income will be overstated.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 149
Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?
A. A clothing company designs, makes, and sells a new item.
B. A commercial construction company is hired to build a warehouse.
C. A city department sets up a new firefighter training program.
D. A manufacturing organization acquires component parts from a contracted vendor.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 150
Which of the following is classified as a product cost using the variable costing method?
1. Direct labor costs.
2. Insurance on a factory.
3. Manufacturing supplies.
4. Packaging and shipping costs.
A. 1 and 2. B. 1 and 3. C. 2 and 4. D. 3 and 4.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 151
Which of the following statements is true regarding the capital budgeting procedure known as discounted payback period?
A. It calculates the overall value of a project.
B. It ignores the time value of money.
C. It calculates the time a project takes to break even. D. It begins at time zero for the project.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://www.investopedia.com/terms/d/di ... me%20value %20of%20money
QUESTION 152
A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?
A. Lack of coordination among different business units.
B. Operational decisions are inconsistent with organizational goals. C. Suboptimal decision-making.
D. Duplication of business activities.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 153
An internal auditor found the following information while reviewing the monthly financial statements for a wholesaler of safety glasses:
Opening inventory: Purchased:
Sold:
1,000 units at $2 per unit 5,000 units at $3 per unit
3,000 units at $7 per unit
The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?
A. Average cost method.
B. First-in, first-out (FIFO) method.
C. Specific identification method. D. Activity-based costing method.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 154
Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?
A. Requested backup tapes were not returned from the offsite vendor in a timely manner. B. Returned backup tapes from the offsite vendor contained empty spaces.
C. Critical systems have been backed up more frequently than required.
D. Critical system backup tapes are taken off site less frequently than required
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 155
An internal auditor was asked to review an equal equity partnership. In one sampled transaction, Partner A transferred equipment into the partnership with a self- declared value of $10,000, and Partner B contributed equipment with a self-declared value of $15,000. The capital accounts of each partner were subsequently credited with $12,500. Which of the following statements is true regarding this transaction?
A. The capital accounts of the partners should be increased by the original cost of the contributed equipment.
B. The capital accounts should be increased using a weighted average based on the current percentage of ownership. C. No action is needed, as the capital account of each partner was increased by the correct amount.
D. The capital accounts of the partners should be increased by the fair market value of their contribution.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 156
An internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?
A. The auditor is normalizing data in preparation for analyzing it.
B. The auditor is analyzing the data in preparation for communicating the results.
C. The auditor is cleaning the data in preparation for determining which processes may be involved. D. The auditor is reviewing the data prior to defining the question.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Which of the following is an example of an application control?
A. Automated password change requirements. B. System data backup process.
C. User testing of system changes.
D. Formatted data fields.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://chapters.theiia.org/montreal/Ch ... ntrols.pdf
QUESTION 158
A retail organization mistakenly did not include $10,000 of inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?
A. Cost of sales and net income are understated. B. Cost of sales and net income are overstated.
C. Cost of sales is understated and net income is overstated. D. Cost of sales is overstated and net income is understated.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 159
Which of the following statements is most accurate concerning the management and audit of a web server?
A. The file transfer protocol (FTP) should always be enabled.
B. The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.
C. The number of ports and protocols allowed to access the web server should be maximized.
D. Secure protocols for confidential pages should be used instead of clear-text protocols such as HTTP or FTP.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 160
Which of the following statements is true regarding data backup?
A. System backups should always be performed real time.
B. Backups should be stored in a secured location onsite for easy access.
C. The tape rotation schedule affects how long data is retained.
D. Backup media should be restored only in case of a hardware or software failure.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 161
According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?
A. Formulas and static data are locked or protected.
B. The spreadsheet is stored on a network server that is backed up daily. C. The purpose and use of the spreadsheet are documented.
D. Check-in and check-out software is used to control versions.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 162
An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?
A. It is particularly helpful to management when the organization is facing rapid change.
B. It is a more successful approach when adopted by mechanistic organizations.
C. It is more successful when goal-setting is performed not only by management, but by all team members, including lower-level staff. D. It is particularly successful in environments that are prone to having poor employer-employee relations.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Which of the following physical access controls is most likely to be based on “something you have” concept?
A. A retina characteristics reader. B. A PIN code reader.
C. A card-key scanner.
D. A fingerprint scanner.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 164
When using data analytics during a review of the procurement process, what is the first step in the analysis process?
A. Identify data anomalies and outliers.
B. Define questions to be answered.
C. Identify data sources available.
D. Determine the scope of the data extract.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Which of the following is an example of a key systems development control typically found in the in-house development of an application system?
A. Logical access controls monitor application usage and generate audit trails.
B. The development process is designed to prevent, detect, and correct errors that may occur. C. A record is maintained to track the process of data from input, to output, to storage.
D. Business users’ requirements are documented, and their achievement is monitored.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 166
What is the primary purpose of data and systems backup?
A. To restore all data and systems immediately after the occurrence of an incident.
B. To set the maximum allowable downtime to restore systems and data after the occurrence of an incident. C. To set the point in time to which systems and data must be recovered after the occurrence of an incident. D. To restore data and systems to a previous point in time after the occurrence of an incident.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 167
Which of the following authentication device credentials is the most difficult to revoke when an employee's access rights need to be removed?
A. A traditional key lock. B. A biometric device. C. A card-key system. D. A proximity device.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 168
A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?
A. Fixed and variable manufacturing costs are less than the special offer selling price.
B. The manufacturer can fulfill the order without expanding the capacities of the production facilities. C. Costs related to accepting this offer can be absorbed through the sale of other products.
D. The manufacturer's production facilities are currently operating at full capacity.
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
QUESTION 169
Which of the following data security policies is most likely to be the result of a data privacy law?
A. Access to personally identifiable information is limited to those who need it to perform their job.
B. Confidential data must be backed up and recoverable within a 24-hour period.
C. Updates to systems containing sensitive data must be approved before being moved to production.
D. A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 170
An organization that sells products to a foreign subsidiary wants to charge a price that will decrease import tariffs. Which of the following is the best course of action for the organization?
A. Decrease the transfer price.
B. Increase the transfer price.
C. Charge at the arm’s length price.
D. Charge at the optimal transfer price.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 171
An organization accomplishes its goal to obtain a 40 percent share of the domestic market, but is unable to get the desired return on investment and output per hour of labor. Based on this information, the organization is most likely focused on which of the following?
A. Capital investment and not marketing. B. Marketing and not capital investment. C. Efficiency and not input economy.
D. Effectiveness and not efficiency.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: