IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

The internal auditor may cite the use of other standards during audit communications.

If the other standards are government-issued, the internal auditor should apply them in conjunction with The IIA's Standards.

If there are inconsistencies between the other standards and The IIA's Standards, the internal auditor must use the more restrictive standards.

If there are inconsistencies between the other standards and The IIA's Standards, the internal auditor must use the less restrictive standards.

The cost of goods sold for the period will be understated.

The cost of goods sold for the period will be overstated.

The net income for the period will be understated.

There will be no effect on the cost of goods sold or the net income for the period.

A time-sensitive just-in-time purchase environment.

A large volume of custom purchases.

A variable volume sensitive to material cost.

A currently inefficient purchasing process.

Intranet.

Extranet.

Digital subscriber line.

Broadband.

Identify redundant controls.

Improve budgeting accuracy.

Enhance assurance provided to management.

Assist in developing audit programs.

That do not have to be repaid for over one year.

That appear to be too risky for most lenders to consider.

Granted on the basis of a company's credit standing.

Backed by mortgaged assets.

Specializing in proven manufacturing techniques that have made the organization profitable in the past.

Substituting its own production technology with advanced techniques used by its competitors.

Forgoing profits over a period of time to gain market share from its competitors.

Using the same branding to sell its products through new sales channels to target new markets.

Lack of flexibility.

Incompatibility with client/server technology.

Employee resistance to change.

Inadequate technical support.

Test marketing

Experimentation

Segmentation

Positioning

Standards, framework, and process.

Standards, assessments, and process.

Principles, framework, and process.

Principles, practices, and process.

1 only

2 only

3 only

2 and 3 only

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Draws positive attention to the writing style.

Treats all receivers with respect.

Suits the method of presentation and delivery.

Develops ideas without overstatement.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

1 and 2 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

Encourage compliance with policies and procedures.

Safeguard the resources of the organization.

Ensure the accuracy, reliability, and timeliness of information.

Provide reasonable assurance on the achievement of objectives.

Use an aging schedule to more closely estimate uncollectible accounts.

Eliminate the need for an allowance for doubtful accounts.

Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.

Use a method that approximates the matching principle.

Scope and initiation phase.

Business impact analysis.

Plan development.

Testing.

Outsourced business processes should not be considered in the internal audit universe because the controls are owned by the external service provider.

Generally, independence is improved when the internal audit activity reviews outsourced business processes.

The key controls of outsourced business processes typically are more difficult to audit because they are designed and managed externally.

The system of internal controls may be better and more efficient when the business process is

outsourced compared to internally sourced.

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate.

Functional departmentalization.

Product departmentalization.

Matrix organization.

Divisional organization.

A star

A cash cow

A Question mark

A dog

An offboarding procedure is initiated monthly to determine redundant physical access rights

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns

Requests for additional access rights are sent for approval and validation by direct supervisors

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

The percentage of cases flagged by the model and confirmed as positives.

The development and maintenance costs associated with the model

The feedback of auditors involved with developing the model

The number of criminal investigations initiated based on the outcomes of the model

Facilitates communication between primary functions.

Helps to focus on the achievement of organizational goals.

Provides for efficient use of specialized knowledge .

Accommodates geographically dispersed companies

A detailed budget that identifies hardware resources for the project

A Gantt chart that identifies the critical path for completing the project

Change management controls to avoid technical conflicts within the application

A project plan with a flexible scope to accommodate legislative requirements

$100,000

$200,000

$275,000

$500,000

All financial budgets

All operating budgets

Only the cash budget and budgeted balance sheet

Only the sales and production budgets

Full or near capacity in processes.

Smooth workflow among processes.

Few or no defects.

Lowered inventory levels.

Providing fire detection and suppression equipment

Establishing a physical security policy and promoting it throughout the organization

Performing business continuity and disaster recovery planning

Keeping an offsite backup of the organization's critical data

The file transfer protocol (FTP) should always be enabled

The simple mail transfer protocol (SMTP) should be operating under me most privileged accounts

The number of ports and protocols allowed to access the web server should be maximized

Secure protocols for confidential pages should be used instead of clear-text protocol such as HTTP or FTP

Workflow and data capture technology

Data visualization applications.

Software integrated with central data warehouse

Spreadsheets.

An extranet

A local area network.

An intranet

The internet

Linking performance to profitability measures such as return on investment.

Linking performance to the stock price.

Linking performance to quotas such as units produced.

Linking performance to nonfinancial measures such as customer satisfaction and employees training.

1 and 3 only.

1 and 4 only.

2 and 3 only

3 and 4 only.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences but cannot be used to identify the absence of differences

Identification of achievable goals and timelines.

Analysis of the competitive environment.

Plan for the procurement of resources.

Plan for progress reporting and oversight.

Attribute theory.

Path goal model

Life cycle model

Contingency theory

$266.667

$416,667

$3.750.000

$5 000.000

Detailed analytics

Predictive analytics

Diagnostic analytics

Prescriptive analytics

Diversification

Vertical integration

Risk avoidance

Differentiation

Lower shareholder control.

Lower indebtedness.

Higher company earnings per share.

Higher overall company earnings.

Commissions.

Stock options.

Gain-sharing bonuses.

Allowances.

Normalize the data

Obtain the data

identify the risks

Analyze the data

Decrease by about 17 percent.

Decrease by about 7 percent.

Increase by about 7 percent.

Increase by about 17 percent.

Does not require testing for user acceptance.

Allows applications to be portable across multiple system platforms.

Is less expensive since it is self-documenting.

Better involves users in the design process.

An effective internal audit function is one of the four cornerstones of good governance.

Those performing governance activities are accountable to the customer.

Accountability is one of the key elements of organizational governance.

Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

1 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

Submit batches of test transactions through the current system and verify with expected results.

Use a test program to simulate the normal data entering process.

Select a sample of records from the database and ensure it matches supporting documentation.

Evaluate compliance with the organization's change management process.

Identifying risks to the organization's operations.

Observing and analyzing controls.

Prioritizing known risks.

Reviewing organizational objectives.

Consult on project design and implementation of the CSR program.

Serve as an advisor on internal controls related to CSR.

Identify and prioritize the CSR issues that are important to the organization.

Evaluate the effectiveness of the organization's CSR efforts.

Promote closer linkage between organizational strategy and information.

Provide users with greater online access to information systems.

Enhance the functionality of application systems.

Expand the use of automated controls.

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

Cost X is a variable cost.

Cost X is a fixed cost.

Cost X is a semi-fixed cost.

Cost X and the value of Output Produced are unrelated.

We are a people-and-goods mover.

We supply energy.

We make movies.

We provide climate control in the home.

They require significant computer resources.

They are susceptible to supply-chain disruptions.

They require complicated materials-supply contracts.

They prevent manufacturers from scaling up or down to meet changing demands.

To verify that the application meets staled user requirements.

To verify that standalone programs match code specifications.

To verify that me application would work appropriately for the intended number of users.

To verify that all software and hardware components work together as intended

An internal auditor analyzed electricity production and sales interim reports and compiled a risk assessment.

An internal auditor extracted sales data to a spreadsheet and applied judgmental analysis for sampling.

An internal auditor classified solar panel sales by region and discovered unsuccessful sales

representatives.

An internal auditor broke down a complex process into smaller pieces to make it more understandable.

Preventing database administrators from initiating program changes.

Blocking technicians from getting into the network room.

Restricting system programmers' access to database facilities.

Using encryption for data transmitted over the public internet.

Reversing all previous closing adjustments is a mandatory step in the accounting cycle

Reversing entries should be completed at the end of the next accounting period after recording regular transactions of the period

Reversing entries are identical to the adjusting entries made in the previous period.

Reversing entries are the exact opposite of the adjustments made in the previous period.

First-in first-out method (FIFO)

Last-in first-out method (LIFO)

Specific identification method

Average-cost method

Voice recognition and token.

Password and fingerprint.

Fingerprint and voice recognition

Password and token

Application input controls

Firewall controls.

Transmission encryption controls

Change management controls

The auditor is normalizing data in preparation for analyzing it

The auditor is analyzing the data in preparation for communicating the results

The auditor is cleaning the data in preparation for determining which processes may tie involved

The auditor is reviewing the data prior to defining the question

Identity requests are approved in two steps.

Logs are checked for misaligned identities and access rights.

Users have to validate their identity with a smart card.

Functions can be performed based on access rights.

Conduct a risk assessment regarding the effectiveness of the data analytics process.

Analyze possible and available sources of raw data

Define the purpose and the anticipated value

Select data for cleaning and normalization procedures.

Review and acquire the external audit service.

Assess the appraisal and actuarial services.

Determine the selection criteria.

Identify regulatory requirements to be considered.

Internal strengths and weaknesses.

Break-even points.

External trends and events.

Internal risk factors.

1 and 3 only

2 and 4 only

1, 2, and 3 only

1, 2, 3, and 4

To improve the chain of command.

To strengthen corporate headquarters.

To focus better on a single market.

To increase lateral communication.