IIA-CIA-Part3 Business Knowledge for Internal Auditing Questions and Answers

Predictive analytics.

Prescriptive analytics.

Descriptive analytics.

Diagnostic analytics.

Social benefits.

Compensation.

Job safety.

Recognition

The initial investment of each partner should be recorded at book value.

The ownership ratio identifies the basis for dividing net income and net toss.

A partner's capital only changes due to net income or net loss.

The basis for sharing net incomes or net kisses must be fixed.

Net income would be understated.

Net income would not be affected.

Net income would be overstated.

Net income would be negative.

At the value agreed upon by the partners.

At book value.

At fair value

At the original cost.

Providing fire detection and suppression equipment

Establishing a physical security policy and promoting it throughout the organization

Performing business continuity and disaster recovery planning

Keeping an offsite backup of the organization's critical data

Less use of policies and procedures.

Less organizational commitment by employees.

Less emphasis on extrinsic rewards.

Less employee’s turnover.

Firewall.

Antivirus software.

Passwords.

Encryption.

Functional departmentalization.

Product departmentalization

Matrix organization.

Divisional organization

The authentication process relies on a simple password only, which is a weak method of authorization.

The system authorization of the user does not correctly reflect the access rights intended.

There was no periodic review to validate access rights.

The application owner apparently did not approve the access request during the provisioning process.

The percentage of cases flagged by the model and confirmed as positives.

The development and maintenance costs associated with the model

The feedback of auditors involved with developing the model.

The number of criminal investigations initiated based on the outcomes of the model

Descriptive.

Diagnostic.

Prescriptive.

Prolific.

2 and 3 only.

1, 2, and 3 only

1, 3, and 4 only

2, 3, and 4 only

An extranet

A local area network

An Intranet

The internet

Determining the frequency with which backups will be performed.

Prioritizing the order in which business systems would be restored.

Assigning who in the IT department would be involved in the recovery procedures.

Assessing the resources needed to meet the data recovery objectives.

Prompt response and remediation policy

Inventory of information assets

Information access management

Standard security configurations

The degree of risk associated with a proposed change determines whether the change request requires authorization

Program changes generally are developed and tested in the production environment.

Changes are only required by software programs

To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner

A witness verifies the quantities of the copies signed.

A witness verifies that the contract was signed with the free consent of the promisor and promisee.

A witness ensures the completeness of the contract between the promisor and promisee.

A witness validates that the signatures on the contract were signed by the promisor and promisee.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

A recovery strategy whereby a separate site has not yet been determined, but hardware has been reserved for purchase and data backups.

A recovery strategy whereby a separate site has been secured and is ready for use, with fully configured hardware and real-time synchronized data

A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved.

A recovery strategy whereby a separate site has been secured with configurable hardware and data backups.

Fixed maintenance costs.

Variable maintenance costs.

Mixed maintenance costs.

Indirect maintenance costs.

The user's facial geometry and voice recognition.

The user's password and a separate passphrase.

The user's key fob and a smart card.

The user's fingerprint and a personal Identification number.

Normalize the data,

Obtain the data

Identify the risks.

Analyze the data.

Review and monitor security controls.

Dedicate sufficient security resources.

Provide oversight to the security function.

Assess information control environments.

Cost method.

Equity method .

Consolidation method.

Fair value method.

Horizontal analysis

Vertical analysis

Ratio analysis

Trend analysis

Encrypted data cannot be locked to prevent further access

Default settings cannot be restored on the device.

All data, cannot be completely removed from the device

Mobile device management software is required for successful remote wipe

Cash payback technique.

Discounted cash flow technique: net present value.

Annual rate of return

Discounted cash flow technique: internal rate of return.

Shoulder suiting

Pharming,

Phishing.

Social engineering.

$20,000,000

$24.500.000

$30.000.000

$35.200.000

Restricting server room access to specific individuals

Housing servers with sensitive software away from environmental hazards

Ensuring that all user requirements are documented

Performing of intrusion testing on a regular basis

Process analysis

Process mining

Data analysis.

Data mining

Relationship with supervisor

Salary

Security.

Achievement

Ease of use.

Value to the business.

Intrusion prevention.

Ergonomic model.

A debit to office supplies on hand for S2.500

A debit to office supplies on hand for $11.500

A debit to office supplies on hand for $20,500

A debit to office supplies on hand for $42,500

Motion detectors.

Key card access to the facility.

Security cameras.

Monitoring access to data center workstations

It explains the assumption mat both costs and revenues are linear through the relevant range

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

Purchases bonds.

Receives interest.

Receives dividends

Sells bonds.

To protect the effective performance of IT general and application controls.

To regulate users' behavior it the web and cloud environment.

To prevent unauthorized access to information assets.

To secure application of protocols and authorization routines.

To verify that the application meets stated user requirements.

To verify that standalone programs match code specifications.

To verify that the application would work appropriately for the intended number of users.

To verify that all software and hardware components work together as intended.

Security.

Status.

Recognition.

Relationship with coworkers

Boundary defense

Malware defense.

Penetration tests

Wireless access controls

The organization sells inventory to an overseas subsidiary at fair value.

The local subsidiary purchases inventory at a discounted price.

The organization sells inventory to an overseas subsidiary at the original cost.

The local subsidiary purchases inventory at the depreciated cost.

Initiation phase.

Bidding phase

Development phase

Management phase

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences

Data is synchronized in real time

Recovery time is expected to be less than one week

Servers are not available and need to be procured

Recovery resources end data restore processes have not been defined.

Linking performance to profitability measures such as return on investment.

Linking performance to the stock price.

Linking performance to quotas such as units produced.

Linking performance to nonfinancial measures such as customer satisfaction and employees training

Lack of coordination among different business units

Operational decisions are inconsistent with organizational goals

Suboptimal decision making

Duplication of business activities