IIA-CIA-Part3 Business Knowledge for Internal Auditing Questions and Answers

Income statement accounts.

Balance sheet accounts.

Permanent accounts.

Real accounts.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

The spam filter removed Incoming communication that included certain keywords and domains.

The spam filter deleted commercial ads automatically, as they were recognized as unwanted.

The spam filter routed to the "junk|r folder a newsletter that appeared to include links to fake websites.

The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.

Descriptive.

Diagnostic.

Prescriptive.

Prolific.

Application program code.

Database system.

Operating system.

Networks.

Lower costs.

Slower decision making at the senior executive level.

Limited creative freedom in lower-level managers.

Senior-level executives more focused on short-term, routine decision making

Greater cost-effectiveness

Increased economies of scale

Larger talent pool

Strong internal controls

It can restore default settings and lock encrypted data when necessary.

It enables the erasure and reformatting of secure digital (SD) cards.

It can delete data backed up to a desktop for complete protection if required.

It can wipe data that is backed up via cloud computing

Last-in-first-Out (LIFO}.

Average cost.

First-in-first-out (FIFO).

Specific identification

Facial comparison using photo identification.

Signature comparison.

Voice comparison.

Retinal print comparison.

Top management does little monitoring of the decisions made at lower levels.

The decisions made at the lower levels of management are considered very important.

Decisions made at lower levels in the organizational structure are few.

Reliance is placed on top management decision making by few of the organization's departments.

Scope change requests are reviewed and approved by a manager with a proper level of authority.

Cost overruns are reviewed and approved by a control committee led by the project manager.

There is a formal quality assurance process to review scope change requests before they are implemented

There is a formal process to monitor the status of the project and compare it to the cost baseline

1 and 3 only

1 and 4 only

2 and 3 only

3 and 4 only

Infrastructure as a Service (laaS).

Platform as a Service (PaaS).

Enterprise as a Service (EaaS).

Software as a Service (SaaS).

The user's facial geometry and voice recognition.

The user's password and a separate passphrase.

The user's key fob and a smart card.

The user's fingerprint and a personal Identification number.

Application program code

Database system

Operating system

Networks

Authorization

Architecture model

Firewall

Virtual private network

Variable entity approach.

Control ownership.

Risk and reward.

Voting interest.

To inform the classification of the data population.

To determine the completeness and accuracy of the data.

To identify whether the population contains outliers.

To determine whether duplicates in the data inflate the range.

To ensure availability of production facilities.

To decrease direct expenses related to production.

To incur stable costs despite operating capacity.

To increase the total unit cost under absorption costing

Cost of sales and net income are understated.

Cost of sales and net income are overstated.

Cost of sales is understated and not income is overstated.

Cost of sales is overstated and net Income is understated.

Restricting server room access to specific individuals

Housing servers with sensitive software away from environmental hazards

Ensuring that all user requirements are documented

Performing of intrusion testing on a regular basis

Shoulder suiting

Pharming,

Phishing.

Social engineering.

On site.

Cold site.

Hot site.

Warm site

At the value agreed upon by the partners.

At book value.

At fair value

At the original cost.

A potential assessment of additional income tax.

Possible product warranty costs.

The threat of a lawsuit by a competitor.

The remote possibility of a contract breach.

Rooting.

Eavesdropping.

Man in the middle.

Session hijacking.

Predictive analytics.

Prescriptive analytics.

Descriptive analytics.

Diagnostic analytics.

A retina characteristics reader

A P3M code reader

A card-key scanner

A fingerprint scanner

Liquidity

Profitability

Solvency

Efficiency

It calculates the overall value of a project.

It ignores the time value of money.

It calculates the time a project takes to break even.

It begins at time zero for the project.

Articulation of the data

Availability of the data.

Measurability of the data

Relevance of the data.

The company's code of ethics.

The third-party management risk register.

The signed service-level agreement.

The subcontractors' annual satisfaction survey.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.

Collections from customers

Sale of securities.

Purchase of trucks.

Payment of debt, including interest

UDAs are less flexible and more difficult to configure than traditional IT applications.

Updating UDAs may lead to various errors resulting from changes or corrections.

UDAs typically are subjected to application development and change management controls.

Using UDAs typically enhances the organization's ability to comply with regulatory factors.

The auditor eliminated duplicate information.

The auditor organized data to minimize useless information.

The auditor made data usable for a specific purpose by ensuring that anomalies were Identified and corrected.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

To ensure data processing is complete, accurate, and authorized.

To ensure data being processed remains consistent and intact.

To monitor the effectiveness of other controls

To ensure the output aligns with the intended result.

Preventing database administrators from initiating program changes

Blocking technicians from getting into the network room.

Restricting system programmers' access to database facilities

Using encryption for data transmitted over the public internet

Diversification

Vertical integration

Risk avoidance

Differentiation

The organization sells inventory to an overseas subsidiary at fair value.

The local subsidiary purchases inventory at a discounted price.

The organization sells inventory to an overseas subsidiary at the original cost.

The local subsidiary purchases inventory at the depreciated cost.

Initiation phase.

Bidding phase

Development phase

Management phase

That those employees who do not consent to MDM software cannot have an email account.

That personal data on the device cannot be accessed and deleted by system administrators.

That monitoring of employees' online activities is conducted in a covert way to avoid upsetting them.

That employee consent includes appropriate waivers regarding potential breaches to their privacy.

Compare to the annual cost of capital

Compare to the annual interest data.

Compare to the required rate of return.

Compare to the net present value.

Key performance indicators.

Reports of software customization.

Change and patch management.

Master data management

Nondisclosure agreements between the firm and its employees.

Logs of user activity within the information system.

Two-factor authentication for access into the information system.

limited access so information, based on employee duties

Linking performance to profitability measures such as return on investment.

Linking performance to the stock price.

Linking performance to quotas such as units produced.

Linking performance to nonfinancial measures such as customer satisfaction and employees training

he organization's operating expenses are increasing.

The organization has adopted just-in-time inventory.

The organization is experiencing inventory theft.

The organization's inventory is overstated.