IIA-CIA-Part3 Exam - Certified Internal Auditor - Part 3, Business Analysis and Information Technology

NEW QUESTION 1

An organization's headquarters is centrally located and the organization runs numerous computer applications in multiple sites. Which of the following would be the most appropriate approach for conducting an audit of the mainframe computer'

• A. Conduct an individual audit of the mainframe general controls and separate application control audits of the individual applications in a phased manner
• B. Conduct a single consolidated audit of both the mainframe general controls and the application controls for all of the applications that use the mainframe
• C. Conduct individual audits of each application and include in each audit the general controls of the mainframe relevant to the individual application
• D. Conduct a series of location-based audits that cover both the general and application IT controls m an systems across the location

Answer: A

NEW QUESTION 2

Which of the following are likely indicators of ineffective change management?
* 1. IT management is unable to predict how a change will impact interdependent systems or business processes.
* 2. There have been significant increases in trouble calls or in support hours logged by programmers.
* 3. There is a lack of turnover in the systems support and business analyst development groups.
* 4. Emergency changes that bypass the normal control process frequently are deemed necessary.

• A. 1 and 3 only
• B. 2 and 4 only
• C. 1, 2, and 4 only
• D. 1, 2, 3, and 4

Answer: C

NEW QUESTION 3

An organization has instituted a bring-your-own-device (BYOD) work environment Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

• A. Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.
• B. Ensure that relevant access to key applications is strictly controlled through an approval and review process
• C. Institute detection and authentication controls for all devices used for network connectivity and data storage
• D. Use management software to scan and then prompt patch reminders when devices connect to the network

Answer: D

NEW QUESTION 4

A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital's patient records information system. From the hospital management's perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement^

• A. Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current legislation requirements in both regions.
• B. Include a "right to audit" clause in the contract and impose detailed security obligations on the outsourced vendor
• C. Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services
• D. Develop an incident monitoring and response plan to track breaches from internal and external sources

Answer: A

NEW QUESTION 5

What is the most significant potential problem introduced by just-in-time inventory systems?

• A. They require significant computer resources.
• B. They are susceptible to supply-chain disruptions.
• C. They require complicated materials-supply contracts.
• D. They prevent manufacturers from scaling up or down to meet changing demands.

Answer: B

NEW QUESTION 6

According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?
* 1. Every employee generally has a responsibility for ensuring the success of CSR objectives.
* 2. The board has overall responsibility for the effectiveness of internal control processes associated with CSR.
* 3. Public reporting on the CSR governance process is expected.
* 4. Organizations generally have flexibility regarding what is included in a CSR program.

• A. 1, 2, and 3 only
• B. 1, 2, and 4 only
• C. 1, 3, and 4 only
• D. 2, 3, and 4 only

Answer: B

NEW QUESTION 7

An internationally recognized brand name is an entrance barrier to new competitors because new competitors would:

• A. Have to initiate a price war in order to enter the industry.
• B. Face increased production costs.
• C. Face increased marketing costs.
• D. Face higher learning costs, which would increase fixed costs.

Answer: C

NEW QUESTION 8

Which of the following should be included m a company's year-end inventory valuation?

• A. Company goods that were sold during the year free on board shipping point that have been shipped but not yet received by the customer
• B. Goods purchased by the company free on board destination mat have not yet been received
• C. Goods on consignment, which the company is trying to sell for its customers
• D. Company goods tor sale on consignment at a consignment shop

Answer: A

NEW QUESTION 9

Which of the following methods is most closely associated to year over year trends?

• A. Horizontal analysis
• B. Vertical analysis
• C. Common-size analysis
• D. Ratio analysis

Answer: A

NEW QUESTION 10

In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?

• A. It uses the same products in all countries.
• B. It centralizes control with little decision-making authority given to the local level.
• C. It is an effective strategy when large differences exist between countries.
• D. It provides cost advantages, improves coordinated activities, and speeds product development.

Answer: C

NEW QUESTION 11

In the current year, a merchandising organization had an inventory turnover ratio of 3.0, which was less than the industry average of 6.5. Which of the following offers the most likely explanation for this difference?

• A. The organization has understated the amount of inventory in its financial statements
• B. The organization has overstated the cost of purchases in its financial statements.
• C. The organization is holding obsolete or damaged items in its inventory
• D. The organization experienced an unexpectedly large increase in sales shortly before year end.

Answer: C

NEW QUESTION 12

A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:

• A. Adequate segregation of duties between data processing controls and file security controls.
• B. Documented procedures for remote job entry and for local data file retention.
• C. Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
• D. Established procedures to prevent and detect unauthorized changes to data files.

Answer: B

NEW QUESTION 13

Which of the following types of analytics focuses less on analysis and more on condensing data into mote meaningful pieces of information?

• A. Diagnostic analytics
• B. Descriptive analytics
• C. Prescriptive analytics
• D. Predictive analytics

Answer: C

NEW QUESTION 14

Which of the following borrowing options is an unsecured loan?

• A. Second-mortgage financing from a bank.
• B. An issue of commercial paper.
• C. Pledged accounts receivable.
• D. Asset-based financing.

Answer: B

NEW QUESTION 15

Which of the following control features consists of a set of authorization codes that distinguishes among actions such as reading, adding, and deleting records?

• A. Internally encrypted passwords
• B. System access privileges.
• C. Logon passwords
• D. Protocol controls.

Answer: B

NEW QUESTION 16

During a review of a web-based application used by customers to check the status of their bank accounts, it would be most important for the internal auditor to ensure that:

• A. Access to read application logs is restricted to authorized users.
• B. Account balance information is encrypted in the database.
• C. The web server used to host the application is located in a physically secure area.
• D. Sensitive data, such as account numbers, are submitted using encrypted communications.

Answer: D

NEW QUESTION 17

Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?
* 1. Evaluate the business continuity plans for adequacy and currency.
* 2. Prepare a business impact analysis regarding the loss of critical business.
* 3. Identify key personnel who will be required to implement the plans.
* 4. Identify and prioritize the resources required to support critical business processes.

• A. 1 only
• B. 2 and 4 only
• C. 1, 3, and 4 only
• D. 1, 2, 3, and 4

Answer: A

NEW QUESTION 18

Based on lest results an IT auditor concluded that the organization would suffer unacceptable toss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

• A. Requested backup tapes were not returned from the offsite vendor in a timely manner
• B. Returned backup tapes from the offsite vendor contained empty spaces
• C. Critical systems have been Backed up more frequently than required.
• D. Critical system backup tapes are taken off site less frequently than required.

Answer: D

NEW QUESTION 19

Which of the following re a result of implementing an e-commerce system, which relies heavily on electronic data interchange and electronic funds transfer, for purchasing and billing?

• A. Higher cash flow and treasury balances
• B. Higher inventory balances
• C. Higher accounts receivable
• D. Higher accounts payable

Answer: C

NEW QUESTION 20

The balanced scorecard approach differs from traditional performance measurement approaches because it adds which of the following measures?
* 1. Financial measures
* 2. Internal business process measures.
* 3. Client satisfaction measures
* 4. Innovation and learning measures

• A. 1 only.
• B. 2 and 4 only.
• C. 3 and 4 only.
• D. 2, 3, and 4 only

Answer: D

NEW QUESTION 21
......