IIA-CIA-Part3 Exam - Certified Internal Auditor - Part 3, Business Analysis and Information Technology

NEW QUESTION 1

An internal auditor is investigating a potential fraudulent activity. What is the first test the auditor should perform on the transaction data under scrutiny?

• A. Digital analysis for statistically unlikely occurrences that may indicate system tampering.
• B. Verification of the completeness and integrity of the obtained data.
• C. Detailed review of the data contents to strategize the best analytical techniques.
• D. Calculation of statistical parameters to identify outliers requiring further scrutiny.

Answer: B

NEW QUESTION 2

Which of the following price adjustment strategies encourages prompt payment?

• A. Cash discounts.
• B. Quantity discounts.
• C. Functional discounts.
• D. Seasonal discounts.

Answer: A

NEW QUESTION 3

The critical path for any project is the path that exhibits which of the following characteristics?

• A. Has the longest duration in time.
• B. Costs the most money.
• C. Requires the largest amount of labor
• D. Is deemed most important to the project.

Answer: A

NEW QUESTION 4

Which of the following statements is correct regarding risk analysis?

• A. The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.
• B. The highest risk assessment should always be assigned to the area with the largest potential loss.
• C. The highest risk assessment should always be assigned to the area with the highest probability of occurrence.
• D. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

Answer: A

NEW QUESTION 5

An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement. Which of the following approaches is most appropriate to address this concern?

• A. The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.
• B. The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.
• C. The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.
• D. The organization should work with the service provider to review the current agreement and expectations relating to objectives, processes, and overall performance.

Answer: B

NEW QUESTION 6

Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?

• A. Star network.
• B. Bus network.
• C. Token ring network.
• D. Mesh network.

Answer: C

NEW QUESTION 7

Which of the following data security policies is most likely to be the result of a data privacy law?

• A. Access to personally identifiable information is limited to those who need it to perform their job.
• B. Confidential data must be backed up and recoverable within a 24-hour period.
• C. Updates to systems containing sensitive data must be approved before being moved to production.
• D. A record of employees with access to insider information must be maintained and those employees may not trade company stock during blackout periods

Answer: A

NEW QUESTION 8

Which of the following risks would involve individuals attacking an oil company's IT system as a sign of solidarity against drilling in a focal area?

• A. Tampering
• B. Hacking
• C. Phishing
• D. Piracy

Answer: B

NEW QUESTION 9

Which of the following statements is true regarding the "management-by-objectives" method?

• A. Management by objectives is most helpful in organizations that nave rapid changes.
• B. Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.
• C. Management by objectives helps organizations to keep employees motivated.
• D. Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Answer: C

NEW QUESTION 10

An internal auditor is assessing the risks related to an organization's mobile device pokey She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems Which of the following types of smart device risks should the internal auditor be most concerned about'

• A. Compliance
• B. Privacy
• C. Strategic
• D. Physical security.

Answer: A

NEW QUESTION 11

Which of the following is not a method for implementing a new application system?

• A. Direct cutover.
• B. Parallel.
• C. Pilot.
• D. Test.

Answer: D

NEW QUESTION 12

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?

• A. A star
• B. A cash cow
• C. A Question mark
• D. A dog

Answer: B

NEW QUESTION 13

Which of the following are appropriate reasons for internal auditors to document processes as part of an audit engagement?
* 1. To determine areas of primary concern.
* 2. To establish a standard format for process mapping.
* 3. To define areas of responsibility within the organization.
* 4. To assess the performance of employees.

• A. 1 and 2 only
• B. 1 and 3 only
• C. 2 and 3 only
• D. 2 and 4 only

Answer: B

NEW QUESTION 14

According to HA guidance or IT which of the following spreadsheets is most likely to be considered a high-risk user-develop application?

• A. A revenue calculation spreadsheet supported with price and volume reports from the production department
• B. An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions
• C. An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantitates
• D. An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances.

Answer: B

NEW QUESTION 15

An organization has started allowing employees to use their personal smart devices to accept vendor payments. What should the organization's bring-your-own-device (BYOD) policy include to specifically address security and privacy required by the Payment Card Data Security Standard (PCI DSS)?

• A. Approved devices
• B. Mobile applications
• C. Data storage.
• D. Backups and transfers

Answer: C

NEW QUESTION 16

Which of the following budgets serves as a basis for the budgeted income statement?

• A. All financial budgets
• B. All operating budgets
• C. Only the cash budget and budgeted balance sheet
• D. Only the sales and production budgets

Answer: B

NEW QUESTION 17

An organization is considering the outsourcing of its business processes related to payroll and information technology functions. Which of the following is the most significant area of concern for management regarding this proposed agreement?

• A. Ensuring that payments to the vendor are appropriate and timely for the services delivered.
• B. Ensuring that the vendor has complete management control of the outsourced process.
• C. Ensuring that there are means of monitoring the efficiency of the outsourced process.
• D. Ensuring that there are means of monitoring the effectiveness of the outsourced process.

Answer: D

NEW QUESTION 18

The main reason to establish internal controls in an organization is to:

• A. Encourage compliance with policies and procedures.
• B. Safeguard the resources of the organization.
• C. Ensure the accuracy, reliability, and timeliness of information.
• D. Provide reasonable assurance on the achievement of objectives.

Answer: D

NEW QUESTION 19

Which of the following is most important for an internal auditor to check with regard to the database version?

• A. Verify whether the organization uses the most recent database software version
• B. Verify whether the database software version is supported by the vendor.
• C. Verify whether the database software version has been recently upgraded
• D. Verify whether access to database version information is appropriately restricted

Answer: B

NEW QUESTION 20

Which of the following budgets must be prepared first?

• A. Cash budget.
• B. Production budget.
• C. Sales budget.
• D. Selling and administrative expenses budget.

Answer: C

NEW QUESTION 21
......