IIA-CIA-Part3-3P Exam Dumps - CIA Exam Part Three: Business Knowledge for Internal Auditing

Plenum.

Biometric lock.

Identification card.

Electromechanical lock.

Affective component.

Cognition component.

Thinking component.

Behavioral component.

Conduct a risk assessment regarding the effectiveness of the data analytics process.

Analyze possible and available sources of raw data

Define the purpose and the anticipated value

Select data for cleaning and normalization procedures.

Change management controls

Physical and environmental controls.

System software controls

Organization and management controls

Functional departmentalization.

Product departmentalization.

Matrix organization.

Divisional organization.

Management by objectives is most helpful in organizations that nave rapid changes.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

Management by objectives helps organizations to keep employees motivated.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

1 and 3

1 and 4

2 and 3

2 and 4

The degree of risk associated with a proposed change determines whether the change request requires authorization.

Program changes generally are developed and tested in the production environment.

Changes are only required by software programs.

To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.

An extranet

A local area network.

An intranet

The internet

Direct product costs

Indirect product costs

Direct period costs

Indirect period costs.

Cost X is a variable cost.

Cost X is a fixed cost.

Cost X is a semi-fixed cost.

Cost X and the value of Output Produced are unrelated.

The "Funds Needed" line will remain pointed upward, but will become less steep.

The "Funds Needed" line will remain pointed upward, but will become more steep.

The "Funds Needed" line will point downward with a minimal slope.

The "Funds Needed" line will point downward with an extreme slope.

Invest in marketing.

Invest in research and development.

Control costs.

Shift toward mass production.

1 and 3 only

2 and 4 only

1, 2, and 3 only

1, 2, and 4 only

Direct cutover.

Parallel.

Pilot.

Test.

Identifying risks to the organization's operations.

Observing and analyzing controls.

Prioritizing known risks.

Reviewing organizational objectives.

Both the key used to encrypt the data and the key used to decrypt the data are made public.

The key used to encrypt the data is kept private but the key used to decrypt the data is made public.

The key used to encrypt the data is made public but the key used to decrypt the data is kept private.

Both the key used to encrypt the data and the key used to decrypt the data are made private.

Dairy manufacturing company taking over a large dairy farm.

A movie producer acquires movie theaters.

A petroleum processing company acquires an agro-processing firm.

A baker taking over a competitor.

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

Marketing.

Finance.

Production.

Diversification.

Self control.

Power distance.

Masculinity versus femininity.

Uncertainty avoidance.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

Review the the call center script used by customer service agents to interact with callers and update the script rf necessary

De-emphasize the importance of call center employees completing a certain number of calls per hour

Retrain call center staff on area processes and common technical issues that they will Likely be asked to resolve

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

A clothing company designs makes and sells a new item.

A commercial constructor company is hired to build a warehouse.

A city department sets up a new firefighter training program.

A manufacturing organization acquires component parts from a contracted vendor

It values inventory close to current replacement cost.

It generates the highest profit when prices are rising.

It approximates the physical flow of goods.

It minimizes current-period income taxes.

Increase shareholder value.

Maximize market share.

Improve operational efficiency.

Mitigate losses.

Validation of the achievement of their goals and objectives.

Increased knowledge through the performance of additional tasks.

Support for personal growth and a meaningful work experience.

An increased opportunity to manage better the work done by their subordinates.

individual workstation computer controls are not as important as companywide server controls.

Particular attention should be paid to housing workstations away from environmental hazards.

Cybersecurity issues can be controlled at an enterprise level making workstation level controls

redundant

With security risks near an all-time high workstations should not be connected to the company network

The board has overall responsibility for the internal control processes associated with the CSR program.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with the CSR program.

The internal audit activity is responsible for ensuring that CSR principles are integrated into the

organization's policies and procedures.

Every employee has a responsibility for ensuring the success of the organization's CSR objectives.

Intranet.

Extranet.

Digital subscriber line.

Broadband.

Functional departmentalization.

Product departmentalization.

Matrix organization.

Divisional organization.

It would provide the ability to monitor in real-time.

It would assist in securing sensitive data.

It would help detect cyberattacks in a more timely fashion.

It would assist in ensuring that data integrity is maintained.

All financial budgets

All operating budgets

Only the cash budget and budgeted balance sheet

Only the sales and production budgets

First-in first-out method (FIFO)

Last-in first-out method (LIFO)

Specific identification method

Average-cost method

Avoidance.

Reduction.

Elimination.

Sharing.

1 and 2 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Borrowers may not sign all required mortgage loan documentation.

Fees paid by the borrower at the time of the loan may not be deposited in a timely manner.

The bank's loan documentation may not meet the government's disclosure requirements.

Loan officers may override the lending criteria established by senior management.

Observation.

Inspection.

Original cost.

Vouching.

2 only

3 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

7 percent simple interest with a 10 percent compensating balance.

7 percent simple interest paid at the end of each year.

7 percent discount interest.

7 percent compounding interest.

Decrease by about 17 percent.

Decrease by about 7 percent.

Increase by about 7 percent.

Increase by about 17 percent.

Motivation.

Performance.

Organizational structure.

Communication.

Government pressure on organizations to increase or maintain employment.

Production orientation of management.

Lack of credible market leader in the industry.

Company diversification.

Star network.

Bus network.

Token ring network.

Mesh network.

Interviewing the organization's employees.

Observing the organization's operations.

Reading the board's minutes.

Inspecting manuals and documents.

Filtering.

Communication overload.

Similar frames of reference.

Lack of source credibility.

Establishing risk category definitions and a common risk language for likelihood and impact measures.

Defining ERM roles and responsibilities.

Providing the board with an independent, objective risk perspective on financial reporting.

Guiding integration of ERM with other management activities.

Access is approved by the supervising manager.

User accounts specify expiration dates and are based on services provided.

Administrator access is provided for a limited period.

User accounts are deleted when the work is completed.

Determine the optimal amount of resources for the organization to invest in CSR.

Align CSR program objectives with the organization's strategic plan.

Integrate CSR activities into the organization's decision-making process.

Determine whether the organization has an appropriate policy governing its CSR activities.

Costs are affected by changes in activity only.

The behavior of costs and revenues is inverse.

When more than one type of product is sold, the sales mix changes.

Only variable costs have to be classified accurately.

All personal information, by definition is considered to be sensitive, requiring specialized controls.

Information is not considered personal if it can only be linked to or used to identify an individual indirectly.

Individuals who provide personal information to organizations share in the risk of inappropriate

disclosure.

Good protection controls remove any restrictions on the quantity of personal information that can be collected

Draft separate audit reports for business and IT management

Connect IT audit findings to business issues

Include technical details to support IT issues

Include an opinion on financial reporting accuracy and completeness

Visibility, validity, vulnerability

Velocity, variety volume.

Complexity completeness constancy

Continuity, control convenience

Less use of policies and procedures

Less organizational commitment by employees

Less emphasis on extrinsic rewards

Less employees turnover

Session hijacking.

Jailbreaking.

Eavesdropping.

Authentication.

Version control

Privacy

Portability

Secure authentication

Assigning new roles and responsibilities for senior IT management.

Growing use of bring your own devices tor organizational matters

Expansion of operations into new markets with united IT access

Hiring new personnel within the IT department tor security purposes

Develop and enforce change policies to ensure employees are continually trained.

Apply a risk-based approach and impose segregation of duties related to the change management process.

Conduct a high-level threat analysis and implement a compensating control.

Validate authorization, segregation of duties, testing of changes, and approval to move changes into production.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences but cannot be used to identify the absence of differences

The structure is dispersed geographically.

The hierarchy levels are more numerous.

The span of control is wide.

The lower-level managers are encouraged to exercise creativity when solving problems.

Operating system.

Control environment.

Network.

Application program code.

An employee receives an email that appears to be from the organization's bank, though it is not. The employee replies to the email and sends the requested confidential information.

An organization's website has been hacked. The hacker added political content that is not consistent with the organization's views.

An organization's systems have been compromised by malicious software. The software locks the organization's operating system until d ransom is paid.

An organization's communication systems have been intercepted. A communication session is controlled by an unauthorized third party.

Formulas and static data are locked or protected.

The spreadsheet is stored on a network server that is backed up daily.

The purpose and use of the spreadsheet are documented.

Check-in and check-out software is used to control versions.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

Review the password length, frequency of change, and list of users for the workstation's login process.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

To verify that the application meets staled user requirements.

To verify that standalone programs match code specifications.

To verify that me application would work appropriately for the intended number of users.

To verify that all software and hardware components work together as intended

Internally encrypted passwords

System access privileges.

Logon passwords

Protocol controls.

Resisting both internal and external distractions.

Waiting to review key concepts until the speaker has finished talking.

Tuning out messages that do not seem to fit the meeting purpose.

Factoring in biases in order to evaluate the information being given.

Antivirus software, firewall, data encryption.

Firewall, data encryption, backup procedures.

Antivirus software, firewall, backup procedures.

Antivirus software, data encryption, change logs.