Question 1

An organization uses a database management system (DBMS) as a repository

for data. The DBMS, in turn, supports a number of end-user developed
applications which were created using fourth-generation programming
languages. Some of the applications update the database. Which of the
following is the most important control related to the integrity of the data in
the database?

 A. End users have their read-only applications approved by the

information systems department before accessing the database.
 B. Concurrency update controls are in place.
 C. End-user applications are developed on personal computers before
being implemented on the mainframe.
 D. A hierarchical database model is adopted so that multiple users can
be served at the same time.

Expose Correct Answer

Answer : B

Next Question

Question 2

Which of the following is not a method for implementing a new application

system?

 A. Direct cutover.
 B. Parallel.
 C. Pilot.
 D. Test.

Expose Correct Answer

Answer : D

Next Question

Question 3

One change control function that is required in client/server environments, but

is not required in mainframe environments, is to ensure that:
  A. Program versions are synchronized across the network.
 B. Emergency move procedures are documented and followed.
 C. Appropriate users are involved in program change testing.
 D. Movement from the test library to the production library is controlled.

Expose Correct Answer

Answer : A

Next Question

Question 4

A key advantage of developing a computer application by using the prototyping

approach is that it:

 A. Does not require testing for user acceptance.

 B. Allows applications to be portable across multiple system platforms.
 C. Is less expensive since it is self-documenting.
 D. Better involves users in the design process.

Expose Correct Answer

Answer : D

Next Question

Question 5

Which of the following is a disadvantage of selecting a commercial software

package rather than developing an application internally?

 A. Lack of flexibility.
 B. Incompatibility with client/server technology.
 C. Employee resistance to change.
 D. Inadequate technical support.

Expose Correct Answer

Answer : A

Next Question

Question 6

A software that translates hypertext markup language (HTML) documents and

allows a user to view a remote web page is called:
  A. A transmission control protocol/Internet protocol (TCP/IP).
 B. An operating system.
 C. A web browser.
 D. A web server.

Expose Correct Answer

Answer : C

Next Question

Question 7

The first step in determining product price is:

 A. Determining the cost of the product.

 B. Developing pricing objectives.
 C. Evaluating prices set by the competitors.
 D. Selecting a pricing method.

Expose Correct Answer

Answer : B

Next Question

Question 8

The activity that involves a trial run of a product in a typical segment of the
market before proceeding to a national launch is referred to as:

 A. Test marketing
 B. Experimentation
 C. Segmentation
 D. Positioning

Expose Correct Answer

Answer : A

Next Question

Question 9

Which of the following best describes the concept of relevant cost?

 A. A future cost that is the same among alternatives.

 B. A future cost that differs among alternatives.
  C. A past cost that is the same among alternatives.
 D. A past cost that differs among alternatives.

Expose Correct Answer

Answer : B

Next Question

Question 10

Which of the following statements pertaining to a market skimming pricing

strategy is not true?

 A. The strategy is favored when unit costs fall with the increase in units
produced.
 B. The strategy is favored when buyers are relatively insensitive to price
increases.
 C. The strategy is favored when there is insufficient market capacity and
competitors cannot increase market capacity.
 D. The strategy is favored when high price is perceived as high quality.

Expose Correct Answer

Answer : A

Next Question

Question 11

Which of the following statements is true regarding the use of public key
encryption to secure data while it is being transmitted across a network?

 A. Both the key used to encrypt the data and the key used to decrypt the
data are made public.
 B. The key used to encrypt the data is kept private but the key used to
decrypt the data is made public.
 C. The key used to encrypt the data is made public but the key used to
decrypt the data is kept private.
 D. Both the key used to encrypt the data and the key used to decrypt the
data are made private.

Expose Correct Answer

Answer : C

Next Question
Question 12

The market price is the most appropriate transfer price to be charged by one
department to another in the same organization for a service provided when:

 A. There is an external market for that service.

 B. The selling department operates at 50 percent of its capacity.
 C. The purchasing department has more negotiating power than the
selling department.
 D. There is no external market for that service.

Expose Correct Answer

Answer : A

Next Question

Question 13

Which of the following is a type of network in which an organization permits

specific users (such as existing customers) to have access to its internal
network through the Internet by building a virtual private network?

 A. Intranet.
 B. Extranet.
 C. Digital subscriber line.
 D. Broadband.

Expose Correct Answer

Answer : B

Next Question

Question 14

During the last year, an organization had an opening inventory of $300,000,

purchases of $980,000, sales of $1,850,000, and a gross margin of 40 percent.
What is the closing inventory if the periodic inventory system is used?

 A. $170,000
 B. $280,000
 C. $300,000
 D. $540,000

Expose Correct Answer

Answer : A
Next Question

Question 15

Which of the following describes the free trade zone in an e-commerce

environment?

 A. Zone that separates an organization's servers from outside forces.

 B. Area in which messages are scrutinized to determine if they are
authorized.
 C. Area where communication and transactions occur between trusted
parties.
 D. Zone where data is encrypted, users are authenticated, and user
traffic is filtered.

Expose Correct Answer

Answer : C

Question 11 ( Single Topic)

During a review of a web-based application used by customers to check the status of their bank
accounts, it would be most important for the internal auditor to ensure that:

 A. Access to read application logs is restricted to authorized users.

 B. Account balance information is encrypted in the database.
 C. The web server used to host the application is located in a physically secure area.
 D. Sensitive data, such as account numbers, are submitted using encrypted communications.

Expose Correct Answer

Answer : D

Next Question

Question 12 ( Single Topic)

Which of the following steps should an internal auditor take during an audit of an organization's
business continuity plans?
1. Evaluate the business continuity plans for adequacy and currency.
2. Prepare a business impact analysis regarding the loss of critical business.
3. Identify key personnel who will be required to implement the plans.
4. Identify and prioritize the resources required to support critical business processes.

 A. 1 only
 B. 2 and 4 only
  C. 1, 3, and 4 only
 D. 1, 2, 3, and 4

Expose Correct Answer

Answer : A

Next Question

Question 13 ( Single Topic)

Which of the following engagement observations would provide the least motivation for
management to amend or replace an existing cost accounting system?

 A. The distorted unit cost of a service is 50 percent lower than the true cost, while the true
cost is 50 percent higher than the competition's cost.
 B. The organization is losing $1,000,000 annually because it incorrectly outsourced an
operation based on information from its current system.
 C. The cost of rework, hidden by the current system, is 50 percent of the total cost of all
services.
 D. 50 percent of total organizational cost has been allocated on a volume basis.

Expose Correct Answer

Answer : D

Next Question

Question 14 ( Single Topic)

Which of the following control techniques would minimize the risk of interception during
transmission in an electronic data interchange system?
1. Encryption.
2. Traffic padding.
3. Edit checks.
4. Structured data format.

 A. 1 and 2 only
 B. 2 and 3 only
 C. 3 and 4 only
 D. 1, 2, and 3 only

Expose Correct Answer

Answer : A

Next Question
Question 15 ( Single Topic)

For an engineering department with a total quality management program, important elements of
quality management include all of the following except:

 A. Basing performance evaluations on the number of projects completed.

 B. Comparing results with those of other engineering departments.
 C. Creating a quality council within the engineering department.
 D. Conducting post-project surveys on performance.

Expose Correct Answer

Answer : A

Next Question

Question 16 ( Single Topic)

Refer to the exhibit.

The figure below shows the network diagram for the activities of a large project. What is the
shortest number of days in which the project can be completed?

 A. 21 days.
 B. 22 days.
 C. 27 days.
 D. 51 days.

Expose Correct Answer

Answer : C

Next Question

Question 17 ( Single Topic)

Which of the following is a characteristic of just-in-time inventory management systems?

 A. Users determine the optimal level of safety stocks.

 B. They are applicable only to large organizations.
  C. They do not really increase overall economic efficiency because they merely shift
inventory levels further up the supply chain.
 D. They rely heavily on high quality materials.

Expose Correct Answer

Answer : D

Next Question

Question 18 ( Single Topic)

The economic order quantity for inventory is higher for an organization that has:

 A. Lower annual unit sales.

 B. Higher fixed inventory ordering costs.
 C. Higher annual carrying costs as a percentage of inventory value.
 D. A higher purchase price per unit of inventory.

Expose Correct Answer

Answer : B

Next Question

Question 19 ( Single Topic)

What must be monitored in order to manage risk of consumer product inventory obsolescence?
1. Inventory balances.
2. Market share forecasts.
3. Sales returns.
4. Sales trends.

 A. 1 only
 B. 4 only
 C. 1 and 4 only
 D. 1, 2, and 3 only

Expose Correct Answer

Answer : C

Next Question

Question 20 ( Single Topic)

The percentage of sales method, rather than the percentage of receivables method, would be used to
estimate uncollectible accounts if an organization seeks to:
  A. Use an aging schedule to more closely estimate uncollectible accounts.
 B. Eliminate the need for an allowance for doubtful accounts.
 C. Emphasize the accuracy of the net realizable value of the receivables on the balance
sheet.
 D. Use a method that approximates the matching principle.

Expose Correct Answer

Answer : D

Next Question
Page: 2 / 63
Exam contains 621 questions

Question 21 ( Single Topic)

Preferred stock is less risky for investors than is common stock because:

 A. Common stock pays dividends as a stated percentage of face value.

 B. Common stock has priority over preferred stock with regard to
earnings and assets.
 C. Preferred dividends are usually cumulative.
 D. Preferred stock with no conversion feature has a higher dividend yield
than does convertible preferred stock.

Expose Correct Answer

Answer : C

Next Question

Question 22 ( Single Topic)

Which of the following borrowing options is an unsecured loan?

 A. Second-mortgage financing from a bank.

 B. An issue of commercial paper.
 C. Pledged accounts receivable.
 D. Asset-based financing.

Expose Correct Answer

Answer : B

Next Question
Question 23 ( Single Topic)

In an analysis of alternative credit-management policies, which of the following

components will cause the net present value of receivables on credit sales to
increase, if everything else remains constant?

 A. A tougher collections policy that reduces the bad debt loss ratio.
 B. A higher cost per unit sold.
 C. A longer average collection period.
 D. An increase in the cost of capital.

Expose Correct Answer

Answer : A

Next Question

Question 24 ( Single Topic)

Which of the following budgets must be prepared first?

 A. Cash budget.
 B. Production budget.
 C. Sales budget.
 D. Selling and administrative expenses budget.

Expose Correct Answer

Answer : C

Next Question

Question 25 ( Single Topic)

Which of the following performance measures would be appropriate for

evaluating an investment center, which has responsibility for its revenues,
costs, and investment base, but would not be appropriate for evaluating cost,
revenue, or profit centers?

 A. A flexible budget.
 B. Variance analysis.
 C. A contribution margin income statement by segment.
 D. Residual income.

Expose Correct Answer

Answer : D
Next Question

Question 26 ( Single Topic)

A capital investment project will have a higher net present value, everything
else being equal, if it has:

 A. A higher initial investment level.

 B. A higher discount rate.
 C. Cash inflows that are larger in the later years of the life of the project.
 D. Cash inflows that are larger in the earlier years of the life of the
project.

Expose Correct Answer

Answer : D

Next Question

Question 27 ( Single Topic)

All of the following are possible explanations for a significant unfavorable

material efficiency variance except:

 A. Cutbacks in preventive maintenance.

 B. An inadequately trained and supervised labor force.
 C. A large number of rush orders.
 D. Production of more units than planned for in the master budget.

Expose Correct Answer

Answer : D

Next Question

Question 28 ( Single Topic)

An organization is projecting sales of 100,000 units, at a unit price of $12. Unit

variable costs are $7. If fixed costs are $350,000, what is the projected total
contribution margin?

 A. $350,000
 B. $500,000
 C. $850,000
 D. $1,200,000

Expose Correct Answer

Answer : B

Next Question

Question 29 ( Single Topic)

When applied to international economics, the theory of comparative advantage

proposes that total worldwide output will be greatest when:

 A. Each nation's total imports approximately equal its total exports.

 B. Each good is produced by the nation that has the lowest opportunity
cost for that good.
 C. Goods that contribute to a nation's balance-of-payments deficit are no
longer imported.
 D. International trade is unrestricted and tariffs are not imposed.

Expose Correct Answer

Answer : B

Next Question

Question 30 ( Single Topic)

A brand manager in a consumer food products organization suspected that

several days of the point-of-sale data on the spreadsheet from one grocery
chain were missing. The best approach for detecting missing rows in
spreadsheet data would be to:

 A. Sort on product identification code and identify missing product

identification codes.
 B. Review store identification code and identify missing product
identification codes.
 C. Compare product identification codes for consecutive periods.
 D. Compare product identification codes by store for consecutive
periods.

Expose Correct Answer

Answer : D

Question 31 ( Single Topic)

Next Question

Page: 3 / 63
Exam contains 621 questions
Q's per page:

An organization uses a database management system (DBMS) as a repository

for data. The DBMS, in turn, supports a number of end-user developed
applications which were created using fourth-generation programming
languages. Some of the applications update the database. Which of the
following is the most important control related to the integrity of the data in
the database?

 A. End users have their read-only applications approved by the

information systems department before accessing the database.
 B. Concurrency update controls are in place.
 C. End-user applications are developed on personal computers before
being implemented on the mainframe.
 D. A hierarchical database model is adopted so that multiple users can
be served at the same time.

Expose Correct Answer

Answer : B

Next Question

Question 32 ( Single Topic)

Which of the following is not a method for implementing a new application

system?

 A. Direct cutover.
 B. Parallel.
 C. Pilot.
 D. Test.

Expose Correct Answer

Answer : D

Next Question

Question 33 ( Single Topic)

One change control function that is required in client/server environments, but

is not required in mainframe environments, is to ensure that:

 A. Program versions are synchronized across the network.

 B. Emergency move procedures are documented and followed.
 C. Appropriate users are involved in program change testing.
 D. Movement from the test library to the production library is controlled.
Expose Correct Answer
Answer : A

Next Question

Question 34 ( Single Topic)

A key advantage of developing a computer application by using the prototyping

approach is that it:

 A. Does not require testing for user acceptance.

 B. Allows applications to be portable across multiple system platforms.
 C. Is less expensive since it is self-documenting.
 D. Better involves users in the design process.

Expose Correct Answer

Answer : D

Next Question

Question 35 ( Single Topic)

Which of the following is a disadvantage of selecting a commercial software

package rather than developing an application internally?

 A. Lack of flexibility.
 B. Incompatibility with client/server technology.
 C. Employee resistance to change.
 D. Inadequate technical support.

Expose Correct Answer

Answer : A

Next Question

Question 36 ( Single Topic)

A software that translates hypertext markup language (HTML) documents and

allows a user to view a remote web page is called:

 A. A transmission control protocol/Internet protocol (TCP/IP).

 B. An operating system.
 C. A web browser.
 D. A web server.
Expose Correct Answer
Answer : C

Next Question

Question 37 ( Single Topic)

The first step in determining product price is:

 A. Determining the cost of the product.

 B. Developing pricing objectives.
 C. Evaluating prices set by the competitors.
 D. Selecting a pricing method.

Expose Correct Answer

Answer : B

Next Question

Question 38 ( Single Topic)

The activity that involves a trial run of a product in a typical segment of the
market before proceeding to a national launch is referred to as:

 A. Test marketing
 B. Experimentation
 C. Segmentation
 D. Positioning

Expose Correct Answer

Answer : A

Next Question

Question 39 ( Single Topic)

Which of the following best describes the concept of relevant cost?

 A. A future cost that is the same among alternatives.

 B. A future cost that differs among alternatives.
 C. A past cost that is the same among alternatives.
 D. A past cost that differs among alternatives.
Expose Correct Answer
Answer : B

Next Question

Question 40 ( Single Topic)

Which of the following statements pertaining to a market skimming pricing

strategy is not true?

 A. The strategy is favored when unit costs fall with the increase in units
produced.
 B. The strategy is favored when buyers are relatively insensitive to price
increases.
 C. The strategy is favored when there is insufficient market capacity and
competitors cannot increase market capacity.
 D. The strategy is favored when high price is perceived as high quality.

Expose Correct Answer

Answer : A

Next Question
Page: 4 / 63
Exam contains 621 questions
Q's per page:

Question 41 ( Single Topic)

Which of the following statements is true regarding the use of public key
encryption to secure data while it is being transmitted across a network?

 A. Both the key used to encrypt the data and the key used to decrypt the
data are made public.
 B. The key used to encrypt the data is kept private but the key used to
decrypt the data is made public.
 C. The key used to encrypt the data is made public but the key used to
decrypt the data is kept private.
 D. Both the key used to encrypt the data and the key used to decrypt the
data are made private.

Expose Correct Answer

Answer : C

Next Question

Question 42 ( Single Topic)

The market price is the most appropriate transfer price to be charged by one
department to another in the same organization for a service provided when:

 A. There is an external market for that service.

 B. The selling department operates at 50 percent of its capacity.
 C. The purchasing department has more negotiating power than the
selling department.
 D. There is no external market for that service.

Expose Correct Answer

Answer : A

Next Question

Question 43 ( Single Topic)

Which of the following is a type of network in which an organization permits

specific users (such as existing customers) to have access to its internal
network through the Internet by building a virtual private network?

 A. Intranet.
 B. Extranet.
 C. Digital subscriber line.
 D. Broadband.

Expose Correct Answer

Answer : B

Next Question

Question 44 ( Single Topic)

During the last year, an organization had an opening inventory of $300,000,

purchases of $980,000, sales of $1,850,000, and a gross margin of 40 percent.
What is the closing inventory if the periodic inventory system is used?

 A. $170,000
 B. $280,000
 C. $300,000
 D. $540,000

Expose Correct Answer

Answer : A

Next Question
Question 45 ( Single Topic)

Which of the following describes the free trade zone in an e-commerce

environment?

 A. Zone that separates an organization's servers from outside forces.

 B. Area in which messages are scrutinized to determine if they are
authorized.
 C. Area where communication and transactions occur between trusted
parties.
 D. Zone where data is encrypted, users are authenticated, and user
traffic is filtered.

Expose Correct Answer

Answer : C

Next Question

Question 46 ( Single Topic)

An organization produces two products, X and Y. The materials used for the
production of both products are limited to 500 kilograms (kg) per month. All
other resources are unlimited and their costs are fixed. Individual product
details are as follows:

Product X -

Product Y -

Selling price per unit -

$10
$13
Materials per unit (at $1/kg)
2 kg
6 kg

Monthly demand -
100 units
120 units
In order to maximize profit, how much of product Y should the organization
produce each month?

 A. 50 units.
 B. 60 units.
 C. 100 units.
 D. 120 units.
Expose Correct Answer
Answer : A

Next Question

Question 47 ( Single Topic)

Which of the following is useful for forecasting the required level of inventory?
1. Statistical modeling.
2. Information about seasonal variations in demand.
3. Knowledge of the behavior of different business cycles.
4. Pricing models linked to seasonal demand.

 A. 1 and 2 only
 B. 2 and 3 only
 C. 1, 2, and 3 only
 D. 1, 2, 3, and 4

Expose Correct Answer

Answer : C

Next Question

Question 48 ( Single Topic)

Which of the following standards would be most useful in evaluating the

performance of a customer-service group?

 A. The average time per customer inquiry should be kept to a minimum.

 B. Customer complaints should be processed promptly.
 C. Employees should maintain a positive attitude when dealing with
customers.
 D. All customer inquiries should be answered within seven days of
receipt.

Expose Correct Answer

Answer : D

Next Question

Question 49 ( Single Topic)

A small furniture-manufacturing firm with 100 employees is located in a two-

story building and does not plan to expand. The furniture manufactured is not
special- ordered or custom-made. The most likely structure for this
organization would be:

 A. Functional departmentalization.
 B. Product departmentalization.
 C. Matrix organization.
 D. Divisional organization.

Expose Correct Answer

Answer : A

Next Question

Question 50 ( Single Topic)

When writing a business memorandum, the writer should choose a writing style
that achieves all of the following except:

 A. Draws positive attention to the writing style.

 B. Treats all receivers with respect.
 C. Suits the method of presentation and delivery.
 D. Develops ideas without overstatement.

Expose Correct Answer

Answer : A

Next Question
Page: 5 / 63
Exam contains 621 questions
Q's per page:

Question 51 ( Single Topic)

Listening effectiveness is best increased by:

 A. Resisting both internal and external distractions.

 B. Waiting to review key concepts until the speaker has finished talking.
 C. Tuning out messages that do not seem to fit the meeting purpose.
 D. Factoring in biases in order to evaluate the information being given.

Expose Correct Answer

Answer : A
Next Question

Question 52 ( Single Topic)

An organization had three large centralized divisions: one that received

customer orders for service work; one that scheduled the service work at
customer locations; and one that answered customer calls about service
problems. These three divisions were restructured into seven regional groups,
each of which performed all three functions. One advantage of this
restructuring would be:

 A. Better internal controls.

 B. Greater economies of scale.
 C. Improved work flow.
 D. Increased specialization.

Expose Correct Answer

Answer : C

Next Question

Question 53 ( Single Topic)

Multinational organizations generally spend more time and effort to identify

and evaluate:

 A. Internal strengths and weaknesses.

 B. Break-even points.
 C. External trends and events.
 D. Internal risk factors.

Expose Correct Answer

Answer : C

Next Question

Question 54 ( Single Topic)

Which of the following is a product-oriented definition of a business rather than

a market-oriented definition of a business?

 A. We are a people-and-goods mover.

 B. We supply energy.
 C. We make movies.
 D. We provide climate control in the home.
Expose Correct Answer
Answer : C

Next Question

Question 55 ( Single Topic)

A global business organization is selecting managers to post to various

international (expatriate) assignments. In the screening process, which of the
following traits would be required to make a manager a successful expatriate?
1. Superior technical competence.
2. Willingness to attempt to communicate in a foreign language.
3. Ability to empathize with other people.

 A. 1 and 2 only
 B. 1 and 3 only
 C. 2 and 3 only
 D. 1, 2, and 3

Expose Correct Answer

Answer : C

Next Question

Question 56 ( Single Topic)

Which of the following is the best reason for considering the acquisition of a
nondomestic organization?

 A. Relatively fast market entry.

 B. Improved cash flow of the acquiring organization.
 C. Increased diversity of corporate culture.
 D. Opportunity to influence local government policy.

Expose Correct Answer

Answer : A

Next Question

Question 57 ( Single Topic)

When initiating international ventures, an organization should consider cultural

dimensions in order to prevent misunderstandings. Which of the following does
not represent a recognized cultural dimension in a work environment?
  A. Self control.
 B. Power distance.
 C. Masculinity versus femininity.
 D. Uncertainty avoidance.

Expose Correct Answer

Answer : A

Next Question

Question 58 ( Single Topic)

Which of the following is not a barrier to effective communication?

 A. Filtering.
 B. Communication overload.
 C. Similar frames of reference.
 D. Lack of source credibility.

Expose Correct Answer

Answer : C

Next Question

Question 59 ( Single Topic)

According to Porter's model of competitive strategy, which of the following is a

generic strategy?
1. Differentiation.
2. Competitive advantage.
3. Focused differentiation.
4. Cost focus.

 A. 2 only
 B. 3 and 4 only
 C. 1, 3, and 4 only
 D. 1, 2, 3, and 4

Expose Correct Answer

Answer : C

Next Question

Question 60 ( Single Topic)

International marketing activities often begin with:

 A. Standardization.
 B. Global marketing.
 C. Limited exporting.
 D. Domestic marketing.

Expose Correct Answer

Answer : C

Next Question
Page: 6 / 63
Exam contains 621 questions
Q's per page:

Question 61 ( Single Topic)

A supervisor receives a complaint from an employee who is frustrated about

having to learn a new software program. The supervisor responds that the new
software will enable the employee to work more efficiently and with greater
accuracy. This response is an example of:

 A. Empathetic listening.
 B. Reframing.
 C. Reflective listening.
 D. Dialogue.

Expose Correct Answer

Answer : B

Next Question

Question 62 ( Single Topic)

The cost to enter a foreign market would be highest in which of the following
methods of global expansion?

 A. Joint ventures.
 B. Licensing.
 C. Exporting.
 D. Overseas production.

Expose Correct Answer

Answer : D

Next Question

Question 63 ( Single Topic)

Which of the following is a characteristic of an emerging industry?

 A. Established strategy of players.

 B. Low number of new firms.
 C. High unit costs.
 D. Technical expertise.

Expose Correct Answer

Answer : C

Next Question

Question 64 ( Single Topic)

Which of the following distinguishes the added-value negotiation method from

traditional negotiating methods?

 A. Each party's negotiator presents a menu of options to the other party.

 B. Each party adopts one initial position from which to start.
 C. Each negotiator minimizes the information provided to the other party.
 D. Each negotiator starts with an offer, which is optimal from the
negotiator's perspective.

Expose Correct Answer

Answer : A

Next Question

Question 65 ( Single Topic)

For a multinational organization, which of the following is a disadvantage of an

ethnocentric staffing policy?
1. It significantly raises compensation and staffing costs.
2. It produces resentment among the organization's employees in host
countries.
3. It limits career mobility for parent-country nationals.
4. It can lead to cultural myopia.

 A. 1 and 4 only
 B. 2 and 3 only
 C. 1, 2, and 3 only
  D. 1, 2, and 4 only

Expose Correct Answer

Answer : D

Next Question

Question 66 ( Single Topic)

If a bank's activities are categorized under such departments as community

banking, institutional banking, and agricultural banking, what kind of
departmentalization is being utilized?

 A. Product departmentalization.
 B. Process departmentalization.
 C. Functional departmentalization.
 D. Customer departmentalization.

Expose Correct Answer

Answer : D

Next Question

Question 67 ( Single Topic)

Which of the following conflict resolution methods should be applied when the
intention of the parties is to solve the problem by clarifying differences and
attaining everyone's objectives?

 A. Accommodating.
 B. Compromising.
 C. Collaborating.
 D. Competing.

Expose Correct Answer

Answer : C

Next Question

Question 68 ( Single Topic)

Which of the following factors would reduce dissatisfaction for a management

trainee but would not particularly motivate the trainee?

 A. A sense of achievement.
  B. Promotion.
 C. Recognition.
 D. An incremental increase in salary.

Expose Correct Answer

Answer : D

Next Question

Question 69 ( Single Topic)

In mergers and acquisitions, which of the following is an example of a

horizontal combination?

 A. Dairy manufacturing company taking over a large dairy farm.

 B. A movie producer acquires movie theaters.
 C. A petroleum processing company acquires an agro-processing firm.
 D. A baker taking over a competitor.

Expose Correct Answer

Answer : D

Next Question

Question 70 ( Single Topic)

According to the Standards, the internal audit activity must evaluate risk
exposures relating to which of the following when examining an organization's
risk management process?
1. Organizational governance.
2. Organizational operations.
3. Organizational information systems.
4. Organizational structure.

 A. 1 and 3 only
 B. 2 and 4 only
 C. 1, 2, and 3 only
 D. 1, 2, and 4 only

Expose Correct Answer

Answer : C

Next Question
Page: 7 / 63
Exam contains 621 questions
Q's per page:

Question 71 ( Single Topic)

An organization engages in questionable financial reporting practices due to

pressure to meet unrealistic performance targets. Which internal control
component is most negatively affected?

 A. Monitoring.
 B. Control activities.
 C. Risk assessment.
 D. Control environment.

Expose Correct Answer

Answer : D

Next Question

Question 72 ( Single Topic)

Which mindset promotes the most comprehensive risk management strategy?

 A. Increase shareholder value.

 B. Maximize market share.
 C. Improve operational efficiency.
 D. Mitigate losses.

Expose Correct Answer

Answer : A

Next Question

Question 73 ( Single Topic)

An internal auditor is reviewing physical and environmental controls for an IT

organization. Which control activity should not be part of this review?

 A. Develop and test the organization's disaster recovery plan.

 B. Install and test fire detection and suppression equipment.
 C. Restrict access to tangible IT resources.
 D. Ensure that at least one developer has access to both systems and
operations.
Expose Correct Answer
Answer : D

Next Question

Question 74 ( Single Topic)

According to the International Professional Practices Framework, internal

auditors who are assessing the adequacy of organizational risk management
processes should not:

 A. Recognize that organizations use different techniques for managing

risk.
 B. Seek assurance that the key objectives of the risk management
processes are being met.
 C. Determine and accept the level of risk for the organization.
 D. Treat the evaluation of risk management processes differently from
the risk analysis used to plan audit engagements.

Expose Correct Answer

Answer : C

Next Question

Question 75 ( Single Topic)

Which audit approach should be employed to test the accuracy of information

housed in a database on an un-networked computer?

 A. Submit batches of test transactions through the current system and

verify with expected results.
 B. Use a test program to simulate the normal data entering process.
 C. Select a sample of records from the database and ensure it matches
supporting documentation.
 D. Evaluate compliance with the organization's change management
process.

Expose Correct Answer

Answer : C

Next Question

Question 76 ( Single Topic)

Which of the following statements accurately describes the responsibility of the

internal audit activity (IAA) regarding IT governance?
1. The IAA does not have any responsibility because IT governance is the
responsibility of the board and senior management of the organization.
2. The IAA must assess whether the IT governance of the organization supports
the organizations strategies and objectives.
3. The IAA may assess whether the IT governance of the organization supports
the organizations strategies and objectives.
4. The IAA may accept requests from management to perform advisory
services regarding how the IT governance of the organization supports the
organizations strategies and objectives.

 A. 1 only
 B. 4 only
 C. 2 and 4
 D. 3 and 4

Expose Correct Answer

Answer : C

Next Question

Question 77 ( Single Topic)

According to IIA guidance, which of the following corporate social responsibility

(CSR) activities is appropriate for the internal audit activity to perform?

 A. Determine the optimal amount of resources for the organization to

invest in CSR.
 B. Align CSR program objectives with the organization's strategic plan.
 C. Integrate CSR activities into the organization's decision-making
process.
 D. Determine whether the organization has an appropriate policy
governing its CSR activities.

Expose Correct Answer

Answer : D

Next Question

Question 78 ( Single Topic)

An organization decided to install a motion detection system in its warehouse

to protect against after-hours theft. According to the COSO enterprise risk
management framework, which of the following best describes this risk
management strategy?

 A. Avoidance.
 B. Reduction.
 C. Elimination.
  D. Sharing.

Expose Correct Answer

Answer : B

Next Question

Question 79 ( Single Topic)

The internal audit activity completed an initial risk analysis of the

organization's data storage center and found several areas of concern. Which
of the following is the most appropriate next step?

 A. Risk response.
 B. Risk identification.
 C. Identification of context.
 D. Risk assessment.

Expose Correct Answer

Answer : D

Next Question

Question 80 ( Single Topic)

Organizations use matrix management to accomplish which of the following?

 A. To improve the chain of command.

 B. To strengthen corporate headquarters.
 C. To focus better on a single market.
 D. To increase lateral communication.

Expose Correct Answer

Answer : D

Question 81 ( Single Topic)

Which of the following costs would be incurred in an inventory stockout?

 A. Lost sales, lost customers, and backorder.

 B. Lost sales, safety stock, and backorder.
 C. Lost customers, safety stock, and backorder.
 D. Lost sales, lost customers, and safety stock.
Expose Correct Answer
Answer : A

Next Question

Question 82 ( Single Topic)

Which of the following methods, if used in conjunction with electronic data

interchange (EDI), will improve the organization's cash management program,
reduce transaction data input time and errors, and allow the organization to
negotiate discounts with EDI vendors based on prompt payment?

 A. Electronic funds transfer.

 B. Knowledge-based systems.
 C. Biometrics.
 D. Standardized graphical user interface.

Expose Correct Answer

Answer : A

Next Question

Question 83 ( Single Topic)

Which of the following are included in ISO 31000 risk principles and guidelines?

 A. Standards, framework, and process.

 B. Standards, assessments, and process.
 C. Principles, framework, and process.
 D. Principles, practices, and process.

Expose Correct Answer

Answer : C

Next Question

Question 84 ( Single Topic)

The audit committee of a global corporation has mandated a change in the

organization's business ethics policy. Which of the following approaches
describes the best way to accomplish the policy's diffusion worldwide?

 A. Deploy the policy in the corporate headquarters' language, so

everyone gets an unfiltered version simultaneously.
  B. Introduce the policy region by region, using any lessons learned to
change the subsequent version of the policy for the next area.
 C. Consult with legal and operational management in each affected
country to ensure the final version can be implemented globally,
following audit committee approval.
 D. Send the board-approved version of the policy to each country's
senior leadership, and empower them to tailor the policy to the local
language and culture.

Expose Correct Answer

Answer : C

Next Question

Question 85 ( Single Topic)

Which of the following best describes a market signal?

 A. The bargaining power of buyers is forcing a drop in market prices.

 B. There is pressure from the competitor's substitute products.
 C. Strategic analysis by the organization indicates feasibility of
expanding to new market niches.
 D. The competitor announces a new warranty program.

Expose Correct Answer

Answer : D

Next Question

Question 86 ( Single Topic)

Which of the following is a limiting factor for capacity expansion?

 A. Government pressure on organizations to increase or maintain

employment.
 B. Production orientation of management.
 C. Lack of credible market leader in the industry.
 D. Company diversification.

Expose Correct Answer

Answer : D

Next Question

Question 87 ( Single Topic)

Which of the following stages of group development is associated with
accepting team responsibilities?

 A. Forming stage.
 B. Performing stage.
 C. Norming stage.
 D. Storming stage.

Expose Correct Answer

Answer : C

Next Question

Question 88 ( Single Topic)

Which of the following is false with regard to Internet connection firewalls?

 A. Firewalls can protect against computer viruses.

 B. Firewalls monitor attacks from the Internet.
 C. Firewalls provide network administrators tools to retaliate against
hackers.
 D. Firewalls may be software-based or hardware-based.

Expose Correct Answer

Answer : A

Next Question

Question 89 ( Single Topic)

Which of the following application software features is the least effective

control to protect passwords?

 A. Suspension of user IDs after a user's repeated attempts to sign on

with an invalid password.
 B. Encryption of passwords prior to their transmission or storage.
 C. Forced change of passwords after a designated number of days.
 D. Automatic logoff of inactive users after a specified time period of
inactivity.

Expose Correct Answer

Answer : C

Next Question
Question 90 ( Single Topic)

Which of the following are likely indicators of ineffective change management?

1. IT management is unable to predict how a change will impact
interdependent systems or business processes.
2. There have been significant increases in trouble calls or in support hours
logged by programmers.
3. There is a lack of turnover in the systems support and business analyst
development groups.
4. Emergency changes that bypass the normal control process frequently are
deemed necessary.

 A. 1 and 3 only
 B. 2 and 4 only
 C. 1, 2, and 4 only
 D. 1, 2, 3, and 4

Expose Correct Answer

Answer : C

Question 91 ( Single Topic)

Which of the following is the primary benefit of including end users in the
system development process?

 A. Improved integrity of programs and processing.

 B. Enhanced ongoing maintenance of the system.
 C. Greater accuracy of the testing phase.
 D. Reduced need for unexpected software changes.

Expose Correct Answer

Answer : C

Next Question

Question 92 ( Single Topic)

Which of the following is the most appropriate test to assess the privacy risks
associated with an organization's workstations?

 A. Penetration test.
 B. Social engineering test.
 C. Vulnerability test.
 D. Physical control test.
Expose Correct Answer
Answer : D

Next Question

Question 93 ( Single Topic)

Which of the following statements is true regarding the relationship between

an individual’s average tax rate and marginal tax rate?

 A. In a regressive personal tax system, an individual's marginal tax rate

is normally greater than his average tax rate.
 B. In a regressive personal tax system, an individual's marginal tax rate
is normally equal to his average tax rate.
 C. In a progressive personal tax system, an individual's marginal tax rate
is normally equal to his average tax rate.
 D. In a progressive personal tax system, an individual's marginal tax rate
is normally greater than his average tax rate.

Expose Correct Answer

Answer : D

Next Question

Question 94 ( Single Topic)

An organization needs to borrow a large amount of cash to fund its expansion

plan. Which of the following annual interest rates is least expensive?

 A. 7 percent simple interest with a 10 percent compensating balance.

 B. 7 percent simple interest paid at the end of each year.
 C. 7 percent discount interest.
 D. 7 percent compounding interest.

Expose Correct Answer

Answer : B

Next Question

Question 95 ( Single Topic)

Which of the following statements accurately describes one of the

characteristics that distinguishes a multinational company from a domestic
company?
  A. A multinational company has stockholders in other countries.
 B. A multinational company exports its products to other countries.
 C. A multinational company operates outside of its country of origin.
 D. A multinational company uses raw materials and components from
more than one country.

Expose Correct Answer

Answer : C

Next Question

Question 96 ( Single Topic)

Which of the following best describes an objective for an audit of an

environmental management system?

 A. To assess whether an annual control review is necessary.

 B. To determine conformance with requirements and agreements.
 C. To evaluate executive management oversight.
 D. To promote environmental awareness.

Expose Correct Answer

Answer : B

Next Question

Question 97 ( Single Topic)

Which of the following statements is true regarding the roles and

responsibilities associated with a corporate social responsibility (CSR) program?

 A. The board has overall responsibility for the internal control processes
associated with the CSR program.
 B. Management has overall responsibility for the effectiveness of
governance, risk management, and internal control processes associated
with the CSR program.
 C. The internal audit activity is responsible for ensuring that CSR
principles are integrated into the organization's policies and procedures.
 D. Every employee has a responsibility for ensuring the success of the
organization's CSR objectives.

Expose Correct Answer

Answer : D

Next Question
Question 98 ( Single Topic)

Which of the following descriptions of the internal control system are indicators
that risks are managed effectively?
1. Existing controls promote compliance with applicable laws and regulations.
2. The control environment is designed to address all identified risks to the
organization.
3. Key controls for significant risks to the organization remain consistent over
time.
4. Monitoring systems are in place to alert management to unexpected events.

 A. 1 and 3.
 B. 1 and 4.
 C. 2 and 3.
 D. 2 and 4.

Expose Correct Answer

Answer : B

Next Question

Question 99 ( Single Topic)

Which of the following is true regarding the COSO enterprise risk management
framework?

 A. The framework categorizes an organization's objectives to distinct,

non overlapping objectives.
 B. Control environment is one of the framework's eight components.
 C. The framework facilitates effective risk management, even if
objectives have not been established.
 D. The framework integrates with, but is not dependent upon, the
corresponding internal control framework.

Expose Correct Answer

Answer : D

Next Question

Question 100 ( Single Topic)

Which of the following is a major advantage of decentralized organizations,

compared to centralized organizations?

 A. Decentralized organizations are more focused on organizational goals.

 B. Decentralized organizations streamline organizational structure.
  C. Decentralized organizations tend to be less expensive to operate.
 D. Decentralized organizations tend to be more responsive to market
changes.

Expose Correct Answer

Answer : D

Next Question
Page: 10 / 63
Exam contains 621 questions

Question 101 ( Single Topic)

The economic order quantity can be calculated using the following formula:

Which of the following describes how the optimal order size will change if the annual demand
increases by 36 percent?

 A. Decrease by about 17 percent.

 B. Decrease by about 7 percent.
 C. Increase by about 7 percent.
 D. Increase by about 17 percent.

Expose Correct Answer

Answer : D

Next Question

Question 102 ( Single Topic)

Which of the following statements best describes the frameworks set forth by the International
Standards Organization?
  A. Globally accepted standards for industries and processes.
 B. Bridging the gaps among control requirements, technical issues, and business risks.
 C. Practical guidance and benchmarks for all organizations that use information systems.
 D. Frameworks and guidance on enterprise risk management, internal control, and fraud
deterrence.

Expose Correct Answer

Answer : A

Next Question

Question 103 ( Single Topic)

An internal auditor performed a review of IT outsourcing and found that the service provider was
failing to meet the terms of the service level agreement. Which of the following approaches is most
appropriate to address this concern?

 A. The organization should review the skill requirements and ensure that the service
provider is maintaining sufficient expertise and retaining skilled resources.
 B. The organization should proactively monitor the performance of the service provider,
escalate concerns, and use penalty clauses in the contract where necessary.
 C. The organization should ensure that there is a clear management communication strategy
and path for evaluating and reporting on all outsourced services concerns.
 D. The organization should work with the service provider to review the current agreement
and expectations relating to objectives, processes, and overall

Expose Correct Answer

Answer : B

Next Question

Question 104 ( Single Topic)

A chief audit executive (CAE) was asked to participate in the selection of an external auditor.
Which of the following would not be a typical responsibility for the
CAE?

 A. Evaluate the proposed external auditor fee.

 B. Recommend criteria to be used in the selection process.
 C. Develop appropriate performance metrics.
 D. Monitor the work of the external auditors.

Expose Correct Answer

Answer : C
Next Question

Question 105 ( Single Topic)

Which of the following is the most likely reason an organization may decide to undertake a stock
split?

 A. To keep stock price constant.

 B. To keep shareholders' equity constant.
 C. To increase shareholders' equity.
 D. To enhance the stock liquidity.

Expose Correct Answer

Answer : D

Next Question

Question 106 ( Single Topic)

Which of the following is the best approach to overcome entry barriers into a new business?

 A. Offer a standard product that is targeted in the recognized market.

 B. Invest in commodity or commodity-like product businesses.
 C. Enter into a slow-growing market.
 D. Use an established distribution relationship.

Expose Correct Answer

Answer : D

Next Question

Question 107 ( Single Topic)

Which of the following techniques would be least effective in resolving the conflict created by an
internal audit client's perception of the audit report as a personal attack on his management
performance?

 A. The auditor should focus on the audit client as a person and understand him, rather than
just concentrating on the problem.
 B. The auditor should make recommendations based on objective criteria, rather than based
on a subjective assessment.
 C. The auditor should explore alternative solutions to address the audit problem, so the audit
client has options.
 D. The auditor should take a flexible position on the recommendations and focus on
resolving the issue by addressing the interests of the people concerned.
Expose Correct Answer
Answer : A

Next Question

Question 108 ( Single Topic)

Which of the following most accurately describes the purpose of application authentication
controls?

 A. To ensure that data input into business applications is valid, complete, and accurate.
 B. To prevent or detect errors in data processed using business applications.
 C. To ensure that business applications are protected from unauthorized logical access.
 D. To ensure the validity, accuracy, and completeness of outputs from business applications.

Expose Correct Answer

Answer : C

Next Question

Question 109 ( Single Topic)

Which of the following is always true regarding the use of encryption algorithms based on public
key infrastructure (PKI)?

 A. PKI uses an independent administrator to manage the public key.

 B. The public key is authenticated against reliable third-party identification.
 C. PKI's public accessibility allows it to be used readily for e-commerce.
 D. The private key uniquely authenticates each party to a transaction.

Expose Correct Answer

Answer : D

Next Question

Question 110 ( Single Topic)

Which of the following are appropriate functions for an IT steering committee?

1. Assess the technical adequacy of standards for systems design and programming.
2. Continually monitor of the adequacy and accuracy of software and hardware in use.
3. Assess the effects of new technology on the organization's IT operations.
4. Provide broad oversight of implementation, training, and operation of new systems.

 A. 1, 2, and 3
 B. 1, 2, and 4
  C. 1, 3, and 4
 D. 2, 3, and 4

Expose Correct Answer

Answer : D

Next Question
Question 111 ( Single Topic)
Which of the following application-based controls is an example of a
programmed edit check?

 A. Reasonableness check.
 B. Transaction log.
 C. Input error correction.
 D. Authorization for access.

Expose Correct Answer

Answer : A

Next Question

Question 112 ( Single Topic)

Which of the following describes the result if an organization records

merchandise as a purchase, but fails to include it in the closing inventory
count?

 A. The cost of goods sold for the period will be understated.

 B. The cost of goods sold for the period will be overstated.
 C. The net income for the period will be understated.
 D. There will be no effect on the cost of goods sold or the net income for
the period.

Expose Correct Answer

Answer : B

Next Question

Question 113 ( Single Topic)

An organization's balance sheet indicates that the total asset amount and the
total capital stock amount remained unchanged from one year to the next, and
no dividends were declared or paid. However, the organization reported a loss
of $200,000. Which of the following describes the most likely year-over-year
change to the organization's total liabilities and total stockholder equity?
  A. The total liabilities and total stockholder equity both increased.
 B. The total liabilities and total stockholder equity both decreased.
 C. The total liabilities decreased, and the total stockholder equity
increased.
 D. The total liabilities increased, and the total stockholder equity
decreased.

Expose Correct Answer

Answer : D

Next Question

Question 114 ( Single Topic)

An organization accumulated the following data for the prior fiscal year:

Value of -

Percentage of -

Quarter -

Output Produced -

Cost X -
$4,750,000
2.9
$4,700,000
3.0
$4,350,000
3.2
$4,000,000
3.5
Based on this data, which of the following describes the value of Cost X in
relation to the value of Output Produced?

 A. Cost X is a variable cost.

 B. Cost X is a fixed cost.
 C. Cost X is a semi-fixed cost.
 D. Cost X and the value of Output Produced are unrelated.

Expose Correct Answer

Answer : B

Next Question

Question 115 ( Single Topic)

Which of the following statements is false regarding the internal audit approach
when a set of standards other than The IIA's Standards is applicable to a
specific engagement?

 A. The internal auditor may cite the use of other standards during audit
communications.
 B. If the other standards are government-issued, the internal auditor
should apply them in conjunction with The IIA's Standards.
 C. If there are inconsistencies between the other standards and The IIA's
Standards, the internal auditor must use the more restrictive standards.
 D. If there are inconsistencies between the other standards and The IIA's
Standards, the internal auditor must use the less restrictive standards.

Expose Correct Answer

Answer : D

Next Question

Question 116 ( Single Topic)

An internal auditor is trying to assess control risk and the effectiveness of an

organization's internal controls. Which of the following audit procedures would
not provide assurance to the auditor on this matter?

 A. Interviewing the organization's employees.

 B. Observing the organization's operations.
 C. Reading the board's minutes.
 D. Inspecting manuals and documents.

Expose Correct Answer

Answer : C

Next Question

Question 117 ( Single Topic)

What are the objectives of governance as defined by the Standards?

 A. Inform, direct, manage, and monitor.

 B. Identify, assess, manage, and control.
 C. Organize, assign, authorize, and implement.
 D. Add value, improve, assure, and conform.

Expose Correct Answer

Answer : A

Next Question

Question 118 ( Single Topic)

Within an enterprise, IT governance relates to the:

1. Alignment between the enterprise's IT long term plan and the organization's
objectives.
2. Organizational structures of the company that are designed to ensure that IT
supports the organization's strategies and objectives.
3. Operational plans established to support the IT strategies and objectives.
4. Role of the company's leadership in ensuring IT supports the organization's
strategies and objectives.

 A. 1 and 2 only
 B. 3 and 4 only
 C. 1, 2, and 4 only
 D. 2, 3, and 4 only

Expose Correct Answer

Answer : C

Next Question

Question 119 ( Single Topic)

According to the International Professional Practices Framework, which of the

following statements is true regarding a corporate social responsibility (CSR)
program?
1. Every employee generally has a responsibility for ensuring the success of
CSR objectives.
2. The board has overall responsibility for the effectiveness of internal control
processes associated with CSR.
3. Public reporting on the CSR governance process is expected.
4. Organizations generally have flexibility regarding what is included in a CSR
program.

 A. 1, 2, and 3 only
 B. 1, 2, and 4 only
 C. 1, 3, and 4 only
 D. 2, 3, and 4 only

Expose Correct Answer

Answer : B

Next Question
Question 120 ( Single Topic)

Which of the following would not impair the objectivity of internal auditor?

 A. Management assurance on risks.

 B. Implementing risk responses on behalf of management.
 C. Providing assurance that risks assessed are correctly evaluated.
 D. Setting the risk appetite.

Expose Correct Answer

Answer : C

Next Question
Page: 12 / 63
Exam contains 621 questions
Q's per page:

Question 121 ( Single Topic)

In an organization where enterprise risk management practices are mature, which of the following is
a core internal audit role?

 A. Giving assurance that risks are evaluated correctly.

 B. Developing the risk management strategy for the board's approval.
 C. Facilitating the identification and evaluation of risks.
 D. Coaching management in responding to risk.

Expose Correct Answer

Answer : A

Next Question

Question 122 ( Single Topic)

Which of the following is an example of a risk avoidance response?

 A. Buying an insurance policy to protect against loss events.

 B. Hedging against natural gas price fluctuations.
 C. Selling a non-strategic business unit.
 D. Outsourcing a high risk process to a third party.

Expose Correct Answer

Answer : C

Next Question
Question 123 ( Single Topic)

Which of the following statements are true regarding the use of heat maps as risk assessment tools?
1. They focus primarily on known risks, limiting the ability to identify new risks.
2. They rely heavily on objective assessments and related risk tolerances.
3. They are too complex to provide an easily understandable view of key risks.
4. They are helpful but limited in value in a rapidly changing environment.

 A. 1 and 2 only
 B. 1 and 4 only
 C. 2 and 3 only
 D. 3 and 4 only

Expose Correct Answer

Answer : B

Next Question

Question 124 ( Single Topic)

The most important reason to use risk assessment in audit planning is to:

 A. Identify redundant controls.

 B. Improve budgeting accuracy.
 C. Enhance assurance provided to management.
 D. Assist in developing audit programs.

Expose Correct Answer

Answer : C

Next Question

Question 125 ( Single Topic)

In creating a risk-based plan, which of the following best describes a top-down approach to
understanding business processes?

 A. Identifying the processes at the activity level.

 B. Analyzing the organization's strategic plan where the business processes are defined.
 C. Analyzing the organization's objectives and identifying the processes needed to achieve
the objectives.
 D. Identifying the risks affecting the organization, the objectives, and then the processes
concerned.
Expose Correct Answer
Answer : C

Next Question

Question 126 ( Single Topic)

Which of the following are typical responsibilities for operational management within a risk
management program?
1. Implementing corrective actions to address process deficiencies.
2. Identifying shifts in the organization's risk management environment.
3. Providing guidance and training on risk management processes.
4. Assessing the impact of mitigation strategies and activities.

 A. 1 and 2 only
 B. 1 and 4 only
 C. 2 and 3 only
 D. 3 and 4 only

Expose Correct Answer

Answer : B

Next Question

Question 127 ( Single Topic)

Which of the following statements about COBIT is not true?

 A. COBIT helps management understand and manage the risks associated with information
technology (IT) processes.
 B. Management needs to determine the cost-benefit ratio of adopting COBIT control
objectives.
 C. COBIT control objectives are specific to various IT platforms and help determine
minimum controls.
 D. COBIT provides management with the capability to conduct self-assessments against
industry best practices.

Expose Correct Answer

Answer : C

Next Question

Question 128 ( Single Topic)

In order to provide useful information for an organization's risk management decisions, which of
the following factors is least important to assess?
  A. The underlying causes of the risk.
 B. The impact of the risk on the organization's objectives.
 C. The risk levels of current and future events.
 D. The potential for eliminating risk factors.

Expose Correct Answer

Answer : D

Next Question

Question 129 ( Single Topic)

According to the Standards, which of the following is based on the assertion that the quality of an
organization's risk management process should improve with time?

 A. Process element.
 B. Key principles.
 C. Maturity model.
 D. Assurance.

Expose Correct Answer

Answer : C

Next Question

Question 130 ( Single Topic)

An internal auditor has been asked to conduct an investigation involving allegations of independent
contractor fraud. Which of the following controls would be least effective in detecting any potential
fraudulent activity?

 A. Exception report identifying payment anomalies.

 B. Documented policy and procedures.
 C. Periodic account reconciliation of contractor charges.
 D. Monthly management review of all contractor activity.

Expose Correct Answer

Answer : B

Next Question

Question 131 ( Single Topic)

Which of the following should an organization consider when developing strategic objectives for its
business processes?
1. Contribution to the success of the organization.
2. Reliability of operational information.
3. Behaviors and actions expected of employees.
4. How inputs combine with outputs to generate activities.

 A. 1 and 2 only
 B. 1 and 3 only
 C. 2 and 4 only
 D. 3 and 4 only

Expose Correct Answer

Answer : B

Next Question

Question 132 ( Single Topic)

Which of the following are appropriate reasons for internal auditors to document processes as part
of an audit engagement?
1. To determine areas of primary concern.
2. To establish a standard format for process mapping.
3. To define areas of responsibility within the organization.
4. To assess the performance of employees.

 A. 1 and 2 only
 B. 1 and 3 only
 C. 2 and 3 only
 D. 2 and 4 only

Expose Correct Answer

Answer : B

Next Question

Question 133 ( Single Topic)

Which of the following phases of a business cycle are marked by an underuse of resources?
1. The trough.
2. The peak.
3. The recovery.
4. The recession.

 A. 1 and 3 only
 B. 1 and 4 only
 C. 2 and 3 only
 D. 2 and 4 only
Expose Correct Answer
Answer : B

Next Question

Question 134 ( Single Topic)

According to the ISO 14001 standard, which of the following is not included in the requirements for
a quality management system?

 A. Key processes across the entity which impact quality must be identified and included.
 B. The quality management system must be documented in the articles of incorporation,
quality manual, procedures, work instructions, and records.
 C. Management must review the quality policy, analyze data about quality management
system performance, and assess opportunities for improvement and the need for change.
 D. The entity must have processes for inspections, testing, measurement, analysis, and
improvement.

Expose Correct Answer

Answer : B

Next Question

Question 135 ( Single Topic)

Which of the following professional organizations sets standards for quality and environmental
audits?

 A. The Committee of Sponsoring Organizations of the Treadway Commission.

 B. The Board of Environmental, Health, and Safety Auditor Certifications.
 C. The International Organization of Supreme Audit Institutions.
 D. The International Standards Organization.

Expose Correct Answer

Answer : D

Next Question

Question 136 ( Single Topic)

An organization facing rapid growth decides to employ a third party service provider to manage its
customer relationship management function. Which of the following is true regarding the
supporting application software used by that provider compared to an in-house developed system?
1. Updating documentation is always a priority.
2. System availability is usually more reliable.
3. Data security risks are lower.
4. Overall system costs are lower.

 A. 1 and 2 only
 B. 1 and 3 only
 C. 2 and 4 only
 D. 3 and 4 only

Expose Correct Answer

Answer : C

Next Question

Question 137 ( Single Topic)

An organization is considering the outsourcing of its business processes related to payroll and
information technology functions. Which of the following is the most significant area of concern for
management regarding this proposed agreement?

 A. Ensuring that payments to the vendor are appropriate and timely for the services
delivered.
 B. Ensuring that the vendor has complete management control of the outsourced process.
 C. Ensuring that there are means of monitoring the efficiency of the outsourced process.
 D. Ensuring that there are means of monitoring the effectiveness of the outsourced process.

Expose Correct Answer

Answer : D

Next Question

Question 138 ( Single Topic)

Providing knowledge, motivating organizational members, controlling and coordinating individual

efforts, and expressing feelings and emotions are all functions of:

 A. Motivation.
 B. Performance.
 C. Organizational structure.
 D. Communication.

Expose Correct Answer

Answer : D

Next Question
Question 139 ( Single Topic)

Where complex problems need to be addressed, which of the following communication networks
would be most appropriate?

 A. Chain.
 B. All-channel.
 C. Circle.
 D. Wheel.

Expose Correct Answer

Answer : B

Next Question

Question 140 ( Single Topic)

Which of the following is a strategy that organizations can use to stimulate innovation?
1. Source from the most advanced suppliers.
2. Establish employee programs that reward initiative.
3. Identify best practice competitors as motivators.
4. Ensure that performance targets are always achieved.

 A. 1 and 3 only
 B. 2 and 4 only
 C. 1, 2, and 3 only
 D. 1, 2, 3, and 4

Expose Correct Answer

Answer : C

Next Question
Question 141 ( Single Topic)

Which of the following statements about market signaling is correct?

1. The organization releases information about a new product generation.
2. The organization limits a challenger's access to the best source of raw
materials or labor.
3. The organization announces that it is fighting a new process technology.
4. The organization makes exclusive arrangements with the channels.

 A. 1 and 3 only
 B. 1 and 4 only
 C. 2 and 3 only
 D. 2 and 4 only
Expose Correct Answer
Answer : A

Next Question

Question 142 ( Single Topic)

Which of the following strategies would most likely prevent an organization

from adjusting to evolving industry market conditions?

 A. Specializing in proven manufacturing techniques that have made the

organization profitable in the past.
 B. Substituting its own production technology with advanced techniques
used by its competitors.
 C. Forgoing profits over a period of time to gain market share from its
competitors.
 D. Using the same branding to sell its products through new sales
channels to target new markets.

Expose Correct Answer

Answer : A

Next Question

Question 143 ( Single Topic)

In which type of business environment are price cutting strategies and

franchising strategies most appropriate?

 A. Embryonic, focused.
 B. Fragmented, decline.
 C. Mature, fragmented.
 D. Competitive, embryonic.

Expose Correct Answer

Answer : C

Next Question

Question 144 ( Single Topic)

According to Porter, which of the following is associated with fragmented

industries?

 A. Weak entrance barriers.

  B. Significant scale economies.
 C. Steep experience curve.
 D. Strong negotiation power with suppliers.

Expose Correct Answer

Answer : A

Next Question

Question 145 ( Single Topic)

Technological uncertainty, subsidy, and spin-offs are usually characteristics of:

 A. Fragmented industries.
 B. Declining industries.
 C. Mature industries.
 D. Emerging industries.

Expose Correct Answer

Answer : D

Next Question

Question 146 ( Single Topic)

Which of the following strategies is most appropriate for an industry that is in

decline?

 A. Invest in marketing.
 B. Invest in research and development.
 C. Control costs.
 D. Shift toward mass production.

Expose Correct Answer

Answer : C

Next Question

Question 147 ( Single Topic)

In terms of international business strategy, which of the following is true

regarding a multi-domestic strategy?

 A. It uses the same products in all countries.

  B. It centralizes control with little decision-making authority given to the
local level.
 C. It is an effective strategy when large differences exist between
countries.
 D. It provides cost advantages, improves coordinated activities, and
speeds product development.

Expose Correct Answer

Answer : C

Next Question

Question 148 ( Single Topic)

Organizational activities that complement each other and create a competitive

advantage are called a:

 A. Merger.
 B. Strategic fit.
 C. Joint venture.
 D. Strategic goal.

Expose Correct Answer

Answer : B

Next Question

Question 149 ( Single Topic)

An internationally recognized brand name is an entrance barrier to new

competitors because new competitors would:

 A. Have to initiate a price war in order to enter the industry.

 B. Face increased production costs.
 C. Face increased marketing costs.
 D. Face higher learning costs, which would increase fixed costs.

Expose Correct Answer

Answer : C

Next Question

Question 150 ( Single Topic)

Which stage of group development is characterized by a decrease in conflict
and hostility among group members and an increase in cohesiveness?

 A. Forming stage.
 B. Norming stage.
 C. Performing stage.
 D. Storming stage.

Expose Correct Answer

Answer : B

Next Question
Page: 15 / 63
Exam contains 621 questions

Question 151 ( Single Topic)

Which of the following is an element of effective negotiating?

 A. Ensuring that the other party has a personal stake in the agreement.
 B. Focusing on interests rather than on obtaining a winning position.
 C. Considering a few select choices during the settlement phase.
 D. Basing the agreement on negotiating power and positioning leverage.

Expose Correct Answer

Answer : B

Next Question

Question 152 ( Single Topic)

Which of the following statements is true regarding the resolution of interpersonal conflict?

 A. Unrealized expectations can be avoided with open and honest discussion.

 B. Reorganization would probably not help ambiguous or overlapping jurisdictions.
 C. Deferring action should be used until there is sufficient time to fully deal with the issue.
 D. Timely and unambiguous clarification of roles and responsibilities will eliminate most
interpersonal conflict.

Expose Correct Answer

Answer : A

Next Question
Question 153 ( Single Topic)

Which of the following would best prevent unauthorized external changes to an organization's data?

 A. Antivirus software, firewall, data encryption.

 B. Firewall, data encryption, backup procedures.
 C. Antivirus software, firewall, backup procedures.
 D. Antivirus software, data encryption, change logs.

Expose Correct Answer

Answer : A

Next Question

Question 154 ( Single Topic)

When granting third parties temporary access to an entity's computer systems, which of the
following is the most effective control?

 A. Access is approved by the supervising manager.

 B. User accounts specify expiration dates and are based on services provided.
 C. Administrator access is provided for a limited period.
 D. User accounts are deleted when the work is completed.

Expose Correct Answer

Answer : B

Next Question

Question 155 ( Single Topic)

An organization is considering mirroring the customer data for one regional center at another
center. A disadvantage of such an arrangement would be:

 A. Lack of awareness of the state of processing.

 B. Increased cost and complexity of network traffic.
 C. Interference of the mirrored data with the original source data.
 D. Confusion about where customer data are stored.

Expose Correct Answer

Answer : B

Next Question

Question 156 ( Single Topic)

Which of the following statements regarding program change management is not correct?

 A. The goal of the change management process is to sustain and improve organizational
operations.
 B. The degree of risk associated with a proposed change determines if the change request
requires authorization.
 C. In order to protect the production environment, changes must be managed in a repeatable,
defined, and predictable manner.
 D. All changes should be tested in a non-production environment before migrating to the
production environment.

Expose Correct Answer

Answer : B

Next Question

Question 157 ( Single Topic)

When auditing an application change control process, which of the following procedures should be
included in the scope of the audit?
1. Ensure system change requests are formally initiated, documented, and approved.
2. Ensure processes are in place to prevent emergency changes from taking place.
3. Ensure changes are adequately tested before being placed into the production environment.
4. Evaluate whether the procedures for program change management are adequate.

 A. 1 only
 B. 1 and 3 only
 C. 2 and 4 only
 D. 1, 3, and 4 only

Expose Correct Answer

Answer : D

Next Question

Question 158 ( Single Topic)

An internal auditor discovered that several unauthorized modifications were made to the production
version of an organization's accounting application. Which of the following best describes this
deficiency?

 A. Production controls weakness.

 B. Application controls weakness.
 C. Authorization controls weakness.
 D. Change controls weakness.
Expose Correct Answer
Answer : D

Next Question

Question 159 ( Single Topic)

Which of the following would provide the most relevant assurance that the application under
development will provide maximum value to the organization?

 A. Use of a formal systems development lifecycle.

 B. End-user involvement.
 C. Adequate software documentation.
 D. Formalized non-regression testing phase.

Expose Correct Answer

Answer : B

Next Question

Question 160 ( Single Topic)

Which of the following does not provide operational assurance that a computer system is operating
properly?

 A. Performing a system audit.

 B. Making system changes.
 C. Testing policy compliance.
 D. Conducting system monitoring.

Expose Correct Answer

Answer : B

Question 161 ( Single Topic)

Which of the following statements regarding database management systems is not correct?

 A. Database management systems handle data manipulation inside the tables, rather than it
being done by the operating system itself in files.
 B. The database management system acts as a layer between the application software and
the operating system.
 C. Applications pass on the instructions for data manipulation which are then executed by
the database management system.
 D. The data within the database management system can only be manipulated directly by the
database management system administrator.
Expose Correct Answer
Answer : D

Next Question

Question 162 ( Single Topic)

Which of the following statements is in accordance with COBIT?

1. Pervasive controls are general while detailed controls are specific.
2. Application controls are a subset of pervasive controls.
3. Implementation of software is a type of pervasive control.
4. Disaster recovery planning is a type of detailed control.

 A. 1 and 4 only
 B. 2 and 3 only
 C. 2, 3, and 4 only
 D. 1, 2, and 4 only

Expose Correct Answer

Answer : A

Next Question

Question 163 ( Single Topic)

A holding company set up a centralized group technology department, using a local area network
with a mainframe computer to process accounting information for all companies within the group.
An internal auditor would expect to find all of the following controls within the technology
department except:

 A. Adequate segregation of duties between data processing controls and file security
controls.
 B. Documented procedures for remote job entry and for local data file retention.
 C. Emergency and disaster recovery procedures and maintenance agreements in place to
ensure continuity of operations.
 D. Established procedures to prevent and detect unauthorized changes to data files.

Expose Correct Answer

Answer : B

Next Question

Question 164 ( Single Topic)

Which of the following local area network physical layouts is subject to the greatest risk of failure if
one device fails?

 A. Star network.
 B. Bus network.
 C. Token ring network.
 D. Mesh network.

Expose Correct Answer

Answer : C

Next Question

Question 165 ( Single Topic)

A department purchased one copy of a software program for internal use. The manager of the
department installed the program on an office computer and then made two complete copies of the
original software.
Copy 1 was solely for backup purposes.
Copy 2 was for use by another member of the department.
In terms of software licenses and copyright law, which of the following is correct?

 A. Both copies are legal.

 B. Only copy 1 is legal.
 C. Only copy 2 is legal.
 D. Neither copy is legal.

Expose Correct Answer

Answer : B

Next Question

Question 166 ( Single Topic)

During which phase of disaster recovery planning should an organization identify the business
units, assets, and systems that are critical to continuing an acceptable level of operations?

 A. Scope and initiation phase.

 B. Business impact analysis.
 C. Plan development.
 D. Testing.

Expose Correct Answer

Answer : B
Next Question

Question 167 ( Single Topic)

Under a value-added taxing system:

 A. Businesses must pay a tax only if they make a profit.

 B. The consumer ultimately bears the cost of the tax through higher prices.
 C. Consumer savings are discouraged.
 D. The amount of value added is the difference between an organization's sales and its cost
of goods sold.

Expose Correct Answer

Answer : B

Next Question

Question 168 ( Single Topic)

An organization has recorded the following profit and expenses:

Profit before interest and tax -

$200,000

Sales -
$2,300,000

Purchases of materials -
$700,000

Interest expenses -
$30,000
If the value-added tax (VAT) rate is 20 percent and the corporate tax rate is 30 percent, which of the
following is the amount of VAT that the organization has to pay?

 A. $34,000
 B. $51,000
 C. $60,000
 D. $320,000

Expose Correct Answer

Answer : D

Next Question

Question 169 ( Single Topic)

Which of the following are the most appropriate measures for evaluating the change in an
organization's liquidity position?

 A. Times interest earned, return on assets, and inventory turnover.

 B. Accounts receivable turnover, inventory turnover in days, and the current ratio.
 C. Accounts receivable turnover, return on assets, and the current ratio.
 D. Inventory turnover in days, the current ratio, and return on equity.

Expose Correct Answer

Answer : B

Next Question

Question 170 ( Single Topic)

Unsecured loans are loans:

 A. That do not have to be repaid for over one year.

 B. That appear to be too risky for most lenders to consider.
 C. Granted on the basis of a company's credit standing.
 D. Backed by mortgaged assets.

Expose Correct Answer

Answer : C

Question 171 ( Single Topic)

All of the following are true with regard to the first-in, first-out inventory
valuation method except:

 A. It values inventory close to current replacement cost.

 B. It generates the highest profit when prices are rising.
 C. It approximates the physical flow of goods.
 D. It minimizes current-period income taxes.

Expose Correct Answer

Answer : D

Next Question

Question 172 ( Single Topic)

Maintenance cost at a hospital was observed to increase as activity level

increased. The following data was gathered:
Activity Level -
Maintenance Cost -

Month -

Patient Days -

Incurred -

January -
5,600
$7,900

February -
7,100
$8,500

March -
5,000
$7,400

April -
6,500
$8,200

May -
7,300
$9,100

June -
8,000
$9,800
If the cost of maintenance is expressed in an equation, what is the independent
variable for this data?

 A. Fixed cost.
 B. Variable cost.
 C. Total maintenance cost.
 D. Patient days.

Expose Correct Answer

Answer : D

Next Question

Question 173 ( Single Topic)

Import quotas that limit the quantities of goods that a domestic subsidiary can
buy from its foreign parent company represent which type of barrier to the
parent company?

 A. Political.
 B. Financial.
 C. Social.
 D. Tariff.

Expose Correct Answer

Answer : A

Next Question

Question 174 ( Single Topic)

The process of scenario planning begins with which of the following steps?

 A. Determining the trends that will influence key factors in the

organization's environment.
 B. Selecting the issue or decision that will impact how the organization
conducts future business.
 C. Selecting leading indicators to alert the organization of future
developments.
 D. Identifying how customers, suppliers, competitors, employees, and
other stakeholders will react.

Expose Correct Answer

Answer : B

Next Question

Question 175 ( Single Topic)

According to IIA guidance, which of the following steps are most important for
an internal auditor to perform when evaluating an organization's social and
environmental impact on the local community?
1. Determine whether previous incidents have been reported, managed, and
resolved.
2. Determine whether a business contingency plan exists.
3. Determine the extent of transparency in reporting.
4. Determine whether a cost/benefit analysis was performed for all related
projects.

 A. 1 and 3.
 B. 1 and 4.
 C. 2 and 3.
  D. 2 and 4.

Expose Correct Answer

Answer : A

Next Question

Question 176 ( Single Topic)

Which of the following corporate social responsibility strategies is likely to be

most effective in minimizing confrontations with influential activists and
lobbyists?

 A. Continually evaluate the needs and opinions of all stakeholder groups.

 B. Ensure strict compliance with applicable laws and regulations to avoid
incidents.
 C. Maintain a comprehensive publicity campaign that highlights the
organization's efforts.
 D. Increase goodwill through philanthropic activities among stakeholder
communities.

Expose Correct Answer

Answer : A

Next Question

Question 177 ( Single Topic)

When assessing the adequacy of a risk mitigation strategy, an internal auditor

should consider which of the following?
1. Managements tolerance for specific risks.
2. The cost versus benefit of implementing a control.
3. Whether a control can mitigate multiple risks.
4. The ability to test the effectiveness of the control.

 A. 1, 2, and 3
 B. 1, 2, and 4
 C. 1, 3, and 4
 D. 2, 3, and 4

Expose Correct Answer

Answer : C

Next Question
Question 178 ( Single Topic)

According to the COSO enterprise risk management (ERM) framework, which of

the following is not a typical responsibility of the chief risk officer?

 A. Establishing risk category definitions and a common risk language for

likelihood and impact measures.
 B. Defining ERM roles and responsibilities.
 C. Providing the board with an independent, objective risk perspective on
financial reporting.
 D. Guiding integration of ERM with other management activities.

Expose Correct Answer

Answer : C

Next Question

Question 179 ( Single Topic)

Which of the following price adjustment strategies encourages prompt

payment?

 A. Cash discounts.
 B. Quantity discounts.
 C. Functional discounts.
 D. Seasonal discounts.

Expose Correct Answer

Answer : A

Next Question

Question 180 ( Single Topic)

Which of the following actions is most likely to gain support for process
change?

 A. Set clear objectives.

 B. Engage the various communities of practice within the organization.
 C. Demonstrate support from senior management.
 D. Establish key competencies.

Expose Correct Answer

Answer : B
Next Question
Page: 18 / 63
Exam contains 621 questions
Q's per page:

Question 181 ( Single Topic)

Which of the following IT strategies is most effective for responding to competitive pressures
created by the marketplace?

 A. Promote closer linkage between organizational strategy and information.

 B. Provide users with greater online access to information systems.
 C. Enhance the functionality of application systems.
 D. Expand the use of automated controls.

Expose Correct Answer

Answer : C

Next Question

Question 182 ( Single Topic)

According to IIA guidance, which of the following is a typical risk associated with the tender
process and contracting stage of an organization's IT outsourcing life cycle?

 A. The process is not sustained and is not optimized as planned.

 B. There is a lack of alignment to organizational strategies.
 C. The operational quality is less than projected.
 D. There is increased potential for loss of assets.

Expose Correct Answer

Answer : D

Next Question

Question 183 ( Single Topic)

Which of the following is true regarding an organization's relationship with external stakeholders?

 A. Specific guidance must be followed when interacting with nongovernmental

organizations.
 B. Disclosure laws tend to be consistent from one jurisdiction to another.
 C. There are several internationally recognized standards for dealing with financial donors.
 D. Legal representation should be consulted before releasing internal audit information to
other assurance providers.

Expose Correct Answer

Answer : D

Next Question

Question 184 ( Single Topic)

Which stage in the industry life cycle is characterized by many different product variations?

 A. Introduction.
 B. Growth.
 C. Maturity.
 D. Decline.

Expose Correct Answer

Answer : A

Next Question

Question 185 ( Single Topic)

Capacity overbuilding is most likely to occur when management is focused on which of the
following?

 A. Marketing.
 B. Finance.
 C. Production.
 D. Diversification.

Expose Correct Answer

Answer : C

Next Question

Question 186 ( Single Topic)

A retail organization is considering acquiring a composite textile company. The retailer's due
diligence team determined the value of the textile company to be $50 million. The financial experts
forecasted net present value of future cash flows to be $60 million. Experts at the textile company
determined their company's market value to be $55 million if purchased by another entity.
However, the textile company could earn more than $70 million from the retail organization due to
synergies.
Therefore, the textile company is motivated to make the negotiation successful. Which of the
following approaches is most likely to result in a successful negotiation?

 A. Develop a bargaining zone that lies between $50 million and $70 million and create sets
of outcomes between $50 million and $70 million.
  B. Adopt an added-value negotiating strategy, develop a bargaining zone between $50
million and $70 million, and create sets of outcomes between $50 million and $70 million.
 C. Involve a mediator as a neutral party who can work with the textile company's
management to determine a bargaining zone.
 D. Develop a bargaining zone that lies between $55 million and $60 million and create sets
of outcomes between $55 million and $60 million.

Expose Correct Answer

Answer : D

Next Question

Question 187 ( Single Topic)

Which of the following is not included in the process of user authentication?

 A. Authorization.
 B. Identification.
 C. Verification.
 D. Validation.

Expose Correct Answer

Answer : A

Next Question

Question 188 ( Single Topic)

According to IIA guidance on IT auditing, which of the following would not be an area examined
by the internal audit activity?

 A. Access system security.

 B. Policy development.
 C. Change management.
 D. Operations processes.

Expose Correct Answer

Answer : B

Next Question

Question 189 ( Single Topic)

According to the waterfall cycle approach to systems development, which of the following
sequence of events is correct?
  A. Program design, system requirements, software design, analysis, coding, testing,
operations.
 B. System requirements, software design, analysis, program design, testing, coding,
operations.
 C. System requirements, software design, analysis, program design, coding, testing,
operations.
 D. System requirements, analysis, coding, software design, program design, testing,
operations.

Expose Correct Answer

Answer : C

Next Question

Question 190 ( Single Topic)

Which of the following describes a typical desktop workstation used by most employees in their
daily work?

 A. Workstation contains software that prevents unauthorized transmission of information

into and out of the organization's network.
 B. Workstation contains software that controls information flow between the organization's
network and the Internet.
 C. Workstation contains software that enables the processing of transactions and is not
shared among users of the organization's network.
 D. Workstation contains software that manages user's access and processing of stored data
on the organization's network.

Expose Correct Answer

Answer : C

Next Question
Question 191 ( Single Topic)

Which of the following must be adjusted to index a progressive tax system to

inflation?

 A. Tax deductions, exemptions, and tax filings.

 B. Tax deductions, exemptions, and tax brackets.
 C. Tax brackets, tax deductions, and tax payments.
 D. Tax brackets, exemptions, and nominal tax receipts.

Expose Correct Answer

Answer : B

Next Question
Question 192 ( Single Topic)

Which of the following is not a common feature of cumulative preferred stock?

 A. Priority over common stock with regard to dilution of shares.

 B. Priority over common stock with regard to earnings.
 C. Priority over common stock with regard to dividend payment.
 D. Priority over common stock with regard to assets.

Expose Correct Answer

Answer : A

Next Question

Question 193 ( Single Topic)

Which of the following is an example of a nonfinancial internal failure quality

cost?

 A. Decreasing gross profit margins over time.

 B. Foregone contribution margin on lost sales.
 C. Defective units shipped to customers.
 D. Excessive time to convert raw materials into finished goods.

Expose Correct Answer

Answer : D

Next Question

Question 194 ( Single Topic)

A manager has difficulty motivating staff to improve productivity, despite

establishing a lucrative individual reward system. Which of the following is
most likely the cause of the difficulty?

 A. High degree of masculinity.

 B. Low uncertainty avoidance.
 C. High collectivism.
 D. Low long-term orientation.

Expose Correct Answer

Answer : C

Next Question
Question 195 ( Single Topic)

According to IIA guidance, which of the following corporate social responsibility

(CSR) evaluation activities may be performed by the internal audit activity?
1. Consult on CSR program design and implementation.
2. Serve as an advisor on CSR governance and risk management.
3. Review third parties for contractual compliance with CSR terms.
4. Identify and mitigate risks to help meet the CSR program objectives.

 A. 1, 2, and 3
 B. 1, 2, and 4
 C. 1, 3, and 4
 D. 2, 3, and 4

Expose Correct Answer

Answer : A

Next Question

Question 196 ( Single Topic)

Which of the following roles would be least appropriate for the internal audit
activity to undertake with regard to an organization's corporate social
responsibility
(CSR) program?

 A. Consult on project design and implementation of the CSR program.

 B. Serve as an advisor on internal controls related to CSR.
 C. Identify and prioritize the CSR issues that are important to the
organization.
 D. Evaluate the effectiveness of the organization's CSR efforts.

Expose Correct Answer

Answer : C

Next Question

Question 197 ( Single Topic)

Which of the following COSO internal control framework components

encompasses establishing structures, reporting lines, authorities, and
responsibilities?

 A. Control environment.
 B. Control activities.
 C. Information and communication.
  D. Monitoring.

Expose Correct Answer

Answer : A

Next Question

Question 198 ( Single Topic)

Senior management has decided to implement the Three Lines of Defense

model for risk management. Which of the following best describes senior
management's duties with regard to this model?

 A. Ensure compliance with the model.

 B. Identify management functions.
 C. Identify emerging issues.
 D. Set goals for implementation.

Expose Correct Answer

Answer : A

Next Question

Question 199 ( Single Topic)

Which of the following principles are common to both hierarchical and open
organizational structures?
1. Employees at all levels should be empowered to make decisions.
2. A supervisor's span of control should not exceed seven subordinates.
3. Responsibility should be accompanied by adequate authority.
4. A superior cannot delegate the ultimate responsibility for results.

 A. 1 and 2
 B. 1 and 4
 C. 2 and 3
 D. 3 and 4

Expose Correct Answer

Answer : D

Next Question

Question 200 ( Single Topic)

Which of the following statements about matrix organizations is false?

  A. In a matrix organization, conflict between functional and product
managers may arise.
 B. In a matrix organization, staff under dual command is more likely to
suffer stress at work.
 C. Matrix organizations offer the advantage of greater flexibility.
 D. Matrix organizations minimize costs and simplify communication.

Expose Correct Answer

Answer : D

Question 201 ( Single Topic)

Which of the following purchasing scenarios would gain the greatest benefit from implementing
electronic data interchange?

 A. A time-sensitive just-in-time purchase environment.

 B. A large volume of custom purchases.
 C. A variable volume sensitive to material cost.
 D. A currently inefficient purchasing process.

Expose Correct Answer

Answer : A

Next Question

Question 202 ( Single Topic)

Which of the following statements is true regarding outsourced business processes?

 A. Outsourced business processes should not be considered in the internal audit universe
because the controls are owned by the external service provider.
 B. Generally, independence is improved when the internal audit activity reviews outsourced
business processes.
 C. The key controls of outsourced business processes typically are more difficult to audit
because they are designed and managed externally.
 D. The system of internal controls may be better and more efficient when the business
process is outsourced compared to internally sourced.

Expose Correct Answer

Answer : D
Next Question

Question 203 ( Single Topic)

When an organization is choosing a new external auditor, which of the following is the most
appropriate role for the chief audit executive to undertake?

 A. Review and acquire the external audit service.

 B. Assess the appraisal and actuarial services.
 C. Determine the selection criteria.
 D. Identify regulatory requirements to be considered.

Expose Correct Answer

Answer : D

Next Question

Question 204 ( Single Topic)

Which of the following factors is considered a disadvantage of vertical integration?

 A. It may reduce the flexibility to change partners.

 B. It may not reduce the bargaining power of suppliers.
 C. It may limit the organization's ability to differentiate the product.
 D. It may lead to limited control of proprietary knowledge.

Expose Correct Answer

Answer : A

Next Question

Question 205 ( Single Topic)

Which of the following conditions could lead an organization to enter into a new business through
internal development rather than through acquisition?

 A. It is expected that there will be slow retaliation from incumbents.

 B. The acquiring organization has information that the selling organization is weak.
 C. The number of bidders to acquire the organization for sale is low.
 D. The condition of the economy is poor.

Expose Correct Answer

Answer : A

Next Question
Question 206 ( Single Topic)

Which of the following statements about slack time and milestones are true?
1. Slack time represents the amount of time a task may be delayed without delaying the entire
project.
2. A milestone is a moment in time that marks the completion of the project's major deliverables.
3. Slack time allows the project manager to move resources from one task to another to ensure that
the project is finished on time.
4. A milestone requires resource allocation and needs time to be completed.

 A. 1 and 4 only
 B. 2 and 3 only
 C. 1, 2, and 3 only
 D. 1, 2, 3, and 4

Expose Correct Answer

Answer : C

Next Question

Question 207 ( Single Topic)

Which of the following are typical audit considerations for a review of authentication?
1. Authentication policies and evaluation of controls transactions.
2. Management of passwords, independent reconciliation, and audit trail.
3. Control self-assessment tools used by management.
4. Independent verification of data integrity and accuracy.

 A. 1, 2, and 3
 B. 1, 2, and 4
 C. 1, 3, and 4
 D. 2, 3, and 4

Expose Correct Answer

Answer : A

Next Question

Question 208 ( Single Topic)

At what point during the systems development process should an internal auditor verify that the
new application's connectivity to the organization's other systems has been established correctly?

 A. Prior to testing the new application.

 B. During testing of the new application.
 C. During implementation of the new application.
  D. During maintenance of the new application.

Expose Correct Answer

Answer : A

Next Question

Question 209 ( Single Topic)

Which of the following is not a potential area of concern when an internal auditor places reliance on
spreadsheets developed by users?

 A. Increasing complexity over time.

 B. Interface with corporate systems.
 C. Ability to meet user needs.
 D. Hidden data columns or worksheets.

Expose Correct Answer

Answer : C

Next Question

Question 210 ( Single Topic)

According to IIA guidance, which of the following would be a primary reason for an internal
auditor to test the organization's IT contingency plan?

 A. To ensure that adequate controls exist to prevent any significant business interruptions.
 B. To identify and address potential security weaknesses within the system.
 C. To ensure that tests contribute to improvement of the program.
 D. To ensure that deficiencies identified by the audit are promptly addressed.

Expose Correct Answer

Answer : C

Question 211 ( Single Topic)

Refer to the exhibit.

If the profit margin of an organization decreases, and all else remains equal, which of the following
describes how the "Funds Needed" line in the graph below will shift?

 A. The "Funds Needed" line will remain pointed upward, but will become less steep.
 B. The "Funds Needed" line will remain pointed upward, but will become more steep.
 C. The "Funds Needed" line will point downward with a minimal slope.
 D. The "Funds Needed" line will point downward with an extreme slope.

Expose Correct Answer

Answer : B

Next Question

Question 212 ( Single Topic)

Which of the following techniques is the most relevant when an internal auditor conducts a
valuation of an organization's physical assets?

 A. Observation.
 B. Inspection.
 C. Original cost.
 D. Vouching.

Expose Correct Answer

Answer : B

Next Question

Question 213 ( Single Topic)

Which of the following is a key characteristic of a zero-based budget?

 A. A zero-based budget provides estimates of costs that would be incurred under different
levels of activity.
 B. A zero-based budget maintains focus on the budgeting process.
 C. A zero-based budget is prepared each year and requires each item of expenditure to be
justified.
 D. A zero-based budget uses input from lower-level and middle-level managers to formulate
budget plans.

Expose Correct Answer

Answer : C

Next Question

Question 214 ( Single Topic)

If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the
auditor should do which of the following?

 A. Conform with all other parts of The IIA's Standards and provide appropriate disclosures.
 B. Conform with all other parts of The IIA's Standards; there is no need to provide
appropriate disclosures.
 C. Continue the engagement without conforming with the other parts of The IIA's
Standards.
 D. Withdraw from the engagement.

Expose Correct Answer

Answer : A

Next Question

Question 215 ( Single Topic)

Which of the following physical access controls often functions as both a preventive and detective
control?

 A. Locked doors.
 B. Firewalls.
 C. Surveillance cameras.
 D. Login IDs and passwords.

Expose Correct Answer

Answer : C
Next Question

Question 216 ( More Questions.)

An organization accomplishes its goal to obtain a 40 percent share of the domestic market, but is
unable to get the desired return on investment and output per hour of labor. Based on this
information, the organization is most likely focused on which of the following?

 A. Capital investment and not marketing.

 B. Marketing and not capital investment.
 C. Efficiency and not input economy.
 D. Effectiveness and not efficiency.

Expose Correct Answer

Answer : A

Next Question

Question 217 ( More Questions.)

An organization that sells products to a foreign subsidiary wants to charge a price that will decrease
import tariffs. Which of the following is the best course of action for the organization?

 A. Decrease the transfer price.

 B. Increase the transfer price.
 C. Charge at the arm"™s length price.
 D. Charge at the optimal transfer price.

Expose Correct Answer

Answer : C

Next Question

Question 218 ( More Questions.)

An investor has acquired an organization that has a dominant position in a mature, slow-growth
industry and consistently creates positive financial income. Which of the following terms would the
investor most likely label this investment in her portfolio?

 A. A star.
 B. A cash cow.
 C. A question mark.
 D. A dog.

Expose Correct Answer

Answer : B

Reference:
https://www.businessnewsdaily.com/5693-bcg-matrix.html

Next Question

Question 219 ( More Questions.)

An organization with global headquarters in the United States has subsidiaries in eight other
nations. If the organization operates with an ethnocentric attitude, which of the following statements
is true?

 A. Standards used for evaluation and control are determined at local subsidiaries, not set by
headquarters.
 B. Orders, commands, and advice are sent to the subsidiaries from headquarters.
 C. People of local nationality are developed for the best positions within their own country.
 D. There is a significant amount of collaboration between headquarters and subsidiaries.

Expose Correct Answer

Answer : D

Next Question

Question 220 ( More Questions.)

Which of the following data security policies is most likely to be the result of a data privacy law?

 A. Access to personally identifiable information is limited to those who need it to perform

their job.
 B. Confidential data must be backed up and recoverable within a 24-hour period.
 C. Updates to systems containing sensitive data must be approved before being moved to
production.
 D. A record of employees with access to insider information must be maintained, and those
employees may not trade company stock during blackout periods.

Expose Correct Answer

Answer : A

Question 221 ( More Questions.)

A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The
manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed
manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the
following assumptions needs to be true?

 A. Fixed and variable manufacturing costs are less than the special offer selling price.
  B. The manufacturer can fulfill the order without expanding the capacities of the production
facilities.
 C. Costs related to accepting this offer can be absorbed through the sale of other products.
 D. The manufacturer's production facilities are currently operating at full capacity.

Expose Correct Answer

Answer : C

Next Question

Question 222 ( More Questions.)

Which of the following responsibilities would ordinarily fall under the help desk function of an
organization?

 A. Maintenance service items such as production support.

 B. Management of infrastructure services, including network management.
 C. Physical hosting of mainframes and distributed servers.
 D. End-to-end security architecture design.

Expose Correct Answer

Answer : A

Next Question

Question 223 ( More Questions.)

As it relates to the data analytics process, which of the following best describes the purpose of an
internal auditor who cleaned and normalized data?

 A. The auditor eliminated duplicate information.

 B. The auditor organized data to minimize useless information.
 C. The auditor made data usable for a specific purpose by ensuring that anomalies were
identified and corrected.
 D. The auditor ensured data fields were consistent and that data could be used for a specific
purpose.

Expose Correct Answer

Answer : A

Reference:
https://iaonline.theiia.org/blogs/Jim-Pelletier/2018/Pages/6-Essentials-to-Jump-start-Data-
Analytics-in-Internal-Audit.aspx

Next Question
Question 224 ( More Questions.)

Which of the following authentication device credentials is the most difficult to revoke when an
employee's access rights need to be removed?

 A. A traditional key lock.

 B. A biometric device.
 C. A card-key system.
 D. A proximity device.

Expose Correct Answer

Answer : D

Next Question

Question 225 ( More Questions.)

What is the primary purpose of data and systems backup?

 A. To restore all data and systems immediately after the occurrence of an incident.
 B. To set the maximum allowable downtime to restore systems and data after the occurrence
of an incident.
 C. To set the point in time to which systems and data must be recovered after the occurrence
of an incident.
 D. To restore data and systems to a previous point in time after the occurrence of an
incident.

Expose Correct Answer

Answer : D

Next Question

Question 226 ( More Questions.)

Which of the following IT-related activities is most commonly performed by the second line of
defense?

 A. Block unauthorized traffic.

 B. Encrypt data.
 C. Review disaster recovery test results.
 D. Provide independent assessment of IT security.

Expose Correct Answer

Answer : D
Reference:
https://chapters.theiia.org/montreal/ChapterDocuments/Guide%20pratique%20_%20Audit
%20interne%20et%202ème%20ligne%20de%20maîtrise.pdf

Next Question

Question 227 ( More Questions.)

With regard to disaster recovery planning, which of the following would most likely involve
stakeholders from several departments?

 A. Determining the frequency with which backups will be performed.

 B. Prioritizing the order in which business systems would be restored.
 C. Assigning who in the IT department would be involved in the recovery procedures.
 D. Assessing the resources needed to meet the data recovery objectives.

Expose Correct Answer

Answer : D

Next Question

Question 228 ( More Questions.)

An internal auditor observed that the organization's disaster recovery solution will make use of a
cold site in a town several miles away. Which of the following is likely to be a characteristic of this
disaster recovery solution?

 A. Data is synchronized in real time.

 B. Recovery time is expected to be less than one week.
 C. Servers are not available and need to be procured.
 D. Recovery resources and data restore processes have not been defined.

Expose Correct Answer

Answer : B

Next Question

Question 229 ( More Questions.)

During her annual performance review, a sales manager admits that she experiences significant
stress due to her job but stays with the organization because of the high bonuses she earns. Which
of the following best describes her primary motivation to remain in the job?

 A. Intrinsic reward.
 B. Job enrichment.
 C. Extrinsic reward.
 D. The hierarchy of needs.
Expose Correct Answer
Answer : C

Reference:
https://www.verywellmind.com/what-is-extrinsic-motivation-2795164

Next Question

Question 230 ( More Questions.)

What kind of strategy would be most effective for an organization to adopt in order to implement a
unique advertising campaign for selling identical product lines across all of its markets?

 A. Export strategy.
 B. Transnational strategy.
 C. Multi-domestic strategy.
 D. Globalization strategy.

Expose Correct Answer

Answer : C

Reference:
https://www.globalnegotiator.com/international-trade/dictionary/multidomestic-strategy/

Question 231 ( More Questions.)

Which of the following risks is best addressed by encryption?

 A. Information integrity risk.

 B. Privacy risk.
 C. Access risk.
 D. Software risk.

Expose Correct Answer

Answer : C

Reference:
https://www.corporatecomplianceinsights.com/encryption-what-is-it-good-for-risk-compliance/

Next Question

Question 232 ( More Questions.)

Which of the following is an example of a key systems development control typically found in the
in-house development of an application system?
  A. Logical access controls monitor application usage and generate audit trails.
 B. The development process is designed to prevent, detect, and correct errors that may
occur.
 C. A record is maintained to track the process of data from input, to output, to storage.
 D. Business users"™ requirements are documented, and their achievement is monitored.

Expose Correct Answer

Answer : C

Next Question

Question 233 ( More Questions.)

When using data analytics during a review of the procurement process, what is the first step in the
analysis process?

 A. Identify data anomalies and outliers.

 B. Define questions to be answered.
 C. Identify data sources available.
 D. Determine the scope of the data extract.

Expose Correct Answer

Answer : D

Next Question

Question 234 ( More Questions.)

According to IIA guidance, which of the following statements is true regarding analytical
procedures?

 A. Data relationships are assumed to exist and to continue where no known conflicting
conditions exist.
 B. Analytical procedures are intended primarily to ensure the accuracy of the information
being examined.
 C. Data relationships cannot include comparisons between operational and statistical data.
 D. Analytical procedures can be used to identify unexpected differences, but cannot be used
to identify the absence of differences.

Expose Correct Answer

Answer : B

Next Question

Question 235 ( More Questions.)

Which of the following physical access controls is most likely to be based on "something you have"
concept?

 A. A retina characteristics reader.

 B. A PIN code reader.
 C. A card-key scanner.
 D. A fingerprint scanner.

Expose Correct Answer

Answer : D

Next Question

Question 236 ( More Questions.)

What is the primary purpose of an integrity control?

 A. To ensure data processing is complete, accurate, and authorized.

 B. To ensure data being processed remains consistent and intact.
 C. To monitor the effectiveness of other controls.
 D. To ensure the output aligns with the intended result.

Expose Correct Answer

Answer : B

Reference:
https://phoenixnap.com/blog/what-data-integrity

Next Question

Question 237 ( More Questions.)

An organization uses the management-by-objectives method, whereby employee performance is

based on defined goals. Which of the following statements is true regarding this approach?

 A. It is particularly helpful to management when the organization is facing rapid change.

 B. It is a more successful approach when adopted by mechanistic organizations.
 C. It is more successful when goal-setting is performed not only by management, but by all
team members, including lower-level staff.
 D. It is particularly successful in environments that are prone to having poor employer-
employee relations.

Expose Correct Answer

Answer : D
Next Question

Question 238 ( More Questions.)

Which of the following is a disadvantage in a centralized organizational structure?

 A. Communication conflicts.
 B. Slower decision making.
 C. Loss of economies of scale.
 D. Vulnerabilities in sharing knowledge.

Expose Correct Answer

Answer : B

Reference:
https://smallbusiness.chron.com/disadvantages-centralized-control-business-20670.html

Next Question

Question 239 ( More Questions.)

An organization's account for office supplies on hand had a balance of $9,000 at the end of year
one. During year two, the organization recorded an expense of
$45,000 for purchasing office supplies. At the end of year two, a physical count determined that the
organization has $11,500 in office supplies on hand. Based on this information, what would be
recorded in the adjusting entry at the end of year two?

 A. A debit to office supplies on hand for $2,500

 B. A debit to office supplies on hand for $11,500
 C. A debit to office supplies on hand for $20,500
 D. A debit to office supplies on hand for $42,500

Expose Correct Answer

Answer : C

Next Question

Question 240 ( More Questions.)

According to IIA guidance on IT, which of the following plans would pair the identification of
critical business processes with recovery time objectives?

 A. The business continuity management charter.

 B. The business continuity risk assessment plan.
 C. The business impact analysis plan.
 D. The business case for business continuity planning.
Expose Correct Answer
Answer : C

Reference:
https://searchitchannel.techtarget.com/feature/Business-impact-analysis-for-business-continuity-
Recovery-time-requirements

Question 241 ( More Questions.)

According to IIA guidance on IT, which of the following would be considered a primary control for
a spreadsheet to help ensure accurate financial reporting?

 A. Formulas and static data are locked or protected.

 B. The spreadsheet is stored on a network server that is backed up daily.
 C. The purpose and use of the spreadsheet are documented.
 D. Check-in and check-out software is used to control versions.

Expose Correct Answer

Answer : A

Next Question

Question 242 ( More Questions.)

An organization requires an average of 58 days to convert raw materials into finished products to
sell. An average of 42 additional days is required to collect receivables. If the organization takes an
average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?

 A. 26 days.
 B. 90 days.
 C. 100 days.
 D. 110 days.

Expose Correct Answer

Answer : D

Next Question

Question 243 ( More Questions.)

Which of the following statements is true regarding a bring-your-own-device (BYOD)

environment?

 A. There is a greater need for organizations to rely on users to comply with policies and
procedures.
  B. With fewer devices owned by the organization, there is reduced need to maintain
documented policies and procedures.
 C. Incident response times are less critical in the BYOD environment, compared to a
traditional environment.
 D. There is greater sharing of operational risk in a BYOD environment.

Expose Correct Answer

Answer : A

Next Question

Question 244 ( More Questions.)

Which of the following statements is true regarding data backup?

 A. System backups should always be performed real time.

 B. Backups should be stored in a secured location onsite for easy access.
 C. The tape rotation schedule affects how long data is retained.
 D. Backup media should be restored only in case of a hardware or software failure.

Expose Correct Answer

Answer : D

Next Question

Question 245 ( More Questions.)

Which of the following statements is most accurate concerning the management and audit of a web
server?

 A. The file transfer protocol (FTP) should always be enabled.

 B. The simple mail transfer protocol (SMTP) should be operating under the most privileged
accounts.
 C. The number of ports and protocols allowed to access the web server should be
maximized.
 D. Secure protocols for confidential pages should be used instead of clear-text protocols
such as HTTP or FTP.

Expose Correct Answer

Answer : D

Next Question

Question 246 ( More Questions.)

Which of the following statements is true regarding managerial accounts?

 A. They must be prepared at least on a monthly basis.

 B. They should be verifiable by external auditors.
 C. They should be easily understandable by all management team members.
 D. They should exclusively meet the needs of the user.

Expose Correct Answer

Answer : B

Next Question

Question 247 ( More Questions.)

A retail organization mistakenly did not include $10,000 of inventory in the physical count at the
end of the year. What was the impact to the organization's financial statements?

 A. Cost of sales and net income are understated.

 B. Cost of sales and net income are overstated.
 C. Cost of sales is understated and net income is overstated.
 D. Cost of sales is overstated and net income is understated.

Expose Correct Answer

Answer : A

Next Question

Question 248 ( More Questions.)

According to IIA guidance on IT, which of the following controls the routing of data packets to link
computers?

 A. Operating system.
 B. Control environment.
 C. Network.
 D. Application program code.

Expose Correct Answer

Answer : C

Next Question

Question 249 ( More Questions.)

Which of the following is an example of an application control?

  A. Automated password change requirements.
 B. System data backup process.
 C. User testing of system changes.
 D. Formatted data fields.

Expose Correct Answer

Answer : D

Reference:
https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%208%20-%20Auditing
%20application%20controls.pdf

Next Question

Question 250 ( More Questions.)

An internal auditor is using data analytics to focus on high-risk areas during an engagement. The
auditor has obtained data and is working to eliminate redundancies in the data. Which of the
following statements is true regarding this scenario?

 A. The auditor is normalizing data in preparation for analyzing it.

 B. The auditor is analyzing the data in preparation for communicating the results.
 C. The auditor is cleaning the data in preparation for determining which processes may be
involved.
 D. The auditor is reviewing the data prior to defining the question.

Expose Correct Answer

Answer : A

Question 251( More Questions.)

An internal auditor was asked to review an equal equity partnership. In one sampled transaction,
Partner A transferred equipment into the partnership with a self- declared value of $10,000, and
Partner B contributed equipment with a self-declared value of $15,000. The capital accounts of each
partner were subsequently credited with $12,500. Which of the following statements is true
regarding this transaction?

 A. The capital accounts of the partners should be increased by the original cost of the
contributed equipment.
 B. The capital accounts should be increased using a weighted average based on the current
percentage of ownership.
 C. No action is needed, as the capital account of each partner was increased by the correct
amount.
 D. The capital accounts of the partners should be increased by the fair market value of their
contribution.
Expose Correct Answer
Answer : C

Next Question

Question 252 ( More Questions.)

Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss
of data if there was a disaster at its data center. Which of the following test results would likely lead
the auditor to this conclusion?

 A. Requested backup tapes were not returned from the offsite vendor in a timely manner.
 B. Returned backup tapes from the offsite vendor contained empty spaces.
 C. Critical systems have been backed up more frequently than required.
 D. Critical system backup tapes are taken off site less frequently than required

Expose Correct Answer

Answer : A

Next Question

Question 253 ( More Questions.)

Which of the following is a systems software control?

 A. Restricting server room access to specific individuals.

 B. Housing servers with sensitive software away from environmental hazards.
 C. Ensuring that all user requirements are documented.
 D. Performing of intrusion testing on a regular basis.

Expose Correct Answer

Answer : C

Reference:
https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%201%20-%20Information
%20technology%20controls_2nd%20ed.pdf

Next Question

Question 254 ( More Questions.)

An organization has an established bring-your-own-device policy. Due to this policy, which of the
following privacy risks would be most relevant to the organization?
  A. Employees who consider updates of software or operating systems degrading to the
performance of their devices might choose not to install the updates.
 B. Confidential intellectual property of the organization may be compromised if the smart
device is physically lost.
 C. Concern by employees that the organization could intrusively monitor them through their
smart devices.
 D. Malware may infect smart devices that contain the organization's confidential data if the
device does not have adequate security restrictions.

Expose Correct Answer

Answer : B

Next Question

Question 255 ( More Questions.)

An internal auditor found the following information while reviewing the monthly financial
statements for a wholesaler of safety glasses:
Opening inventory: 1,000 units at $2 per unit
Purchased: 5,000 units at $3 per unit
Sold: 3,000 units at $7 per unit
The cost of goods sold was reported at $8,500. Which of the following inventory methods was used
to derive this value?

 A. Average cost method.

 B. First-in, first-out (FIFO) method.
 C. Specific identification method.
 D. Activity-based costing method.

Expose Correct Answer

Answer : D

Next Question

Question 256 ( More Questions.)

Which of the following capital budgeting techniques considers the expected total net cash flows
from investment?

 A. Cash payback.
 B. Annual rate of return.
 C. Incremental analysis.
 D. Net present value.

Expose Correct Answer

Answer : C

Reference:
https://castudyweb.com/wp-content/uploads/2019/05/Financial-Management-Module-II.pdf

Next Question

Question 257 ( More Questions.)

A rapidly expanding retail organization continues to be tightly controlled by its original small
management team. Which of the following is a potential risk in this vertically centralized
organization?

 A. Lack of coordination among different business units.

 B. Operational decisions are inconsistent with organizational goals.
 C. Suboptimal decision-making.
 D. Duplication of business activities.

Expose Correct Answer

Answer : C

Next Question

Question 258 ( More Questions.)

Which of the following statements is true regarding the capital budgeting procedure known as
discounted payback period?

 A. It calculates the overall value of a project.

 B. It ignores the time value of money.
 C. It calculates the time a project takes to break even.
 D. It begins at time zero for the project.

Expose Correct Answer

Answer : C

Reference:
https://www.investopedia.com/terms/d/discounted-payback-period.asp#:~:text=The%20discounted
%20payback%20period%20is,the%20time%20value
%20of%20money

Next Question

Question 259 ( More Questions.)

Which of the following is classified as a product cost using the variable costing method?
1. Direct labor costs.
2. Insurance on a factory.
3. Manufacturing supplies.
4. Packaging and shipping costs.

 A. 1 and 2.
 B. 1 and 3.
 C. 2 and 4.
 D. 3 and 4.

Expose Correct Answer

Answer : D

Next Question

Question 260 ( More Questions.)

An organization has 1,000 units of a defect item in stock. Per unit, market price is $10; production
cost is $4; and the defect selling price is $5. What is the carrying amount (inventory value) of
defects at year end?

 A. $0
 B. $4,000
 C. $5,000
 D. $10,000

Expose Correct Answer

Answer : B

Question 261 ( More Questions.)

Which of the following situations best applies to an organization that uses a

project, rather than a process, to accomplish its business activities?

 A. A clothing company designs, makes, and sells a new item.

 B. A commercial construction company is hired to build a warehouse.
 C. A city department sets up a new firefighter training program.
 D. A manufacturing organization acquires component parts from a
contracted vendor.

Expose Correct Answer

Answer : B

Next Question

Question 262 ( More Questions.)

At an organization that uses a periodic inventory system, the accountant
accidentally understated the organization's beginning inventory. How would
the accountant's accident impact the income statement?

 A. Cost of goods sold will be understated and net income will be

overstated.
 B. Cost of goods sold will be overstated and net income will be
understated.
 C. Cost of goods sold will be understated and there will be no impact on
net income.
 D. There will be no impact on cost of goods sold and net income will be
overstated.

Expose Correct Answer

Answer : C

Next Question

Question 263 ( More Questions.)

An internal auditor identified a database administrator with an incompatible

dual role. Which of the following duties should not be performed by the
identified administrator?

 A. Designing and maintaining the database.

 B. Preparing input data and maintaining the database.
 C. Maintaining the database and providing its security.
 D. Designing the database and providing its security.

Expose Correct Answer

Answer : B

Next Question

Question 264 ( More Questions.)

Which of the following application controls is the most dependent on the

password owner?

 A. Password selection.
 B. Password aging.
 C. Password lockout.
 D. Password rotation.
Expose Correct Answer
Answer : D

Next Question

Question 265 ( More Questions.)

According to Herzberg's Two-Factor Theory of Motivation, which of the

following factors are mentioned most often by satisfied employees?

 A. Salary and status.

 B. Responsibility and advancement.
 C. Work conditions and security.
 D. Peer relationships and personal life.

Expose Correct Answer

Answer : C

Reference:
https://www.mindtools.com/pages/article/herzberg-motivators-hygiene-
factors.htm

Next Question

Question 266 ( More Questions.)

Which of the following best explains why an organization would enter into a
capital lease contract?

 A. To increase the ability to borrow additional funds from creditors.

 B. To reduce the organization's free cash flow from operations.
 C. To improve the organization's free cash flow from operations.
 D. To acquire the asset at the end of the lease period at a price lower
than the fair market value.

Expose Correct Answer

Answer : D

Next Question

Question 267 ( More Questions.)

When management uses the absorption costing approach, fixed manufacturing

overhead costs are classified as which of the following types of costs?

 A. Direct product costs.

 B. Indirect product costs.
  C. Direct period costs.
 D. Indirect period costs.

Expose Correct Answer

Answer : A

Reference:
https://www.investopedia.com/terms/a/absorptioncosting.asp

Next Question

Question 268 ( More Questions.)

Which of the following is a result of implementing an e-commerce system,

which relies heavily on electronic data interchange and electronic funds
transfer, for purchasing and billing?

 A. Higher cash flow and treasury balances.

 B. Higher inventory balances.
 C. Higher accounts receivable
 D. Higher accounts payable.

Expose Correct Answer

Answer : D

Next Question

Question 269 ( More Questions.)

Which of the following focuses on finding statistical relationships in order to

create profiles?

 A. Process mining.
 B. Process analysis.
 C. Data mining.
 D. Data analysis.

Expose Correct Answer

Answer : D

Reference:
https://www.researchgate.net/profile/Mohamed_Hammad11/post/What_instrum
ent_is_used_to_analyze_qualitative_descriptive_data/
attachment/59d659ca79197b80779af218/AS
%3A543750520664064%401506651634578/download/CHAPTER+6-
+DATA+ANALYSIS+AND
+INTERPRETATION.pdf

Next Question

Question 270 ( More Questions.)

Which of the following controls helps protect externally stored sensitive or

confidential data from cyberthreats?

 A. Secure configurations and access controls.

 B. Strong vendor contracts with control reports provided by service
organizations.
 C. Active and frequent monitoring of network traffic activities.
 D. Firewalls to block unauthorized processing of transactions.

Expose Correct Answer

Answer : C

Next Question
Page: 27 / 63
Exam contains 621 questions
Q's per page:
10
30 50
100
621
COLLAPSE ALL

Question 271 ( More Questions.)

According to IIA guidance, which of the following best describes an adequate management (audit)
trail application control for the general ledger?

 A. Report identifying data that is outside of system parameters.

 B. Report identifying general ledger transactions by time and individual.
 C. Report comparing processing results with original input.
 D. Report confirming that the general ledger data was processed without error.

Expose Correct Answer

Answer : C

Next Question

Question 272 ( More Questions.)

Which of the following is the best example of a compliance risk that is likely to arise when adopting
a bring-your-own-device (BYOD) policy?

 A. The risk that users try to bypass controls and do not install required software updates.
 B. The risk that smart devices can be lost or stolen due to their mobile nature.
 C. The risk that an organization intrusively monitors personal information stored on smart
devices.
 D. The risk that proprietary information is not deleted from the device when an employee
leaves.

Expose Correct Answer

Answer : A

Next Question

Question 273 ( More Questions.)

Which of the following describes the most effective control that restricts access to secure areas?

 A. Employee security policy.

 B. Access log reviews.
 C. Biometric authorization.
 D. Security cameras.

Expose Correct Answer

Answer : C

Next Question

Question 274 ( More Questions.)

Which type of bond sells at a discount from face value, then increases in value annually until it
reaches maturity and provides the owner with the total payoff?

 A. High-yield bonds.
 B. Commodity-backed bonds.
 C. Zero coupon bonds.
 D. Junk bonds.

Expose Correct Answer

Answer : C

Reference:
https://www.investopedia.com/terms/z/zero-couponbond.asp
Next Question

Question 275 ( More Questions.)

In an organization that produces chocolate, the leadership team decides that the organization will
open a milk production facility for its milk chocolate. Which of the following strategies has the
organization chosen?

 A. Vertical integration.
 B. Unrelated diversification.
 C. Differentiation.
 D. Focus.

Expose Correct Answer

Answer : A

Next Question

Question 276 ( More Questions.)

An internal auditor is assessing the risks related to an organization's mobile device policy. She notes
that the organization allows third parties (vendors and visitors) to use outside smart devices to
access its proprietary networks and systems. Which of the following types of smart device risks
should the internal auditor be most concerned about?

 A. Compliance.
 B. Privacy.
 C. Strategic.
 D. Physical security.

Expose Correct Answer

Answer : A

Next Question

Question 277 ( More Questions.)

Which of the following types of data analytics would be used by a hospital to determine which
patients are likely to require readmittance for additional treatment?

 A. Predictive analytics.
 B. Prescriptive analytics.
 C. Descriptive analytics.
 D. Diagnostic analytics.
Expose Correct Answer
Answer : A

Reference:
https://www.healthcareitnews.com/sponsored-content/predictive-analytics-used-help-large-hospital-
group-reduce-readmission-rates

Next Question

Question 278 ( More Questions.)

The audit committee has asked the internal audit activity to integrate data analytics into all work
programs going forward. To accomplish this, which of the following describes the first step an audit
team should take when planning for an audit?

 A. Ensure that there are sufficient audit resources or train personnel in data analytics.
 B. Obtain and assess as much data as possible for the audit.
 C. Identify the business question or need, data required, and expected results.
 D. Gain management's approval and willingness to accept audit findings based on data
analytics.

Expose Correct Answer

Answer : C

Next Question

Question 279 ( More Questions.)

Which of the following is a project planning methodology that involves a complex series of
required simulations to provide information about schedule risk?

 A. Monte Carlo Analysis.

 B. Project Management Information System (PMIS)
 C. Earned Value Management (EVM).
 D. Integrated Project Plan.

Expose Correct Answer

Answer : A

Reference:
https://opentextbc.ca/projectmanagement/chapter/chapter-16-risk-management-planning-project-
management/

Next Question

Question 280 ( More Questions.)

Which of the following is improved by the use of smart devices?

 A. Version control.
 B. Privacy.
 C. Portability.
 D. Secure authentication

Expose Correct Answer

Answer : C

Question 281 ( More Questions.)

An internal auditor considers the financial statement of an organization as part of a financial

assurance engagement. The auditor expresses the organization's electricity and depreciation
expenses as a percentage of revenue to be 10% and 7% respectively. Which of the following
techniques was used by the internal auditor in this calculation?

 A. Horizontal analysis.
 B. Vertical analysis.
 C. Ratio analysis.
 D. Trend analysis.

Expose Correct Answer

Answer : C

Next Question

Question 282 ( More Questions.)

Which of the following is a primary driver behind the creation and prioritization of new strategic
initiatives established by an organization?

 A. Risk tolerance.
 B. Performance.
 C. Threats and opportunities.
 D. Governance.

Expose Correct Answer

Answer : D

Next Question

Question 283 ( More Questions.)

Which of the following risks would involve individuals attacking an oil company's IT system as a
sign of solidarity against drilling in a local area?

 A. Tampering.
 B. Hacking.
 C. Phishing.
 D. Piracy.

Expose Correct Answer

Answer : B

Next Question

Question 284 ( More Questions.)

With regard to project management, which of the following statements about project crashing is
true?

 A. It leads to an increase in risk and often results in rework.

 B. It is an optimization technique where activities are performed in parallel rather than
sequentially.
 C. It involves a revaluation of project requirements and/or scope.
 D. It is a compression technique in which resources are added to the project.

Expose Correct Answer

Answer : D

Reference:
https://www.simplilearn.com/fast-tracking-vs-crashing-article#:~:text=What%20is%20Crashing
%3F,for%20the%20least%20cost%20possible

Next Question

Question 285 ( More Questions.)

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the

following policies best addresses the increased risk to the organization's network incurred by this
environment?

 A. Limit the use of the employee devices for personal use to mitigate the risk of exposure to
organizational data.
 B. Ensure that relevant access to key applications is strictly controlled through an approval
and review process.
 C. Institute detection and authentication controls for all devices used for network
connectivity and data storage.
 D. Use management software to scan and then prompt patch reminders when devices
connect to the network.
Expose Correct Answer
Answer : D

Next Question

Question 286 ( More Questions.)

Which of the following is true of matrix organizations?

 A. A unity-of-command concept requires employees to report technically, functionally, and

administratively to the same manager.
 B. A combination of product and functional departments allows management to utilize
personnel from various functions.
 C. Authority, responsibility, and accountability of the units involved may vary based on the
project's life, or the organization's culture.
 D. It is best suited for firms with scattered locations or for multi-line, large-scale firms.

Expose Correct Answer

Answer : B

Reference:
https://www.referenceforbusiness.com/encyclopedia/Man-Mix/Matrix-Management-and-
Structure.html

Next Question

Question 287 ( More Questions.)

Which of the following would most likely be found in an organization that uses a decentralized
organizational structure?

 A. There is a higher reliance on organizational culture.

 B. There are clear expectations set for employees.
 C. There are electronic monitoring techniques employed.
 D. There is a defined code for employee behavior.

Expose Correct Answer

Answer : B

Next Question

Question 288 ( More Questions.)

A new manager received computations of the internal rate of return regarding his project proposal.
What should the manager compare the computation results to in order to determine whether the
project is potentially acceptable?

 A. Compare to the annual cost of capital.

 B. Compare to the annual interest rate.
 C. Compare to the required rate of return
 D. Compare to the net present value.

Expose Correct Answer

Answer : D

Next Question

Question 289 ( More Questions.)

Which of the following statements is true regarding cost-volume-profit analysis?

 A. Contribution margin is the amount remaining from sales revenue after fixed expenses
have been deducted.
 B. Breakeven point is the amount of units sold to cover variable costs.
 C. Breakeven occurs when the contribution margin covers fixed costs.
 D. Following breakeven, net operating income will increase by the excess of fixed costs less
the variable costs per units sold.

Expose Correct Answer

Answer : A

Reference:
https://courses.lumenlearning.com/acctmgrs/chapter/5-3-the-contribution-margin-income-
statement/#:~:text=The%20contribution%20margin%
20represents%20sales,%2C%20the%20name%20contribution%20margin

Next Question

Question 290 ( More Questions.)

A technology developer has entered a two-year contract with another organization to design new
software. According to IIA guidance, which of the following provisions of this agreement would be
the most effective to protect the developer's product knowledge and expertise?

 A. The right to audit.

 B. A performance measurement system.
 C. Defined roles and responsibilities.
 D. Intellectual property rights.
Expose Correct Answer
Answer : D

Question 291 ( More Questions.)

Which of the following statements is true regarding the data dictionary?

 A. The data dictionary includes system tables and program files of a

database.
 B. The data dictionary describes the content of information stored in the
database.
 C. The data dictionary specifies objects such as users, permissions, and
groups.
 D. The data dictionary includes system backup and encryption keys.

Expose Correct Answer

Answer : B

Reference:
https://docs.oracle.com/cd/B10501_01/server.920/a96524/c05dicti.htm

Next Question

Question 292 ( More Questions.)

Which of the following statements is true regarding the "management-by-

objectives" method?

 A. Management by objectives is most helpful in organizations that have

rapid changes.
 B. Management by objectives is most helpful in mechanistic
organizations with rigidly defined tasks.
 C. Management by objectives helps organizations to keep employees
motivated.
 D. Management by objectives helps organizations to distinguish clearly
strategic goals from operational goals.

Expose Correct Answer

Answer : D

Reference:
https://www.investopedia.com/terms/m/management-by-objectives.asp
Next Question

Question 293 ( More Questions.)

The head of the research and development department at a manufacturing

organization believes that his team lacks expertise in some areas, and he
decides to hire more experienced researchers to assist in the development of a
new product. Which of the following variances are likely to occur as the result
of this decision?
1. Favorable labor efficiency variance.
2. Adverse labor rate variance.
3. Adverse labor efficiency variance.
4. Favorable labor rate variance.

 A. 1 and 2.
 B. 1 and 4.
 C. 3 and 4.
 D. 2 and 3.

Expose Correct Answer

Answer : C

Next Question

Question 294 ( More Questions.)

According to Maslow's hierarchy of needs theory, which of the following best

describes a strategy where a manager offers an assignment to a subordinate
specifically to support his professional growth and future advancement?

 A. Esteem by colleagues.
 B. Self-fulfillment.
 C. Sense of belonging in the organization.
 D. Job security.

Expose Correct Answer

Answer : D

Reference:
https://opentextbc.ca/businessopenstax/chapter/maslows-hierarchy-of-needs/

Next Question

Question 295 ( More Questions.)

An organization allows employees to use their personal mobile devices to
access its database. Which of the following best maintains the confidentiality of
different records within the database?

 A. Regular remote wiping of the mobile devices accessing the database.

 B. Encrypted data transmissions between mobile devices and the
database.
 C. Restrictions on the access permissions when mobile devices are used.
 D. The use of two-factor authentication algorithms for those who use
remote access.

Expose Correct Answer

Answer : B

Next Question

Question 296 ( More Questions.)

According to IIA guidance on IT, which of the following best describes a

situation where data backup plans exist to ensure that critical data can be
restored at some point in the future, but recovery and restore processes have
not been defined?

 A. Hot recovery plan.

 B. Warm recovery plan.
 C. Cold recovery plan.
 D. Absence of recovery plan.

Expose Correct Answer

Answer : C

Next Question

Question 297 ( More Questions.)

Which of the following describes the most appropriate set of tests for auditing a
workstation's logical access controls?

 A. Review the list of people with access badges to the room containing
the workstation and a log of those who accessed the room.
 B. Review the password length, frequency of change, and list of users for
the workstation's login process.
 C. Review the list of people who attempted to access the workstation and
failed, as well as error messages.
 D. Review the passwords of those who attempted unsuccessfully to
access the workstation and the log of their activity.
Expose Correct Answer
Answer : B

Next Question

Question 298 ( More Questions.)

During which phase of the contracting process are contracts drafted for a
proposed business activity?

 A. Initiation phase.
 B. Bidding phase.
 C. Development phase.
 D. Management phase.

Expose Correct Answer

Answer : A

Next Question

Question 299 ( More Questions.)

Which of the following is an example of a smart device security control

intended to prevent unauthorized users from gaining access to a device's data
or applications?

 A. Anti-malware software.
 B. Authentication.
 C. Spyware.
 D. Rooting.

Expose Correct Answer

Answer : B

Next Question

Question 300 ( More Questions.)

According to IIA guidance on IT, which of the following strategies would provide
the most effective access control over an automated point-of-sale system?

 A. Install and update anti-virus software.

 B. Implement data encryption techniques.
 C. Set data availability by user need.
 D. Upgrade firewall configuration.
Expose Correct Answer
Answer : C

Next Question
Page: 30 / 63
Exam contains 621 questions
Q's per page:
10
30 50
100
621
COLLAPSE ALL

Question 301( More Questions.)

According to IIA guidance, which of the following statements is true with regard
to workstation computers that access company information stored on the
network?

 A. Individual workstation computer controls are not as important as

companywide server controls.
 B. Particular attention should be paid to housing workstations away from
environmental hazards.
 C. Cybersecurity issues can be controlled at an enterprise level, making
workstation level controls redundant.
 D. With security risks near an all-time high, workstations should not be
connected to the company network.

Expose Correct Answer

Answer : C

Next Question

Question 302 ( More Questions.)

How do data analysis technologies affect internal audit testing?

 A. They improve the effectiveness of spot check testing techniques.

 B. They allow greater insight into high risk areas.
 C. They reduce the overall scope of the audit engagement.
 D. They increase the internal auditor's objectivity.
Expose Correct Answer
Answer : B

Next Question

Question 303 ( More Questions.)

For employees, the primary value of implementing job enrichment is which of

the following?

 A. Validation of the achievement of their goals and objectives.

 B. Increased knowledge through the performance of additional tasks.
 C. Support for personal growth and a meaningful work experience.
 D. An increased opportunity to manage better the work done by their
subordinates.

Expose Correct Answer

Answer : C

Reference:
https://na.theiia.org/about-us/Public%20Documents/Esther%20R
%20%20Sawyer%20Research%20Manuscript%207-26-11-Rachel%20Bond.pdf

Next Question

Question 304 ( More Questions.)

Which of the following bring-your-own-device (BYOD) practices is likely to

increase the risk of infringement on local regulations, such as copyright or
privacy laws?

 A. Not installing anti-malware software.

 B. Updating operating software in a haphazard manner.
 C. Applying a weak password for access to a mobile device.
 D. Jailbreaking a locked smart device.

Expose Correct Answer

Answer : A

Next Question

Question 305 ( More Questions.)

According to IIA guidance, which of the following would be the best first step to
manage risk when a third party is overseeing the organization's network and
data?
  A. Creating a comprehensive reporting system for vendors to
demonstrate their ongoing due diligence in network operations.
 B. Drafting a strong contract that requires regular vendor control reports
and a right-to-audit clause.
 C. Applying administrative privileges to ensure right-to-access controls
are appropriate.
 D. Creating a standing cybersecurity committee to identify and manage
risks related to data security.

Expose Correct Answer

Answer : D

Next Question

Question 306 ( More Questions.)

Which of the following is a security feature that involves the use of hardware
and software to filter or prevent specific information from moving between the
inside network and the outside network?

 A. Authorization.
 B. Architecture model.
 C. Firewall.
 D. Virtual private network

Expose Correct Answer

Answer : A

Next Question

Question 307 ( More Questions.)

Which of the following is most important for an internal auditor to check with
regard to the database version?

 A. Verify whether the organization uses the most recent database

software version.
 B. Verify whether the database software version is supported by the
vendor.
 C. Verify whether the database software version has been recently
upgraded.
 D. Verify whether access to database version information is appropriately
restricted.

Expose Correct Answer

Answer : C

Next Question

Question 308 ( More Questions.)

Which of the following is an advantage of a decentralized organizational

structure, as opposed to a centralized structure?

 A. Greater cost-effectiveness,
 B. Increased economies of scale.
 C. Larger talent pool.
 D. Strong internal controls.

Expose Correct Answer

Answer : A

Reference:
https://www.economicsdiscussion.net/management/advantages-and-
disadvantages-of-decentralization/31848

Next Question

Question 309 ( More Questions.)

Which of the following is an example of a physical control?

 A. Providing fire detection and suppression equipment.

 B. Establishing a physical security policy and promoting it throughout the
organization.
 C. Performing business continuity and disaster recovery planning.
 D. Keeping an offsite backup of the organization's critical data.

Expose Correct Answer

Answer : B

Next Question

Question 310 ( More Questions.)

Which of the following contract concepts is typically given in exchange for the
execution of a promise?

 A. Lawfulness.
 B. Consideration
 C. Agreement
 D. Discharge.
Expose Correct Answer
Answer : B

Reference:
https://law.jrank.org/pages/5690/Contracts-Elements-Contract.html

Next Question
Page: 31 / 63
Exam contains 621 questions
Q's per page:
10
30 50
100
621
COLLAPSE ALL

Question 311 ( More Questions.)

Which of the following IT layers would require the organization to maintain

communication with a vendor in a tightly controlled and monitored manner?

 A. Applications.
 B. Technical infrastructure.
 C. External connections.
 D. IT management.

Expose Correct Answer

Answer : C

Next Question

Question 312 ( More Questions.)

Which of the following is the most appropriate way to record each partner's
initial investment in a partnership?

 A. At the value agreed upon by the partners.

 B. At book value.
 C. At fair value.
 D. At the original cost.
Expose Correct Answer
Answer : A

Reference:
https://www.slideshare.net/ArthikDavianti/accounting-for-partnership-46681465

Next Question

Question 313 ( More Questions.)

An internal auditor reviews a data population and calculates the mean, median,
and range.

What is the most likely purpose of performing this analytic technique?

 A. To inform the classification of the data population.

 B. To determine the completeness and accuracy of the data.
 C. To identify whether the population contains outliers.
 D. To determine whether duplicates in the data inflate the range.

Expose Correct Answer

Answer : C

Next Question

Question 314 ( More Questions.)

Which of the following analytical techniques would an internal auditor use to

verify that none of an organization's employees are receiving fraudulent
invoice payments?

 A. Perform gap testing.

 B. Join different data sources.
 C. Perform duplicate testing.
 D. Calculate statistical parameters.

Expose Correct Answer

Answer : D

Next Question

Question 315 ( More Questions.)

Which of the following statements is true concerning the basic accounting

treatment of a partnership?
  A. The initial investment of each partner should be recorded at book
value.
 B. The ownership ratio identifies the basis for dividing net income and
net loss.
 C. A partner's capital only changes due to net income or net loss.
 D. The basis for sharing net incomes or net losses must be fixed.

Expose Correct Answer

Answer : B

Next Question

Question 316 ( More Questions.)

An organization allows employees to use mobile devices for business purposes.

Which of the following could cause decreased employee productivity in case of

data loss?

 A. Malware resulting in data leakage.

 B. Exposure of sensitive data.
 C. Lack of data encryption.
 D. Lack of data back up.

Expose Correct Answer

Answer : D

Next Question

Question 317 ( More Questions.)

Which of the following is a characteristic of big data?

 A. Big data is often structured.

 B. Big data analytic results often need to be visualized.
 C. Big data is often generated slowly and is highly variable.
 D. Big data comes from internal sources kept in data warehouses.

Expose Correct Answer

Answer : C

Next Question

Question 318 ( More Questions.)

Senior management is trying to decide whether to use the direct write-off or
allowance method for recording bad debt on accounts receivables.

Which of the following would be the best argument for using the direct write-off
method?

 A. It is useful when losses are considered insignificant.

 B. It provides a better alignment with revenue.
 C. It is the preferred method according to The IIA.
 D. It states receivables at net realizable value on the balance sheet.

Expose Correct Answer

Answer : B

Next Question

Question 319 ( More Questions.)

Which of the following performance measures disincentivizes engaging in

earnings management?

 A. Linking performance to profitability measures such as return on

investment.
 B. Linking performance to the stock price.
 C. Linking performance to quotas such as units produced.
 D. Linking performance to nonfinancial measures such as customer
satisfaction and employees training.

Expose Correct Answer

Answer : A

Next Question

Question 320 ( More Questions.)

An organization's board of directors is particularly focused on positioning the

organization as a leader in the industry and beating the competition.

Which of the following strategies offers the greatest alignment with the board's
focus?

 A. Divesting product lines expected to have negative profitability.

 B. Increasing the diversity of strategic business units.
 C. Increasing investment in research and development for a new
product.
 D. Relocating the organization's manufacturing to another country.
Expose Correct Answer
Answer : B

Question 321 ( More Questions.)