IIA-CIA-Part3 Questions and Answers

An organization selected a differentiation strategy to compete at the business level. Which of the following structures best fits this strategic choice?

An organization discovered fraudulent activity involving the employee time-tracking system. One employee regularly docked in and clocked out her co-worker friends on their days off, inflating their reported work hours and increasing their wages. Which of the following physical authentication devices would be most effective at disabling this fraudulent scheme?

Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25.000 shirts. Actual sales total S300.000. What is margin of safety sales for the company?

On the last day of the year, a total cost of S 150.000 was incurred in indirect labor related to one of the key products an organization makes. How should the expense be reported on that year's financial statements?

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?

Which of the following types of date analytics would be used by a hospital to determine which patients are likely to require remittance for additional treatment?

Which of the following statements distinguishes a router from a typical switch?

During a review of the accounts payable process, an internal auditor gathered all of the vendor payment transactions for the past 24 months. The auditor then used an Analytics tool to identify the top five vendors that received the highest sum of payments. Which of the following analytics techniques did the auditor apply?

Which of the following is a characteristic of big data?

An internal auditor has requested the organizational chart in order to evaluate the control environment of an organization. Which of the following is a disadvantage of using the organizational chart?

An organization and its trading partner rely on a computer-to-computer exchange of digital business documents. Which of the following best describes this scenario?

When evaluating the help desk services provided by a third-party service provider which of the following is likely to be the internal auditor's greatest concern?

Which of the following organization structures would most likely be able to cope with rapid changes and uncertainties?

According to IIA guidance, which of the following best describes an adequate management (audit.) trail application control for the general ledger?

An organization's technician was granted a role that enables him to prioritize projects throughout the organization. Which type of authority will the technician most likely be exercising?

Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?

The internal audit activity has identified accounting errors that resulted in the organization overstating its net income for the fiscal year. Which of the following is the most likely cause of this overstatement?

Which of the following is an example of a contingent liability that a company should record?

Which of the following actions should an internal auditor take to clean the data obtained for analytics purposes?

An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two. Which of the following could be the reason for the decline in the net profit margin for year two?

An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks. The auditor grouped the related risks into three categories;

- Risks specific to the organization itself.

- Risks specific to the service provider.

- Risks shared by both the organization and the service provider

Which of the following risks should the auditor classify as specific to the service provider?

Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized. As such: which of the

following would be a characteristic of the now highly centralized organization?

What kind of strategy would be most effective for an organization to adopt in order to Implement a unique advertising campaign for selling identical product lines across all of its markets?

Which of the following attributes of data are cybersecurity controls primarily designed to protect?

If an organization has a high amount of working capital compared to the industry average, which of the following is most likely true?

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Which of the following physical access controls often functions as both a preventive and detective control?

When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

According to 11A guidance on IT, which of the following are indicators of poor change management?

1. Inadequate control design.

2. Unplanned downtime.

3. Excessive troubleshooting .

4. Unavailability of critical services.

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

An organization that relies heavily on IT wants to contain the impact of potential business disruption to a period of approximately four to seven days. Which of the following

business recovery strategies would most efficiently meet this organization's needs?

A new manager received computations of the internal fate of return regarding the project proposal. What should the manager compare the computation results to in order to determine whether the project is potentially acceptable?

An internal auditor is assigned to perform data analytics. Which of the following is the next step the auditor should undertake after she has ascertained the value expected from the review?

Which of the following statements is true regarding a project life cycle?

Which of the following statements Is true regarding the use of centralized authority to govern an organization?

For employees, the primary value of implementing job enrichment is which of the following?

A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software that will remotely wipe data in case of theft or other incidents. Which of the following should the organization ensure in exchange for the employees' consent?

Which of the following job design techniques would most likely be used to increase employee motivation through job responsibility and recognition?

Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?

Which of the following best describes the purpose of fixed manufacturing costs?

Which of the following types of budgets will best provide the basis for evaluating the organization's performance?

Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?

Which of the following controls is the most effective for ensuring confidentially of transmitted information?

When determining the level of physical controls required for a workstation, which of the following factors should be considered?

A small chain of grocery stores made a reporting error and understated its ending inventory. What effect would this have on the income statement for the following year?