IIA-CIA-Part3 Business Knowledge for Internal Auditing Questions and Answers

Nondisclosure agreements between the firm and its employees.

Logs of user activity within the information system.

Two-factor authentication for access into the information system.

limited access so information, based on employee duties

Hot recovery plan

Warm recovery plan

Cold recovery plan

Absence of recovery plan

Lower shareholder control

lower indebtedness

Higher company earnings per share.

Higher overall company earnings

Increased dependence on suppliers.

Increased importance of market strategy.

Decreased sensitivity to government regulation

Decreased focus on costs

Divesting product lines expected to have negative profitability.

Increasing the diversity of strategic business units.

Increasing investment in research and development for a new product.

Relocating the organization's manufacturing to another country.

To ensure data processing is complete, accurate, and authorized.

To ensure data being processed remains consistent and intact.

To monitor the effectiveness of other controls

To ensure the output aligns with the intended result.

50 units

60 units

70 units

1:20 units

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

Use management software scan and then prompt parch reminders when devices connect to the network

Prompt response and remediation policy

Inventory of information assets

Information access management

Standard security configurations

Determining the frequency with which backups will be performed.

Prioritizing the order in which business systems would be restored.

Assigning who in the IT department would be involved in the recovery procedures.

Assessing the resources needed to meet the data recovery objectives.

Cold recovery plan,

Outsourced recovery plan.

Storage area network recovery plan.

Hot recovery plan

Communication conflicts

Slower decision making.

Loss of economies of scale

Vulnerabilities in sharing knowledge

They improve the effectiveness of spot check testing techniques.

They allow greater insight into high risk areas.

They reduce the overall scope of the audit engagement,

They increase the internal auditor's objectivity.

Management trail controls

Output controls.

Integrity controls

input controls

Change management practices to ensure operating system patch documentation is retained.

User role requirements are documented in accordance with appropriate application-level control needs.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

Interfaces reinforce segregation of duties between operations administration and database development.

It easily aligns with existing internal audit competencies to reduce expenses

It provides a more holistic view of the audited area.

Its outcomes can be easily interpreted into audit: conclusions.

Its application increases internal auditors' adherence to the Standards

Functional-level strategy

Corporate-level strategy.

Business-level strategy,

DepartmentsHevet strategy

Automated password change requirements.

System data backup process.

User testing of system changes.

Formatted data fields

It can restore default settings and lock encrypted data when necessary.

It enables the erasure and reformatting of secure digital (SD) cards.

It can delete data backed up to a desktop for complete protection if required.

It can wipe data that is backed up via cloud computing

Debit indicates the right side of an account and credit the left side

Debit means an increase in an account and credit means a decrease.

Credit indicates the right side of an account and debit the left side.

Credit means an increase in an account and debit means a decrease

Decentralized

Centralized

Departmentalized

Tall structure

Mutually exclusive relationship.

Direct relationship.

Intrinsic relationship.

Inverse relationship.

Top management does little monitoring of the decisions made at lower levels.

The decisions made at the lower levels of management are considered very important.

Decisions made at lower levels in the organizational structure are few.

Reliance is placed on top management decision making by few of the organization's departments.

Theory of constraints.

Just-in-time method.

Activity-based costing.

Break-even analysis

Tampering

Hacking

Phishing

Piracy

Collections from customers

Sale of securities.

Purchase of trucks.

Payment of debt, including interest

Veracity, velocity, and variety.

Integrity, availability, and confidentiality.

Accessibility, accuracy, and effectiveness.

Authorization, logical access, and physical access.

An incorrect program fix was implemented just prior to the database backup.

The organization is preparing to train all employees on the new self-service benefits system.

There was a data center failure that requires restoring the system at the backup site.

There is a need to access prior year-end training reports for all employees in the human resources database

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate

Excessive collecting of information

Application of social engineering

Retention of incomplete information.

Undue disclosure of information

To increase the ability to borrow additional funds from creditors

To reduce the organization's free cash flow from operations

To Improve the organization's free cash flow from operations

To acquire the asset at the end of the lease period at a price lower than the fair market value

Verify completeness and accuracy.

Verify existence and accuracy.

Verify completeness and integrity.

Verify existence and completeness.

Require a Service Organization Controls (SOC) report from the service provider

Include a data protection clause in the contract with the service provider.

Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.

Encrypt the employees ' data before transmitting it to the service provider

Password selection

Password aging

Password lockout

Password rotation

Preventing database administrators from initiating program changes

Blocking technicians from getting into the network room.

Restricting system programmers' access to database facilities

Using encryption for data transmitted over the public internet

Cost method.

Equity method .

Consolidation method.

Fair value method.