IIA-CIA-Part3 Business Knowledge for Internal Auditing Questions and Answers

Total manufacturing costs are determined at the end of each period.

Costs are summarized in a production cost repot for each department

Three manufacturing cost elements are tracked direct materials direct labor and manufacturing overhead.

The unit cost can be calculated by dividing the total manufacturing costs for the period by the units produced during the period

Capital investment and not marketing

Marketing and not capital investment.

Efficiency and not input economy.

Effectiveness and not efficiency.

Diversification

Vertical integration

Risk avoidance

Differentiation

Application input controls

Firewall controls.

Transmission encryption controls

Change management controls

Has the longest duration in time.

Costs the most money.

Requires the largest amount of labor

Is deemed most important to the project.

Management by objectives is most helpful in organizations that nave rapid changes.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

Management by objectives helps organizations to keep employees motivated.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Use the equity method to recalculate the investment carrying value

Confirm the securities held by the broker

Perform a calculation of premium or discount amortization.

Compare the carrying value with current market quotations

Higher cash flow and treasury balances

Higher inventory balances

Higher accounts receivable

Higher accounts payable

1 and 2

1 and 3

2 and 4

3 and 4

Anti-malware software.

Authentication.

Spyware.

Rooting.

Deploy intrusion detection systems and conduct penetration testing

Administer security procedures, training, and testing.

Monitor incidents, key risk indicators, and remediation

implement vulnerability management with internal and external scans.

Require regular performance appraisals

Perform exit interviews

Encourage periodic rotation of employee duties.

Ensure mandatory vacations

Normalize the data

Obtain the data

identify the risks

Analyze the data

An employee receives an email that appears to be from the organization's bank, though it is not. The employee replies to the email and sends the requested confidential information.

An organization's website has been hacked. The hacker added political content that is not consistent with the organization's views.

An organization's systems have been compromised by malicious software. The software locks the organization's operating system until d ransom is paid.

An organization's communication systems have been intercepted. A communication session is controlled by an unauthorized third party.

The risk that users try to bypass controls and do not install required software updates.

The risk that smart devices can be lost or stolen due to their mobile nature.

The risk that an organization intrusively monitors personal information stored on smart devices.

The risk that proprietary information is not deleted from the device when an employee leaves.

Detailed analytics

Predictive analytics

Diagnostic analytics

Prescriptive analytics

A clothing company designs makes and sells a new item.

A commercial constructor company is hired to build a warehouse.

A city department sets up a new firefighter training program.

A manufacturing organization acquires component parts from a contracted vendor

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences but cannot be used to identify the absence of differences

Assets liabilities and owners' equity would be understated

Assets net income and owners' equity would be unaffected

Assets and liabilities would be understated

Assets net income and owners' equity would be understated, but liabilities would be overstated

To reconstitute systems efficiently following a disruptive event.

To define rules on how devices within the system should communicate after a disaster.

To describe how data should move from one system to another system in case of an emergency.

To establish a protected area of network that is accessible to the public after a disaster

Operational plans.

Tactical plans.

Strategic plans.

Mission plans.

Access to personally identifiable information is limited to those who need it to perform their job.

Confidential data must be backed up and recoverable within a 24-hour period.

Updates to systems containing sensitive data must be approved before being moved to production.

A record of employees with access to insider information must be maintained and those employees may not trade company stock during blackout periods

Use a behaviorally anchored rating scale to Break down jobs into their components.

Analyze and compare the ratings for different classes or groupings of employees.

Compare the ratings of selective employees with their previous appraisals.

Analyze the number and percentages of employee appraisals that fall into each rating category

Input controls.

Output controls

Processing controls

Integrity controls

System software that acts as an interface between a user and a computer.

A standardized set of guidelines that facilitates communication between computers on different networks.

System software that translates hypertext markup language to allow users to view a remote webpage.

A network of servers used to control a variety of mission-critical operations.

Password selection

Password aging

Password lockout

Password rotation

Process element.

Key principles.

Maturity model.

Assurance.

1 and 2 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

The framework categorizes an organization's objectives to distinct, non overlapping objectives.

Control environment is one of the framework's eight components.

The framework facilitates effective risk management, even if objectives have not been established.

The framework integrates with, but is not dependent upon, the corresponding internal control framework.

7 percent simple interest with a 10 percent compensating balance.

7 percent simple interest paid at the end of each year.

7 percent discount interest.

7 percent compounding interest.

Prior to testing the new application.

During testing of the new application.

During implementation of the new application.

During maintenance of the new application.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

A time-sensitive just-in-time purchase environment.

A large volume of custom purchases.

A variable volume sensitive to material cost.

A currently inefficient purchasing process.

Fixed cost.

Variable cost.

Total maintenance cost.

Patient days.

Dairy manufacturing company taking over a large dairy farm.

A movie producer acquires movie theaters.

A petroleum processing company acquires an agro-processing firm.

A baker taking over a competitor.

The auditor should focus on the audit client as a person and understand him, rather than just concentrating on the problem.

The auditor should make recommendations based on objective criteria, rather than based on a subjective assessment.

The auditor should explore alternative solutions to address the audit problem, so the audit client has options.

The auditor should take a flexible position on the recommendations and focus on resolving the issue by addressing the interests of the people concerned.

50 units.

60 units.

100 units.

120 units.

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

Draws positive attention to the writing style.

Treats all receivers with respect.

Suits the method of presentation and delivery.

Develops ideas without overstatement.

Establishing risk category definitions and a common risk language for likelihood and impact measures.

Defining ERM roles and responsibilities.

Providing the board with an independent, objective risk perspective on financial reporting.

Guiding integration of ERM with other management activities.

Each party's negotiator presents a menu of options to the other party.

Each party adopts one initial position from which to start.

Each negotiator minimizes the information provided to the other party.

Each negotiator starts with an offer, which is optimal from the negotiator's perspective.

$350,000

$500,000

$850,000

$1,200,000

Cash budget.

Production budget.

Sales budget.

Selling and administrative expenses budget.

1 and 3 only

2 and 4 only

1, 2, and 4 only

1, 2, 3, and 4

The underlying causes of the risk.

The impact of the risk on the organization's objectives.

The risk levels of current and future events.

The potential for eliminating risk factors.

Political.

Financial.

Social.

Tariff.

The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition's cost.

The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.

The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.

50 percent of total organizational cost has been allocated on a volume basis.

Established strategy of players.

Low number of new firms.

High unit costs.

Technical expertise.

Interviewing the organization's employees.

Observing the organization's operations.

Reading the board's minutes.

Inspecting manuals and documents.

1 and 3.

1 and 4.

2 and 3.

2 and 4.

A higher initial investment level.

A higher discount rate.

Cash inflows that are larger in the later years of the life of the project.

Cash inflows that are larger in the earlier years of the life of the project.

Cutbacks in preventive maintenance.

An inadequately trained and supervised labor force.

A large number of rush orders.

Production of more units than planned for in the master budget.

Second-mortgage financing from a bank.

An issue of commercial paper.

Pledged accounts receivable.

Asset-based financing.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

Lack of flexibility.

Incompatibility with client/server technology.

Employee resistance to change.

Inadequate technical support.

Specific guidance must be followed when interacting with nongovernmental organizations.

Disclosure laws tend to be consistent from one jurisdiction to another.

There are several internationally recognized standards for dealing with financial donors.

Legal representation should be consulted before releasing internal audit information to other assurance providers.