CIA CHALLENGE Exam IIA-CIA-Part3-3P Questions V8.02 CIA Challenge Topics - CIA Exam Part Three: Business Knowledge for Internal Auditing Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First 1.If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the auditor should do which of the following? A. Conform with all other parts of The IIA's Standards and provide appropriate disclosures. B. Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures. C. Continue the engagement without conforming with the other parts of The IIA's Standards. D. Withdraw from the engagement. Answer: A 2. According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization's social and environmental impact on the local community? 1) Determine whether previous incidents have been reported, managed, and resolved. 2) Determine whether a business contingency plan exists. 3) Determine the extent of transparency in reporting. 4) Determine whether a cost/benefit analysis was performed for all related projects. A. 1 and 3. B. 1 and 4. C. 2 and 3. D. 2 and 4. Answer: A 3. An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud . Which of the following controls would be least effective in detecting any potential fraudulent activity? A. Exception report identifying payment anomalies. B. Documented policy and procedures. C. Periodic account reconciliation of contractor charges. D. Monthly management review of all contractor activity. Answer: B 4. Which of the following statements about matrix organizations is false? A. In a matrix organization, conflict between functional and product managers may arise. B. In a matrix organization, staff under dual command is more likely to suffer stress at work. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First C. Matrix organizations offer the advantage of greater flexibility. D. Matrix organizations minimize costs and simplify communication. Answer: D 5. Which of the following is not included in the process of user authentication? A. Authorization. B. Identification. C. Verification. D. Validation. Answer: A 6. Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans? 1) Evaluate the business continuity plans for adequacy and currency. 2) Prepare a business impact analysis regarding the loss of critical business. 3) Identify key personnel who will be required to implement the plans. 4) Identify and prioritize the resources required to support critical business processes. A. 1 only B. 2 and 4 only C. 1, 3, and 4 only D. 1, 2, 3, and 4 Answer: A 7. Which of the following is not a barrier to effective communication? A. Filtering. B. Communication overload. C. Similar frames of reference. D. Lack of source credibility. Answer: C 8. One change control function that is required in client/server environments, but is not required in mainframe environments, is to ensure that: A. Program versions are synchronized across the network. B. Emergency move procedures are documented and followed. C. Appropriate users are involved in program change testing. D. Movement from the test library to the production library is controlled. Answer: A Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First 9. During the last year, an organization had an opening inventory of $300,000, purchases of $980,000, sales of $1,850,000, and a gross margin of 40 percent . What is the closing inventory if the periodic inventory system is used? A. $170,000 B. $280,000 C. $300,000 D. $540,000 Answer: A 10. A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software. Copy 1 was solely for backup purposes. Copy 2 was for use by another member of the department. In terms of software licenses and copyright law, which of the following is correct? A. Both copies are legal. B. Only copy 1 is legal. C. Only copy 2 is legal. D. Neither copy is legal. Answer: B 11. Under a value-added taxing system: A. Businesses must pay a tax only if they make a profit. B. The consumer ultimately bears the cost of the tax through higher prices. C. Consumer savings are discouraged. D. The amount of value added is the difference between an organization's sales and its cost of goods sold. Answer: B 12. Which of the following is a characteristic of an emerging industry? A. Established strategy of players. B. Low number of new firms. C. High unit costs. D. Technical expertise. Answer: C 13. Which of the following best describes a market signal? A. The bargaining power of buyers is forcing a drop in market prices. B. There is pressure from the competitor's substitute products. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First C. Strategic analysis by the organization indicates feasibility of expanding to new market niches. D. The competitor announces a new warranty program. Answer: D 14. An organization is projecting sales of 100,000 units, at a unit price of $12. Unit variable costs are $7. If fixed costs are $350,000, what is the projected total contribution margin? A. $350,000 B. $500,000 C. $850,000 D. $1,200,000 Answer: B 15. An organization's balance sheet indicates that the total asset amount and the total capital stock amount remained unchanged from one year to the next, and no dividends were declared or paid. However, the organization reported a loss of $200,000 . Which of the following describes the most likely year-over-year change to the organization's total liabilities and total stockholder equity? A. The total liabilities and total stockholder equity both increased. B. The total liabilities and total stockholder equity both decreased. C. The total liabilities decreased, and the total stockholder equity increased. D. The total liabilities increased, and the total stockholder equity decreased. Answer: D 16. A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special- ordered or custom-made. The most likely structure for this organization would be: A. Functional departmentalization. B. Product departmentalization. C. Matrix organization. D. Divisional organization. Answer: A 17. A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First An internal auditor would expect to find all of the following controls within the technology department except: A. Adequate segregation of duties between data processing controls and file security controls. B. Documented procedures for remote job entry and for local data file retention. C. Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations. D. Established procedures to prevent and detect unauthorized changes to data files. Answer: B 18. International marketing activities often begin with: A. Standardization. B. Global marketing. C. Limited exporting. D. Domestic marketing. Answer: C 19. The economic order quantity can be calculated using the following formula: Which of the following describes how the optimal order size will change if the annual demand increases by 36 percent? A. Decrease by about 17 percent. B. Decrease by about 7 percent. C. Increase by about 7 percent. D. Increase by about 17 percent. Answer: D 20. Unsecured loans are loans: A. That do not have to be repaid for over one year. B. That appear to be too risky for most lenders to consider. C. Granted on the basis of a company's credit standing. D. Backed by mortgaged assets. Answer: C 21. The internal audit activity completed an initial risk analysis of the organization's data storage center and found several areas of concern . Which of the following is the most appropriate next step? A. Risk response. B. Risk identification. C. Identification of context. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First D. Risk assessment. Answer: D 22. According to Porter's model of competitive strategy, which of the following is a generic strategy? 1 Differentiation. 2) Competitive advantage. 3) Focused differentiation. 4) Cost focus. A. 2 only B. 3 and 4 only C. 1, 3, and 4 only D. 1, 2, 3, and 4 Answer: C 23. Which of the following is false with regard to Internet connection firewalls? A. Firewalls can protect against computer viruses. B. Firewalls monitor attacks from the Internet. C. Firewalls provide network administrators tools to retaliate against hackers. D. Firewalls may be software-based or hardware-based. Answer: A 24. In terms of international business strategy, which of the following is true regarding a multi-domestic strategy? A. It uses the same products in all countries. B. It centralizes control with little decision-making authority given to the local level. C. It is an effective strategy when large differences exist between countries. D. It provides cost advantages, improves coordinated activities, and speeds product development. Answer: C 25. Which of the following engagement observations would provide the least motivation for management to amend or replace an existing cost accounting system? A. The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition's cost. B. The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system. C. The cost of rework, hidden by the current system, is 50 percent of the total cost of all services. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First D. 50 percent of total organizational cost has been allocated on a volume basis. Answer: D 26. A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system . Which of the following is most likely the cause of the difficulty? A. High degree of masculinity. B. Low uncertainty avoidance. C. High collectivism. D. Low long-term orientation. Answer: C 27. Which of the following statements best describes the frameworks set forth by the International Standards Organization? A. Globally accepted standards for industries and processes. B. Bridging the gaps among control requirements, technical issues, and business risks. C. Practical guidance and benchmarks for all organizations that use information systems. D. Frameworks and guidance on enterprise risk management, internal control, and fraud deterrence. Answer: A 28. The activity that involves a trial run of a product in a typical segment of the market before proceeding to a national launch is referred to as: A. Test marketing B. Experimentation C. Segmentation D. Positioning Answer: A 29. Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance? 1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization. 2) The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives. 3) The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First 4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organizations strategies and objectives. A. 1 only B. 4 only C. 2 and 4 D. 3 and 4 Answer: C 30. According to Porter, which of the following is associated with fragmented industries? A. Weak entrance barriers. B. Significant scale economies. C. Steep experience curve. D. Strong negotiation power with suppliers. Answer: A 31. Presented below are partial year-end financial statement data (000 omitted from dollar amounts) for companies A and B: If company A has a quick ratio of 2:1, then it has an accounts receivable balance of: A. $100 B. $200 C. $300 D. $500 Answer: A 32. When applied to international economics, the theory of comparative advantage proposes that total worldwide output will be greatest when: A. Each nation's total imports approximately equal its total exports. B. Each good is produced by the nation that has the lowest opportunity cost for that good. C. Goods that contribute to a nation's balance-of-payments deficit are no longer imported. D. International trade is unrestricted and tariffs are not imposed. Answer: B 33. According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program? Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First 1) Every employee generally has a responsibility for ensuring the success of CSR objectives. 2) The board has overall responsibility for the effectiveness of internal control processes associated with CSR. 3) Public reporting on the CSR governance process is expected. 4) Organizations generally have flexibility regarding what is included in a CSR program. A. 1, 2, and 3 only B. 1, 2, and 4 only C. 1, 3, and 4 only D. 2, 3, and 4 only Answer: B 34. Which of the following stages of group development is associated with accepting team responsibilities? A. Forming stage. B. Performing stage. C. Norming stage. D. Storming stage. Answer: C 35. Which audit approach should be employed to test the accuracy of information housed in a database on an un-networked computer? A. Submit batches of test transactions through the current system and verify with expected results. B. Use a test program to simulate the normal data entering process. C. Select a sample of records from the database and ensure it matches supporting documentation. D. Evaluate compliance with the organization's change management process. Answer: C 36. Which of the following are appropriate reasons for internal auditors to document processes as part of an audit engagement? 1) To determine areas of primary concern. 2) To establish a standard format for process mapping. 3) To define areas of responsibility within the organization. 4) To assess the performance of employees. A. 1 and 2 only B. 1 and 3 only C. 2 and 3 only Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First D. 2 and 4 only Answer: B 37. Multinational organizations generally spend more time and effort to identify and evaluate: A. Internal strengths and weaknesses. B. Break-even points. C. External trends and events. D. Internal risk factors. Answer: C 38. Which of the following costs would be incurred in an inventory stockout? A. Lost sales, lost customers, and backorder. B. Lost sales, safety stock, and backorder. C. Lost customers, safety stock, and backorder. D. Lost sales, lost customers, and safety stock. Answer: A 39. Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace? A. Promote closer linkage between organizational strategy and information. B. Provide users with greater online access to information systems. C. Enhance the functionality of application systems. D. Expand the use of automated controls. Answer: C 40. Which of the following techniques would be least effective in resolving the conflict created by an internal audit client's perception of the audit report as a personal attack on his management performance? A. The auditor should focus on the audit client as a person and understand him, rather than just concentrating on the problem. B. The auditor should make recommendations based on objective criteria, rather than based on a subjective assessment. C. The auditor should explore alternative solutions to address the audit problem, so the audit client has options. D. The auditor should take a flexible position on the recommendations and focus on resolving the issue by addressing the interests of the people concerned. Answer: A Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First 41. Which of the following is a disadvantage of selecting a commercial software package rather than developing an application internally? A. Lack of flexibility. B. Incompatibility with client/server technology. C. Employee resistance to change. D. Inadequate technical support. Answer: A 42. Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users? A. Increasing complexity over time. B. Interface with corporate systems. C. Ability to meet user needs. D. Hidden data columns or worksheets. Answer: C 43. The cost to enter a foreign market would be highest in which of the following methods of global expansion? A. Joint ventures. B. Licensing. C. Exporting. D. Overseas production. Answer: D 44. When granting third parties temporary access to an entity's computer systems, which of the following is the most effective control? A. Access is approved by the supervising manager. B. User accounts specify expiration dates and are based on services provided. C. Administrator access is provided for a limited period. D. User accounts are deleted when the work is completed. Answer: B 45. Which of the following is the most appropriate test to assess the privacy risks associated with an organization's workstations? A. Penetration test. B. Social engineering test. C. Vulnerability test. D. Physical control test. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First Answer: D 46. Which of the following is a type of network in which an organization permits specific users (such as existing customers) to have access to its internal network through the Internet by building a virtual private network? A. Intranet. B. Extranet. C. Digital subscriber line. D. Broadband. Answer: B 47. Which of the following is the best reason for considering the acquisition of a nondomestic organization? A. Relatively fast market entry. B. Improved cash flow of the acquiring organization. C. Increased diversity of corporate culture. D. Opportunity to influence local government policy. Answer: A 48. According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity? A. Access system security. B. Policy development. C. Change management. D. Operations processes. Answer: B 49. Which of the following techniques is the most relevant when an internal auditor conducts a valuation of an organization's physical assets? A. Observation. B. Inspection. C. Original cost. D. Vouching. Answer: B 50. An internationally recognized brand name is an entrance barrier to new competitors because new competitors would: A. Have to initiate a price war in order to enter the industry. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First B. Face increased production costs. C. Face increased marketing costs. D. Face higher learning costs, which would increase fixed costs. Answer: C 51. During a review of a web-based application used by customers to check the status of their bank accounts, it would be most important for the internal auditor to ensure that: A. Access to read application logs is restricted to authorized users. B. Account balance information is encrypted in the database. C. The web server used to host the application is located in a physically secure area. D. Sensitive data, such as account numbers, are submitted using encrypted communications. Answer: D 52. Which of the following distinguishes the added-value negotiation method from traditional negotiating methods? A. Each party's negotiator presents a menu of options to the other party. B. Each party adopts one initial position from which to start. C. Each negotiator minimizes the information provided to the other party. D. Each negotiator starts with an offer, which is optimal from the negotiator's perspective. Answer: A 53. Where complex problems need to be addressed, which of the following communication networks would be most appropriate? A. Chain. B. All-channel. C. Circle. D. Wheel. Answer: B 54. ESTION NO: 13 Which stage in the industry life cycle is characterized by many different product variations? A. Introduction. B. Growth. C. Maturity. D. Decline. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First Answer: A 55. Which of the following roles would be least appropriate for the internal audit activity to undertake with regard to an organization's corporate social responsibility (CSR) program? A. Consult on project design and implementation of the CSR program. B. Serve as an advisor on internal controls related to CSR. C. Identify and prioritize the CSR issues that are important to the organization. D. Evaluate the effectiveness of the organization's CSR efforts. Answer: C 56. An organization engages in questionable financial reporting practices due to pressure to meet unrealistic performance targets . Which internal control component is most negatively affected? A. Monitoring. B. Control activities. C. Risk assessment. D. Control environment. Answer: D 57. A global business organization is selecting managers to post to various international (expatriate) assignments. In the screening process, which of the following traits would be required to make a manager a successful expatriate? 1) Superior technical competence. 2) Willingness to attempt to communicate in a foreign language. 3) Ability to empathize with other people. A. 1 and 2 only B. 1 and 3 only C. 2 and 3 only D. 1, 2, and 3 Answer: C 58. Which of the following would best prevent unauthorized external changes to an organization's data? A. Antivirus software, firewall, data encryption. B. Firewall, data encryption, backup procedures. C. Antivirus software, firewall, backup procedures. D. Antivirus software, data encryption, change logs. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First Answer: A 59. Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities? A. Control environment. B. Control activities. C. Information and communication. D. Monitoring. Answer: A 60. Which of the following are likely indicators of ineffective change management? 1) IT management is unable to predict how a change will impact interdependent systems or business processes. 2) There have been significant increases in trouble calls or in support hours logged by programmers. 3) There is a lack of turnover in the systems support and business analyst development groups. 4) Emergency changes that bypass the normal control process frequently are deemed necessary. A. 1 and 3 only B. 2 and 4 only C. 1, 2, and 4 only D. 1, 2, 3, and 4 Answer: C 61. TION NO: 129 According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization's IT contingency plan? A. To ensure that adequate controls exist to prevent any significant business interruptions. B. To identify and address potential security weaknesses within the system. C. To ensure that tests contribute to improvement of the program. D. To ensure that deficiencies identified by the audit are promptly addressed. Answer: C 62. Organizational activities that complement each other and create a competitive advantage are called a: A. Merger. B. Strategic fit. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First C. Joint venture. D. Strategic goal. Answer: B 63. Which of the following does not provide operational assurance that a computer system is operating properly? A. Performing a system audit. B. Making system changes. C. Testing policy compliance. D. Conducting system monitoring. Answer: B 64. At what point during the systems development process should an internal auditor verify that the new application's connectivity to the organization's other systems has been established correctly? A. Prior to testing the new application. B. During testing of the new application. C. During implementation of the new application. D. During maintenance of the new application. Answer: A 65. According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity? 1) Consult on CSR program design and implementation. 2) Serve as an advisor on CSR governance and risk management. 3) Review third parties for contractual compliance with CSR terms. 4) Identify and mitigate risks to help meet the CSR program objectives. A. 1, 2, and 3 B. 1, 2, and 4 C. 1, 3, and 4 D. 2, 3, and 4 Answer: A 66. Which of the following methods, if used in conjunction with electronic data interchange (EDI), will improve the organization's cash management program, reduce transaction data input time and errors, and allow the organization to negotiate discounts with EDI vendors based on prompt payment? A. Electronic funds transfer. B. Knowledge-based systems. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First C. Biometrics. D. Standardized graphical user interface. Answer: A 67. Which is the least effective form of risk management? A. Systems-based preventive control. B. People-based preventive control. C. Systems-based detective control. D. People-based detective control. Answer: D 68. According to the Standards, which of the following is based on the assertion that the quality of an organization's risk management process should improve with time? A. Process element. B. Key principles. C. Maturity model. D. Assurance. Answer: C 69. The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response? A. Risk acceptance. B. Risk sharing. C. Risk avoidance. D. Risk reduction. Answer: D 70. An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows: Product X Product Y Selling price per unit $10 $13 Materials per unit (at $1/kg) 2 kg 6 kg Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First Monthly demand 100 units 120 units In order to maximize profit, how much of product Y should the organization produce each month? A. 50 units. B. 60 units. C. 100 units. D. 120 units. Answer: A 71. In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess? A. The underlying causes of the risk. B. The impact of the risk on the organization's objectives. C. The risk levels of current and future events. D. The potential for eliminating risk factors. Answer: D 72. Which of the following is not a common feature of cumulative preferred stock? A. Priority over common stock with regard to dilution of shares. B. Priority over common stock with regard to earnings. C. Priority over common stock with regard to dividend payment. D. Priority over common stock with regard to assets. Answer: A 73. Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)? A. PKI uses an independent administrator to manage the public key. B. The public key is authenticated against reliable third-party identification. C. PKI's public accessibility allows it to be used readily for e-commerce. D. The private key uniquely authenticates each party to a transaction. Answer: D 74. An organization had three large centralized divisions: one that received customer orders for service work; one that scheduled the service work at customer locations; and one that answered customer calls about service problems. These three divisions were restructured into seven regional groups, each of which performed all three functions. Free IIA-CIA-Part3-3P Exam Demo Online [2022] Check IIA-CIA-Part3-3P Exam Questions First One advantage of this restructuring would be: A. Better internal controls. B. Greater economies of scale. C. Improved work flow. D. Increased specialization. Answer: C 75. All of the following are possible explanations for a significant unfavorable material efficiency variance except: A. Cutbacks in preventive maintenance. B. An inadequately trained and supervised labor force. C. A large number of rush orders. D. Production of more units than planned for in the master budget. Answer: D 76. Which of the following is not a method for implementing a new application system? A. Direct cutover. B. Parallel. C. Pilot. D. Test. Answer: D 77. Which of the following statements is true regarding the resolution of interpersonal conflict? A. Unrealized expectations can be avoided with open and honest discussion. B. Reorganization would probably not help ambiguous or overlapping jurisdictions. C. Deferring action should be used until there is sufficient time to fully deal with the issue. D. Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict. Answer: A 78. An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be: A. Lack of awareness of the state of processing. B. Increased cost and complexity of network traffic. C. Interference of the mirrored data with the original source data. D. Confusion about where customer data are stored.