IIA-CIA-Part3 Practice Test Questions

333 Questions


While performing an audit of a car tire manufacturing plant, an internal auditor noticed a significant decrease in the number of tires produced from the previous operating period. To determine whether worker inefficiency caused the decrease, what additional information should the auditor request?


A. Total tire production labor hours for the operating period.


B. Total tire production costs for the operating period.


C. Plant production employee headcount average for the operating period.


D. The production machinery utilization rates.





C.   Plant production employee headcount average for the operating period.

Which of the following is an effective preventive control for data center security?


A. Motion detectors.


B. Key card access to the facility.


C. Security cameras.


D. Monitoring access to data center workstations





B.   Key card access to the facility.

During an audit of the payroll system, the internal auditor identifies and documents the following condition:
"Once a user is logged into the system, the user has access to all functionality within the system."
What is the most likely root cause for tins issue?


A. The authentication process relies on a simple password only, which is a weak method of authorization.


B. The system authorization of the user does not correctly reflect the access rights intended.


C. There was no periodic review to validate access rights.


D. The application owner apparently did not approve the access request during the provisioning process.





B.   The system authorization of the user does not correctly reflect the access rights intended.

With regard to project management, which of the following statements about project crashing Is true?


A. It leads to an increase in risk and often results in rework.


B. It is an optimization technique where activities are performed in parallel rather than sequentially.


C. It involves a revaluation of project requirements and/or scope.


D. It is a compression technique in which resources are added so the project.





D.   It is a compression technique in which resources are added so the project.

An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks. The auditor grouped the related risks into three categories;
- Risks specific to the organization itself.
- Risks specific to the service provider.
- Risks shared by both the organization and the service provider
Which of the following risks should the auditor classify as specific to the service provider?


A. Unexpected increases in outsourcing costs.


B. Loss of data privacy.


C. Inadequate staffing.


D. Violation of contractual terms.





D.   Violation of contractual terms.

An internal auditor identified a database administrator with an incompatible dual role. Which of the following duties should not be performed by the identified administrator?


A. Designing and maintaining the database.


B. Preparing input data and maintaining the database.


C. Maintaining the database and providing its security,


D. Designing the database and providing its security





B.   Preparing input data and maintaining the database.

An organization buys equity securities for trading purposes and sells them within a short time period. Which of the following is the correct way to value and report those securities at a financial statement date?


A. At fair value with changes reported in the shareholders' equity section.


B. At fair value with changes reported in net income.


C. At amortized cost in the income statement.


D. As current assets in the balance sheet





B.   At fair value with changes reported in net income.

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?


A. Security.


B. Status.


C. Recognition.


D. Relationship with coworkers





C.   Recognition.

According to Maslow's hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?


A. Esteem by colleagues.


B. Self-fulfillment


C. Series of belonging in the organization


D. Job security





B.   Self-fulfillment

Which component of an organization's cybersecurity risk assessment framework would allow management to implement user controls based on a user's role?


A. Prompt response and remediation policy


B. Inventory of information assets


C. Information access management


D. Standard security configurations





C.   Information access management

Which of the following can be viewed as a potential benefit of an enterprisewide resource planning system?


A. Real-time processing of transactions and elimination of data redundancies.


B. Fewer data processing errors and more efficient data exchange with trading partners.


C. Exploitation of opportunities and mitigation of risks associated with e-business.


D. Integration of business processes into multiple operating environments and databases.





A.   Real-time processing of transactions and elimination of data redundancies.

During a review of the accounts payable process, an internal auditor gathered all of the vendor payment transactions for the past 24 months. The auditor then used an Analytics tool to identify the top five vendors that received the highest sum of payments. Which of the following analytics techniques did the auditor apply?


A. Process analysis


B. Process mining


C. Data analysis.


D. Data mining





C.   Data analysis.


Page 2 out of 28 Pages
Previous