An organization decided to reorganize into a flatter structure.
Which of the following changes would be expected with this new structure?
- A . Lower costs.
- B . Slower decision making at the senior executive level.
- C . Limited creative freedom in lower-level managers.
- D . Senior-level executives more focused on short-term, routine decision making
During her annual performance review, a sales manager admits that she experiences significant stress due to her job but stays with the organization because of the high bonuses she earns.
Which of the following best describes her primary motivation to remain in the job?
- A . Intrinsic reward.
- B . Job enrichment
- C . Extrinsic reward.
- D . The hierarchy of needs.
With increased cybersecurity threats, which of the following should management consider to ensure that there is strong security governance in place?
- A . Inventory of information assets
- B . Limited sharing of data files with external parties.
- C . Vulnerability assessment
- D . Clearly defined policies
Which of the following risks is best addressed by encryption?
- A . Information integrity risk
- B . Privacy risk
- C . Access risk
- D . Software risk
Which of the following best describes a man-in-the-middle cyber-attack?
- A . The perpetrator is able to delete data on the network without physical access to the device.
- B . The perpetrator is able to exploit network activities for unapproved purposes.
- C . The perpetrator is able to take over control of data communication in transit and replace traffic.
- D . The perpetrator is able to disable default security controls and introduce additional vulnerabilities
Which of the following application controls is the most dependent on the password owner?
- A . Password selection
- B . Password aging
- C . Password lockout
- D . Password rotation
Which of the following is the best example of IT governance controls?
- A . Controls that focus on segregation of duties, financial, and change management,
- B . Personnel policies that define and enforce conditions for staff in sensitive IT areas.
- C . Standards that support IT policies by more specifically defining required actions
- D . Controls that focus on data structures and the minimum level of documentation required
Which of the following networks is suitable for an organization that has operations In multiple cities and countries?
- A . Wide area network.
- B . Local area network
- C . Metropolitan area network.
- D . Storage area network.
Which of the following facilitates data extraction from an application?
- A . Application program code.
- B . Database system.
- C . Operating system.
- D . Networks.
While conducting an audit of the accounts payable department, an internal auditor found that 3% of payments made during the period under review did not agree with the submitted invoices.
Which of the following key performance indicators (KPIs) for the department would best assist the auditor in determining the significance of the test results?
- A . A KPI that defines the process owner’s tolerance for performance deviations.
- B . A KPI that defines the importance of performance levels and disbursement statistics being measured.
- C . A KPI that defines timeliness with regard to reporting disbursement data errors to authorized personnel.
- D . A KPI that defines operating ratio objectives of the disbursement process.
Which of the following IT professionals is responsible for providing maintenance to switches and routers to keep IT systems running as intended?
- A . Data center operations manager
- B . Response and support team.
- C . Database administrator,
- D . Network administrator
Which of the following capital budgeting techniques considers the tune value of money?
- A . Annual rate of return.
- B . Incremental analysis.
- C . Discounted cash flow.
- D . Cash payback
Which of the following best describes a potential benefit of using data analyses?
- A . It easily aligns with existing internal audit competencies to reduce expenses
- B . It provides a more holistic view of the audited area.
- C . Its outcomes can be easily interpreted into audit: conclusions.
- D . Its application increases internal auditors’ adherence to the Standards
If an organization has a high amount of working capital compared to the industry average, which of the following is most likely true?
- A . Settlement of short-term obligations may become difficult.
- B . Cash may be bed up in items not generating financial value.
- C . Collection policies of the organization are ineffective.
- D . The organization is efficient in using assets to generate revenue.
A small software development firm designs and produces custom applications for businesses. The application development team consists of employees from multiple departments who all report to a single project manager.
Which of the following organizational structures does this situation represent?
- A . Functional departmentalization.
- B . Product departmentalization
- C . Matrix organization.
- D . Divisional organization
Which of the following attributes of data are cybersecurity controls primarily designed to protect?
- A . Veracity, velocity, and variety.
- B . Integrity, availability, and confidentiality.
- C . Accessibility, accuracy, and effectiveness.
- D . Authorization, logical access, and physical access.
The management of working capital is most crucial for which of the following aspects of business?
- A . Liquidity
- B . Profitability
- C . Solvency
- D . Efficiency
A organization finalized a contract in which a vendor is expected to design, procure, and construct a power substation for $3,000,000.
In this scenario, the organization agreed to which of the following types of contracts?
- A . A cost-reimbursable contract.
- B . A lump-sum contract.
- C . A time and material contract.
- D . A bilateral contract.
Which of the following would be the strongest control to prevent unauthorized wireless network access?
- A . Allowing access to the organization’s network only through a virtual private network.
- B . Logging devices that access the network, including the date. time, and identity of the user.
- C . Tracking all mobile device physical locations and banning access from non-designated areas.
- D . Permitting only authorized IT personnel to have administrative control of mobile devices.
Which of the following best explains the matching principle?
- A . Revenues should be recognized when earned.
- B . Revenue recognition is matched with cash.
- C . Expense recognition is tied to revenue recognition.
- D . Expenses are recognized at each accounting period.
Which of the following best explains the matching principle?
- A . Revenues should be recognized when earned.
- B . Revenue recognition is matched with cash.
- C . Expense recognition is tied to revenue recognition.
- D . Expenses are recognized at each accounting period.
Which of the following best explains the matching principle?
- A . Revenues should be recognized when earned.
- B . Revenue recognition is matched with cash.
- C . Expense recognition is tied to revenue recognition.
- D . Expenses are recognized at each accounting period.
Which of the following best explains the matching principle?
- A . Revenues should be recognized when earned.
- B . Revenue recognition is matched with cash.
- C . Expense recognition is tied to revenue recognition.
- D . Expenses are recognized at each accounting period.
Which of the following best explains the matching principle?
- A . Revenues should be recognized when earned.
- B . Revenue recognition is matched with cash.
- C . Expense recognition is tied to revenue recognition.
- D . Expenses are recognized at each accounting period.
Favorable labor rate variance.
- A . 1 and 2
- B . 1 and 4
- C . 3 and A
- D . 2 and 3
Which of the following intangible assets is considered to have an indefinite life?
- A . Underground oil deposits
- B . Copyright
- C . Trademark
- D . Land
Which of the following should internal auditors be attentive of when reviewing personal data consent and opt-in/opt-out management process?
- A . Whether customers are asked to renew their consent for their data processing at least quarterly.
- B . Whether private data is processed in accordance with the purpose for which the consent was obtained?
- C . Whether the organization has established explicit and entitywide policies on data transfer to third parties.
- D . Whether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.
An analytical model determined that on Friday and Saturday nights the luxury brands stores should be open for extended hours and with a doubled number of employees present; while on Mondays and Tuesdays costs can be minimized by reducing the number of employees to a minimum and opening only for evening hours.
Which of the following best categorizes the analytical model applied?
- A . Descriptive.
- B . Diagnostic.
- C . Prescriptive.
- D . Prolific.
Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?
- A . There is a greater need for organizations to rely on users to comply with policies and procedures.
- B . With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.
- C . Incident response times are less critical in the BYOD environment, compared to a traditional environment
- D . There is greater sharing of operational risk in a BYOD environment
Which of the following is a primary driver behind the creation and prloritteation of new strategic Initiatives established by an organization?
- A . Risk tolerance
- B . Performance
- C . Threats and opportunities
- D . Governance
Management is designing its disaster recovery plan. In the event that there is significant damage to the organization’s IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration.
Which of the following is the ideal solution for management in this scenario?
- A . A warm recovery plan.
- B . A cold recovery plan.
- C . A hot recovery plan.
- D . A manual work processes plan
Which of the following is the best example of a compliance risk that Is likely to arise when adopting a bring-your-own-device (BYOD) policy?
- A . The risk that users try to bypass controls and do not install required software updates.
- B . The risk that smart devices can be lost or stolen due to their mobile nature..
- C . The risk that an organization intrusively monitors personal Information stored on smart devices.
- D . The risk that proprietary information is not deleted from the device when an employee leaves.
Which of the following is a result of Implementing on e-commerce system, which relies heavily on electronic data interchange and electronic funds transfer, for purchasing and biting?
- A . Higher cash flow and treasury balances.
- B . Higher inventory balances
- C . Higher accounts receivable.
- D . Higher accounts payable
A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software that will remotely wipe data in case of theft or other incidents.
Which of the following should the organization ensure in exchange for the employees’ consent?
- A . That those employees who do not consent to MDM software cannot have an email account.
- B . That personal data on the device cannot be accessed and deleted by system administrators.
- C . That monitoring of employees’ online activities is conducted in a covert way to avoid upsetting them.
- D . That employee consent includes appropriate waivers regarding potential breaches to their privacy.
An internal auditor reviews a data population and calculates the mean, median, and range.
What is the most likely purpose of performing this analytic technique?
- A . To inform the classification of the data population.
- B . To determine the completeness and accuracy of the data.
- C . To identify whether the population contains outliers.
- D . To determine whether duplicates in the data inflate the range.
Which of the following statements is true regarding activity-based costing (ABC)?
- A . An ABC costing system is similar to conventional costing systems in how it treats the allocation of manufacturing overhead.
- B . An ABC costing system uses a single unit-level basis to allocate overhead costs to products.
- C . An ABC costing system may be used with either a job order or a process cost accounting system.
- D . The primary disadvantage of an ABC costing system is less accurate product costing.
When reviewing application controls using the four-level model, which of the following processes are associated with level 4 of the business process method?
- A . Activity
- B . Subprocess
- C . Major process
- D . Mega process
Which of the following is an example of internal auditors applying data mining techniques for exploratory purposes?
- A . Internal auditors perform reconciliation procedures to support an external audit of financial reporting.
- B . Internal auditors perform a systems-focused analysis to review relevant controls.
- C . Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan
- D . Internal auditors test IT general controls with regard to operating effectiveness versus design
An intruder posing as the organization’s CEO sent an email and tricked payroll staff into providing employees’ private tax information.
What type of attack was perpetrated?
- A . Boundary attack.
- B . Spear phishing attack.
- C . Brute force attack.
- D . Spoofing attack.
Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic cate interchange?
- A . A just-in-time purchasing environment
- B . A Large volume of custom purchases
- C . A variable volume sensitive to material cost
- D . A currently inefficient purchasing process
According to lIA guidance on IT, which of the following plans would pair the identification of critical business processes with recovery time objectives?
- A . The business continuity management charter.
- B . The business continuity risk assessment plan.
- C . The business Impact analysis plan
- D . The business case for business continuity planning
Which of the following is a disadvantage in a centralized organizational structure?
- A . Communication conflicts
- B . Slower decision making.
- C . Loss of economies of scale
- D . Vulnerabilities in sharing knowledge
A manufacturer ss deciding whether to sell or process materials further.
Which of the following costs would be relevant to this decision?
- A . Incremental processing costs, incremental revenue, and variable manufacturing expenses.
- B . Joint costs, incremental processing costs, and variable manufacturing expenses.
- C . Incremental revenue, joint costs, and incremental processing costs.
- D . Variable manufacturing expenses, incremental revenue, and joint costs
Which of the following situations best illustrates a "false positive" in the performance of a spam filter?
- A . The spam filter removed Incoming communication that included certain keywords and domains.
- B . The spam filter deleted commercial ads automatically, as they were recognized as unwanted.
- C . The spam filter routed to the "junk|r folder a newsletter that appeared to include links to fake websites.
- D . The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.
Which of the following would be the best method to collect information about employees’ job satisfaction?
- A . Online surveys sent randomly to employees.
- B . Direct onsite observations of employees.
- C . Town hall meetings with employees.
- D . Face-to-face interviews with employees.
Which of the following network types should an organization choose if it wants to allow access only to its own personnel?
- A . An extranet
- B . A local area network
- C . An Intranet
- D . The internet
Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?
- A . Key performance indicators.
- B . Reports of software customization.
- C . Change and patch management.
- D . Master data management
Which of the following controls would be most efficient to protect business data from corruption and errors?
- A . Controls to ensure data is unable to be accessed without authorization.
- B . Controls to calculate batch totals to identify an error before approval.
- C . Controls to encrypt the data so that corruption is likely ineffective.
- D . Controls to quickly identify malicious intrusion attempts.
On the last day of the year, a total cost of S 150.000 was incurred in indirect labor related to one of the key products an organization makes.
How should the expense be reported on that year’s financial statements?
- A . It should be reported as an administrative expense on the income statement.
- B . It should be reported as period cost other than a product cost on the management accounts
- C . It should be reported as cost of goods sold on the income statement.
- D . It should be reported on the balance sheet as part of inventory.
Which of the following is true of matrix organizations?
- A . A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.
- B . A combination of product and functional departments allows management to utilize personnel from various Junctions.
- C . Authority, responsibility and accountability of the units Involved may vary based on the project’s life, or the organization’s culture
- D . It is best suited for firms with scattered locations or for multi-line, Large-scale firms.
Which of the following statements describes the typical benefit of using a flat organizational structure for the internal audit activity, compared to a hierarchical structure?
- A . A flat structure results in lower operating and support costs than a hierarchical structure.
- B . A flat structure results in a stable and very collaborative environment.
- C . A flat structure enables field auditors to report to and learn from senior auditors.
- D . A flat structure is more dynamic and offers more opportunities for advancement than a hierarchical structure.
An organization’s board of directors is particularly focused on positioning, the organization as a leader in the industry and beating the competition.
Which of the following strategies offers the greatest alignment with the board’s focus?
- A . Divesting product lines expected to have negative profitability.
- B . Increasing the diversity of strategic business units.
- C . Increasing investment in research and development for a new product.
- D . Relocating the organization’s manufacturing to another country.
At what stage of project integration management would a project manager and project management team typically coordinate the various technical and organizational interfaces that exist in the project?
- A . Project plan development.
- B . Project plan execution
- C . Integrated change control.
- D . Project quality planning
Internal auditors want to increase the likelihood of identifying very small control and transaction anomalies in their testing that could potentially be exploited to cause material breaches.
Which of the following techniques would best meet this objective?
- A . Analysis of the full population of existing data.
- B . Verification of the completeness and integrity of existing data.
- C . Continuous monitoring on a repetitive basis.
- D . Analysis of the databases of partners, such as suppliers.
CORRECT TEXT
Which of the following is a project planning methodology that involves a complex series of required simulations to provide information about schedule risk?
- A . Monte Carlo Analysis.
- B . Project Management Information System (PMIS).
- C . Earned Value Management (EVM).
- D . Integrated Project Plan
For which of the following scenarios would the most recent backup of the human resources database be the best source of information to use?
- A . An incorrect program fix was implemented just prior to the database backup.
- B . The organization is preparing to train all employees on the new self-service benefits system.
- C . There was a data center failure that requires restoring the system at the backup site.
- D . There is a need to access prior year-end training reports for all employees in the human resources database
Which of the following security controls would be me most effective in preventing security breaches?
- A . Approval of identity request
- B . Access logging.
- C . Monitoring privileged accounts
- D . Audit of access rights
Which of the following biometric access controls uses the most unique human recognition characteristic?
- A . Facial comparison using photo identification.
- B . Signature comparison.
- C . Voice comparison.
- D . Retinal print comparison.
A company produces water buckets with the following costs per bucket:
Direct labor = 82
Direct material = $5
Fixed manufacturing = 83.50
Variable manufacturing = 82.50
The water buckets are usually sold for $15. However, the company received a special order for 50.000 water buckets at 311 each.
Assuming there is adequate manufacturing capacity and ail other variables are constant, what is the relevant cost per unit to consider when deciding whether to accept this special order at the reduced price?
- A . $9.50
- B . $10.50
- C . $11
- D . $13
Which of the following financial statements provides the best disclosure of how a company’s money was used during a particular period?
- A . Income statement.
- B . Owner’s equity statement.
- C . Balance sheet.
- D . Statement of cash flows.
Which of the following IT-related activities is most commonly performed by the second line of defense?
- A . Block unauthorized traffic.
- B . Encrypt data.
- C . Review disaster recovery test results.
- D . Provide independent assessment of IT security.
Which of the following best describes the primary objective of cybersecurity?
- A . To protect the effective performance of IT general and application controls.
- B . To regulate users ‘behavior it the web and cloud environment.
- C . To prevent unauthorized access to information assets.
- D . To secure application of protocols and authorization routines.
Which of the following should software auditors do when reporting internal audit findings related to enterprisewide resource planning?
- A . Draft separate audit reports for business and IT management.
- B . Conned IT audit findings to business issues.
- C . Include technical details to support IT issues.
- D . Include an opinion on financial reporting accuracy and completeness.
Which component of an organization’s cybersecurity risk assessment framework would allow management to implement user controls based on a user’s role?
- A . Prompt response and remediation policy
- B . Inventory of information assets
- C . Information access management
- D . Standard security configurations
Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?
- A . Phishing.
- B . Ransomware.
- C . Hacking.
- D . Makvare
Which of the following is an indicator of liquidity that is more dependable than working capital?
- A . Acid-test (quick) ratio
- B . Average collection period
- C . Current ratio.
- D . Inventory turnover.
Which of the following statements is true concerning the basic accounting treatment of a partnership?
- A . The initial investment of each partner should be recorded at book value.
- B . The ownership ratio identifies the basis for dividing net income and net toss.
- C . A partner’s capital only changes due to net income or net loss.
- D . The basis for sharing net incomes or net kisses must be fixed.
Which of the following controls would enable management to receive timely feedback and help mitigate unforeseen risks?
- A . Measure product performance against an established standard.
- B . Develop standard methods for performing established activities.
- C . Require the grouping of activities under a single manager.
- D . Assign each employee a reasonable workload.
Several organizations have developed a strategy to open co-owned shopping malls.
What would be the primary purpose of this strategy?
- A . To exploit core competence.
- B . To increase market synergy.
- C . To deliver enhanced value.
- D . To reduce costs.
With regard to project management, which of the following statements about project crashing Is true?
- A . It leads to an increase in risk and often results in rework.
- B . It is an optimization technique where activities are performed in parallel rather than sequentially.
- C . It involves a revaluation of project requirements and/or scope.
- D . It is a compression technique in which resources are added so the project.
Which of the following data security policies is most likely to be the result of a data privacy law?
- A . Access to personally identifiable information is limited to those who need It to perform their job.
- B . Confidential data must be backed up and recoverable within a 24-hour period.
- C . Updates to systems containing sensitive data must be approved before being moved to production.
- D . A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods
Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?
- A . Greater cost-effectiveness
- B . Increased economies of scale
- C . Larger talent pool
- D . Strong internal controls
Which of the following would be classified as IT general controls?
- A . Error listings.
- B . Distribution controls.
- C . Transaction logging.
- D . Systems development controls.
Which of the following is most influenced by a retained earnings policy?
- A . Cash.
- B . Dividends.
- C . Gross margin.
- D . Net income.
Which of the following can be classified as debt investments?
- A . Investments in the capital stock of a corporation
- B . Acquisition of government bonds.
- C . Contents of an investment portfolio,
- D . Acquisition of common stock of a corporation
A large retail customer made an offer to buy 10.000 units at a special price of $7 per unit. The manufacturer usually sells each unit for §10, Variable Manufacturing costs are 55 per unit and fixed manufacturing costs are $3 per unit.
For the manufacturer to accept the offer, which of the following assumptions needs to be true?
- A . Fixed and Variable manufacturing costs are less than the special offer selling price.
- B . The manufacturer can fulfill the order without expanding the capacities of the production facilities.
- C . Costs related to accepting this offer can be absorbed through the sale of other products.
- D . The manufacturer’s production facilities are currently operating at full capacity.
Which of the following authentication device credentials is the most difficult to revoke when an employee s access rights need to be removed?
- A . A traditional key lock
- B . A biometric device
- C . A card-key system
- D . A proximity device
Which of the following is an example of a physical control?
- A . Providing fire detection and suppression equipment
- B . Establishing a physical security policy and promoting it throughout the organization
- C . Performing business continuity and disaster recovery planning
- D . Keeping an offsite backup of the organization’s critical data
Which of the following is a benefit from the concept of Internet of Things?
- A . Employees can choose from a variety of devices they want to utilize to privately read work emails without their employer’s knowledge.
- B . Physical devices, such as thermostats and heat pumps, can be set to react to electricity market changes and reduce costs.
- C . Information can be extracted more efficiently from databases and transmitted to relevant applications for in-depth analytics.
- D . Data mining and data collection from internet and social networks is easier, and the results are more comprehensive
Which of the following IT disaster recovery plans includes a remote site dessgnated for recovery with available space for basic services, such as internet and telecommunications, but does not have servers or infrastructure equipment?
- A . Frozen site
- B . Cold site
- C . Warm site
- D . Hot site
According to Maslow’s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?
- A . Esteem by colleagues.
- B . Self-fulfillment
- C . Series of belonging in the organization
- D . Job security
When executive compensation is based on the organization’s financial results, which of the following situations is most likely to arise?
- A . The organization reports inappropriate estimates and accruals due to poof accounting controls.
- B . The organization uses an unreliable process forgathering and reporting executive compensation data.
- C . The organization experiences increasing discontent of employees, if executives are eligible for compensation amounts that are deemed unreasonable.
- D . The organization encourages employee behavior that is inconsistent with the interests of relevant stakeholders.
Which of the following would be a concern related to the authorization controls utilized for a system?
- A . Users can only see certain screens in the system.
- B . Users are making frequent password change requests.
- C . Users Input Incorrect passwords and get denied system access
- D . Users are all permitted uniform access to the system.
Which of the following is a characteristic of big data?
- A . Big data is being generated slowly due to volume.
- B . Big data must be relevant for the purposes of organizations.
- C . Big data comes from a single type of formal.
- D . Big data is always changing
Which of the following risks would Involve individuals attacking an oil company’s IT system as a sign of solidarity against drilling in a local area?
- A . Tampering
- B . Hacking
- C . Phishing
- D . Piracy
An organization with a stable rating, as assessed by International rating agencies, has issued a bond not backed by assets or collateral. Payments of the interests and the principal to bondholders are guaranteed by the organization.
Which type of bond did the organization issue?
- A . A sinking fund bond.
- B . A secured bond.
- C . A junk bond.
- D . A debenture bond
Which of the following controls would be the most effective in preventing the disclosure of an organization’s confidential electronic information?
- A . Nondisclosure agreements between the firm and its employees.
- B . Logs of user activity within the information system.
- C . Two-factor authentication for access into the information system.
- D . limited access so information, based on employee duties
Which of the following statements is true regarding the term "flexible budgets" as it is used in accounting?
- A . The term describes budgets that exclude fixed costs.
- B . Flexible budgets exclude outcome projections, which are hard to determine, and instead rely on the most recent actual outcomes.
- C . The term is a red flag for weak budgetary control activities.
- D . Flexible budgets project data for different levels of activity.
Which of the following types of date analytics would be used by a hospital to determine which patients are likely to require remittance for additional treatment?
- A . Predictive analytics.
- B . Prescriptive analytics.
- C . Descriptive analytics.
- D . Diagnostic analytics.
Which of the following represents a basis for consolidation under the International Financial Reporting Standards?
- A . Variable entity approach.
- B . Control ownership.
- C . Risk and reward.
- D . Voting interest.
A financial institution receives frequent and varied email requests from customers for funds to be wired out of their accounts.
Which verification activity would best help the institution avoid falling victim to phishing?
- A . Reviewing the customer’s wire activity to determine whether the request is typical.
- B . Calling the customer at the phone number on record to validate the request.
- C . Replying to the customer via email to validate the sender and request.
- D . Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.
A chief audit executive wants to implement an enterprisewide resource planning software.
Which of the following internal audit assessments could provide overall assurance on the likelihood of the software implementation’s success?
- A . Readiness assessment.
- B . Project risk assessment.
- C . Post-implementation review.
- D . Key phase review.
Management has established a performance measurement focused on the accuracy of disbursements. The disbursement statistics, provided daily to ail accounts payable and audit staff, include details of payments stratified by amount and frequency.
Which of the following is likely to be the greatest concern regarding this performance measurement?
- A . Articulation of the data
- B . Availability of the data.
- C . Measurability of the data
- D . Relevance of the data.
Which of the following statements. Is most accurate concerning the management and audit of a web server?
- A . The file transfer protocol (FTP) should always be enabled.
- B . The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.
- C . The number of ports and protocols allowed to access the web server should be maximized.
- D . Secure protocols for confidential pages should be used instead of dear-text protocols such as HTTP or FTP.
Which of the following disaster recovery plans includes recovery resources available at the site, but they may need to be configured to support the production system?
- A . Warm site recovery plan.
- B . Hot site recovery plan.
- C . Cool site recovery plan.
- D . Cold site recovery plan.
Which of the following describes the most appropriate set of tests for auditing a workstation’s logical access controls?
- A . Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.
- B . Review the password length, frequency of change, and list of users for the workstation’s login process.
- C . Review the list of people who attempted to access the workstation and failed, as well as error messages.
- D . Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity
In an effort to increase business efficiencies and improve customer service offered to its major trading partners, management of a manufacturing and distribution company established a secure network, which provides a secure channel for electronic data interchange between the company and its partners.
Which of the following network types is illustrated by this scenario?
- A . A value-added network.
- B . A local area network.
- C . A metropolitan area network.
- D . A wide area network.
An internal auditor is assessing the risks related to an organization’s mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems.
Which of the following types of smart device risks should the internal Auditor be most concerned about?
- A . Compliance.
- B . Privacy
- C . Strategic
- D . Physical security
Which of following best demonstrates the application of the cost principle?
- A . A company reports trading and investment securities at their market cost
- B . A building purchased last year for $1 million is currently worth ©1.2 million, but the company still reports the building at $1 million.
- C . A building purchased last year for ©1 million is currently worth £1,2 million, and the company adjusts the records to reflect the current value
- D . A company reports assets at either historical or fair value, depending which is closer to market value.
Which of the following backup methodologies would be most efficient in backing up a database in the production environment?
- A . Disk mirroring of the data being stored on the database.
- B . A differential backup that is performed on a weekly basis.
- C . An array of independent disks used to back up the database.
- D . An incremental backup of the database on a daily basis.
What is the primary purpose of an Integrity control?
- A . To ensure data processing is complete, accurate, and authorized.
- B . To ensure data being processed remains consistent and intact.
- C . To monitor the effectiveness of other controls
- D . To ensure the output aligns with the intended result.
In an organization that produces chocolate, the leadership team decides that the organization will open a milk production facility for its milk chocolate.
Which of the following strategies have the organization chosen?
- A . Vertical integration.
- B . Unrelated diversification.
- C . Differentiation
- D . Focus
An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?
- A . Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.
- B . Orders, commands, and advice are sent to the subsidiaries from headquarters.
- C . Poop o of local nationality are developed for the best positions within their own country.
- D . There is a significant amount of collaboration between headquarters and subs diaries.
An internal auditor was assigned to test for ghost employees using data analytics. The auditor extracted employee data from human resources and payroll. Using spreadsheet functions, the auditor matched data sets by name and assumed that employees who were not present in each data set should be investigated further. However, the results seemed erroneous, as very few employees matched across all data sets.
Which of the following data analytics steps has the auditor most likely omitted?
- A . Data analysis.
- B . Data diagnostics.
- C . Data velocity.
- D . Data normalization.