According to IIA guidance, which of the following corporate social responsibility (CSR) activities is appropriate for the internal audit activity to perform?
All of the following are possible explanations for a significant unfavorable material efficiency variance except:
An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud. Which of the following controls would be least effective in detecting any potential fraudulent activity?
An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows:
Product X
Product Y
Selling price per unit
$10
$13
Materials per unit (at $1/kg)
2 kg
6 kg
Monthly demand
100 units
120 units
In order to maximize profit, how much of product Y should the organization produce each month?
Which of the following is useful for forecasting the required level of inventory?
1) Statistical modeling.
2) Information about seasonal variations in demand.
3) Knowledge of the behavior of different business cycles.
4) Pricing models linked to seasonal demand.
A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software
that will remotely wipe data in case of theft or other incidents.
Which of the following should the organization ensure in exchange for the employees' consent?
Which of the following security controls would provide the most efficient and effective authentication for customers to access their online shopping account?
When using cost-volume-profit analysts which of the following will increase operating income once the break-even point has been reached?
Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?
A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?
Which of the following is most important for an internal auditor to check with regard to the database version?
Which of the following recognized competitive strategies focuses on gaining efficiencies?
Which of the following application controls verifies the accuracy of transaction results in a system?
Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?
Which of the following would most likely be found in an organization that uses a decentralized organizational structured?
Which of me following application controls is the most dependent on the password owner?
When attempting to devise creative solutions to problems, team members initially should do which of the following?
Which of the following is a security feature that involves the use of hardware and software to fitter or prevent specific information from moving between the outside network and the outside network?
Which of the following application controls checks the integrity of data entered into a business application?
Which of the following describes a typical desktop workstation used by most employees in their daily work?
In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?
Which of the following is a disadvantage of selecting a commercial software package rather than developing an application internally?
Which of the following conditions could lead an organization to enter into a new business through internal development rather than through acquisition?
During the last year, an organization had an opening inventory of $300,000, purchases of $980,000, sales of $1,850,000, and a gross margin of 40 percent. What is the closing inventory if the periodic inventory system is used?
The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:
A global business organization is selecting managers to post to various international (expatriate) assignments.
In the screening process, which of the following traits would be required to make a manager a successful expatriate?
1) Superior technical competence.
2) Willingness to attempt to communicate in a foreign language.
3) Ability to empathize with other people.
According to Porter, which of the following is associated with fragmented industries?
Which of the following is the best reason for considering the acquisition of a nondomestic organization?
An organization needs to borrow a large amount of cash to fund its expansion plan. Which of the following annual interest rates is least expensive?
Which of the following are appropriate functions for an IT steering committee?
1) Assess the technical adequacy of standards for systems design and programming.
2) Continually monitor of the adequacy and accuracy of software and hardware in use.
3) Assess the effects of new technology on the organization`s IT operations.
4) Provide broad oversight of implementation, training, and operation of new systems.
According to the waterfall cycle approach to systems development, which of the following sequence of events is correct?
During a review of a web-based application used by customers to check the status of their bank accounts, it would be most important for the internal auditor to ensure that:
An organization uses a database management system (DBMS) as a repository for data. The DBMS, in turn, supports a number of end-user developed applications which were created using fourth-generation programming languages. Some of the applications update the database. Which of the following is the most important control related to the integrity of the data in the database?
Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?
1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2) The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.
3) The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.
4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.
Which of the following statements is true regarding an organization's inventory valuation1?
Which of the following statements is true regarding the risks associated with the increased use of smart devices at work?
Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organization's systems?
Which of the following IT disaster recovery plans includes a remote site designated for recovery with available space for basic services, such as internet and telecommunications, but does not have servers or infrastructure equipment?
According to IIA guidance, which of the following is a primary component of a network security strategy?
In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?
Which of the following is a characteristic of just-in-time inventory management systems?
A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system. Which of the following is most likely the cause of the difficulty?
Which of the following does not provide operational assurance that a computer system is operating properly?
An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational
capability in the event of a disaster.
Which of the following best describes this approach to disaster recovery planning?
Which of the following cybersecurity-related activities is most likely to be performed by the second line of defense?
According to IIA guidance, which of the following is the correct order to conduct a business impact analysis (BIA) for the potential loss of an organization's network services''
1. identify resources and partners to provide required recovery services
2. Identify the business processes supporting the network functionality
3. Obtain approval of the BIA from the operating managers relative to their areas of responsibility
4. Identify the business impact if the network services cannot be performed
An organization's network administrator received an email that appeared to come from the organization's external IT service provider requesting his credentials to perform an update of a server operating system If the IT service provider did not send the email, which of the following best describes the likely purpose of the email?
Division A produces a product with a variable cost of $5 per unit and an allocated fixed cost of $3 per unit The market price of the product is $15 plus 20% selling cost. Division B currently purchases this product from an external supplier but is going to purchase it from division A for $18 Which of the following methods of transfer pricing is being used?
Which of the following application controls can be defined as controls that monitor data Being processed and in storage to ensure it remains consistent and correct?
Which of the following risks would involve individuals attacking an oil company's IT system as a sign of solidarity against drilling in a focal area?
Which of the following activities best illustrates a user's authentication control?
An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?
According to IIA guidance on IT. which of the following plans would pair the identification of critical business processes with recovery time objectives?
Which of the following situations best applies to an organization that uses a project rather man a process to accomplish its business activities?
Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?
Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?
According to MA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?
According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1) Consult on CSR program design and implementation.
2) Serve as an advisor on CSR governance and risk management.
3) Review third parties for contractual compliance with CSR terms.
4) Identify and mitigate risks to help meet the CSR program objectives.
Which of the following statements regarding program change management is not correct?
Which of the following is the primary benefit of including end users in the system development process?
According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?
One change control function that is required in client/server environments, but is not required in mainframe environments, is to ensure that: