A.  

1, 2, and 3

B.  

1, 2, and 4

C.  

1, 3, and 4

D.  

2, 3, and 4

A.  

200 units.

B.  

300 units.

C.  

500 units.

D.  

1,000 units.

A.  

1 and 3

B.  

1 and 4

C.  

2 and 3

D.  

2 and 4

A.  

Y should be listed as an investment asset on X's balance sheet

B.  

X must consolidate the financial statements for both organizations

C.  

Y should be reported as a footnote to X's financial statements

D.  

Y should not be reported by X as X does not have a controlling interest

A.  

Controls that focus on segregation of duties, financial and change management

B.  

Personnel policies that define and enforce conditions for staff in sensitive IT areas

C.  

Standards that support IT policies by more specifically defining required actions

D.  

Controls that focus on data structures and the minimum level of documentation required

A.  

The cash dividends received increase the investee investment account accordingly.

B.  

The investee must adjust the investment account by the ownership interest.

C.  

The investment account is adjusted downward by the percentage of ownership.

D.  

The investee must record the cash dividends as dividend revenue.

A.  

A list of trustworthy good traffic and a list of unauthorized blocked traffic.

B.  

Monitoring for vulnerabilities based on industry intelligence

C.  

Comprehensive service level agreements with vendors.

D.  

Firewall and other network penmeter protection tools.

A.  

Version control

B.  

Privacy

C.  

Portability

D.  

Secure authentication

A.  

Commissions.

B.  

Stock options.

C.  

Gain-sharing bonuses.

D.  

Allowances.

A.  

Community institutional and agricultural banking.

B.  

Mortgages credit cards and savings

C.  

South southwest and east.

D.  

Teller manager and IT specialist

A.  

It would provide the ability to monitor in real-time.

B.  

It would assist in securing sensitive data.

C.  

It would help detect cyberattacks in a more timely fashion.

D.  

It would assist in ensuring that data integrity is maintained.

A.  

Cost of raw material inventory items is decreasing.

B.  

Process to manufacture goods is more efficient.

C.  

Labor productivity to produce goods is increasing.

D.  

Write-off of inventory is increasing.

A.  

Residual income.

B.  

A flexible budget.

C.  

Variance analysis.

D.  

A contribution margin income statement by segment.

A.  

Use the equity method to recalculate the investment carrying value

B.  

Confirm the securities held by the broker

C.  

Perform a calculation of premium or discount amortization.

D.  

Compare the carrying value with current market quotations

A.  

Internally encrypted passwords

B.  

System access privileges.

C.  

Logon passwords

D.  

Protocol controls.

A.  

An employee receives an email that appears to be from the organization's bank, though it is not. The employee replies to the email and sends the requested confidential information.

B.  

An organization's website has been hacked. The hacker added political content that is not consistent with the organization's views.

C.  

An organization's systems have been compromised by malicious software. The software locks the organization's operating system until d ransom is paid.

D.  

An organization's communication systems have been intercepted. A communication session is controlled by an unauthorized third party.

A.  

Conduct an individual audit of the mainframe general controls and separate application control audits of the individual applications in a phased manner

B.  

Conduct a single consolidated audit of both the mainframe general controls and the application controls for all of the applications that use the mainframe

C.  

Conduct individual audits of each application and include in each audit the general controls of the mainframe relevant to the individual application

D.  

Conduct a series of location-based audits that cover both the general and application IT controls an systems across the location

A.  

Lack of flexibility.

B.  

Incompatibility with client/server technology.

C.  

Employee resistance to change.

D.  

Inadequate technical support.

A.  

A zero-based budget provides estimates of costs that would be incurred under different levels of activity.

B.  

A zero-based budget maintains focus on the budgeting process.

C.  

A zero-based budget is prepared each year and requires each item of expenditure to be justified.

D.  

A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.

A.  

Common stock pays dividends as a stated percentage of face value.

B.  

Common stock has priority over preferred stock with regard to earnings and assets.

C.  

Preferred dividends are usually cumulative.

D.  

Preferred stock with no conversion feature has a higher dividend yield than does convertible preferred stock.

A.  

Review and acquire the external audit service.

B.  

Assess the appraisal and actuarial services.

C.  

Determine the selection criteria.

D.  

Identify regulatory requirements to be considered.

A.  

Lack of awareness of the state of processing.

B.  

Increased cost and complexity of network traffic.

C.  

Interference of the mirrored data with the original source data.

D.  

Confusion about where customer data are stored.

A.  

Intranet.

B.  

Extranet.

C.  

Digital subscriber line.

D.  

Broadband.

A.  

The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.

B.  

The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.

C.  

The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.

D.  

The organization should work with the service provider to review the current agreement and

expectations relating to objectives, processes, and overall performance.

A.  

Standardization.

B.  

Global marketing.

C.  

Limited exporting.

D.  

Domestic marketing.

A.  

Decrease by about 17 percent.

B.  

Decrease by about 7 percent.

C.  

Increase by about 7 percent.

D.  

Increase by about 17 percent.

A.  

Both the key used to encrypt the data and the key used to decrypt the data are made public.

B.  

The key used to encrypt the data is kept private but the key used to decrypt the data is made public.

C.  

The key used to encrypt the data is made public but the key used to decrypt the data is kept private.

D.  

Both the key used to encrypt the data and the key used to decrypt the data are made private.

A.  

Globally accepted standards for industries and processes.

B.  

Bridging the gaps among control requirements, technical issues, and business risks.

C.  

Practical guidance and benchmarks for all organizations that use information systems.

D.  

Frameworks and guidance on enterprise risk management, internal control, and fraud deterrence.

A.  

Project portfolio.

B.  

Project development.

C.  

Project governance.

D.  

Project management methodologies.

A.  

Cold recovery plan

B.  

Critical recovery plan

C.  

Warm recovery plan

D.  

Tested recovery plan

A.  

The risk that users try to bypass controls and do not install required software updates.

B.  

The risk that smart devices can be lost or stolen due to their mobile nature.

C.  

The risk that an organization intrusively monitors personal information stored on smart devices.

D.  

The risk that proprietary information is not deleted from the device when an employee leaves.

A.  

Digital analysis for statistically unlikely occurrences that may indicate system tampering.

B.  

Verification of the completeness and integrity of the obtained data.

C.  

Detailed review of the data contents to strategize the best analytical techniques.

D.  

Calculation of statistical parameters to identify outliers requiring further scrutiny.

A.  

Linking performance to profitability measures such as return on investment.

B.  

Linking performance to the stock price.

C.  

Linking performance to quotas such as units produced.

D.  

Linking performance to nonfinancial measures such as customer satisfaction and employees training.

A.  

Change the contract so payment is based on the distances traveled by the contractor during collection.

B.  

Renegotiate a lump-sum contract when the contract is up for renewal

C.  

Assign a city employee to verify the number of bins emptied each day

D.  

Require that the contractor provide supervisory review of the number of bins emptied each day

A.  

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

B.  

Hackers breaching the organization's network to access research and development reports.

C.  

A denial-of-service attack that prevents access to the organization's website.

D.  

A hacker accessing the financial information of the company.

A.  

Divesting product lines expected to have negative profitability.

B.  

Increasing the diversity of strategic business units.

C.  

Increasing investment in research and development for a new product.

D.  

Relocating the organization's manufacturing to another country.

A.  

Identity data anomalies and outliers

B.  

Define questions to be answered

C.  

identify data sources available

D.  

Determine the scope of the data extract

A.  

1 and 3 only.

B.  

1 and 4 only.

C.  

2 and 3 only

D.  

3 and 4 only.

A.  

Initiation phase.

B.  

Bidding phase.

C.  

Development phase.

D.  

Negotiation phase

A.  

Assigning new roles and responsibilities for senior IT management.

B.  

Growing use of bring your own devices tor organizational matters

C.  

Expansion of operations into new markets with united IT access

D.  

Hiring new personnel within the IT department tor security purposes

A.  

Cold recovery plan.

B.  

Outsourced recovery plan.

C.  

Storage area network recovery plan.

D.  

Hot recovery plan.

A.  

Providing fire detection and suppression equipment

B.  

Establishing a physical security policy and promoting it throughout the organization

C.  

Performing business continuity and disaster recovery planning

D.  

Keeping an offsite backup of the organization's critical data

A.  

To protect the effective performance of IT general and application controls.

B.  

To regulate users' behavior in the web and cloud environment.

C.  

To prevent unauthorized access to information assets.

D.  

To secure application of protocols and authorization routines.

A.  

Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current

legislation requirements in both regions.

B.  

Include a "right to audit" clause in the contract and impose detailed security obligations on the

outsourced vendor

C.  

Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services

D.  

Develop an incident monitoring and response plan to track breaches from internal and external sources

A.  

Establish separate vendor creation and approval teams.

B.  

Develop and distribute a code of conduct that prohibits conflicts of interest.

C.  

Perform a regular review of the vendor master file.

D.  

Require submission of a conflict-of-interest declaration.

A.  

Backup servers in the data center are stored in an environmentally controlled location

B.  

All users have a unique ID and password to access data

C.  

Swipe cards are used to access the data center

D.  

Firewalls and antivirus protection are in place to prevent unauthorized access to data.

A.  

Cash payback technique.

B.  

Annual rate of return technique.

C.  

Internal rate of return method.

D.  

Net present value method.

A.  

Functional departmentalization.

B.  

Product departmentalization.

C.  

Matrix organization.

D.  

Divisional organization.

A.  

An effective internal audit function is one of the four cornerstones of good governance.

B.  

Those performing governance activities are accountable to the customer.

C.  

Accountability is one of the key elements of organizational governance.

D.  

Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

A.  

Sort on product identification code and identify missing product identification codes.

B.  

Review store identification code and identify missing product identification codes.

C.  

Compare product identification codes for consecutive periods.

D.  

Compare product identification codes by store for consecutive periods.

A.  

Established strategy of players.

B.  

Low number of new firms.

C.  

High unit costs.

D.  

Technical expertise.

A.  

It uses the same products in all countries.

B.  

It centralizes control with little decision-making authority given to the local level.

C.  

It is an effective strategy when large differences exist between countries.

D.  

It provides cost advantages, improves coordinated activities, and speeds product development.

A.  

Chain.

B.  

All-channel.

C.  

Circle.

D.  

Wheel.

A.  

Conduct periodic assessments of the organization's governance systems.

B.  

Obtain assurance concerning the effectiveness of the organization's governance systems.

C.  

Implement an effective system of internal controls to support the organization's governance systems.

D.  

Review and approve operational goals and objectives.

A.  

$160

B.  

$210

C.  

$350

D.  

$490

A.  

1 only

B.  

2 only

C.  

3 only

D.  

2 and 3 only

A.  

The cost of goods sold for the period will be understated.

B.  

The cost of goods sold for the period will be overstated.

C.  

The net income for the period will be understated.

D.  

There will be no effect on the cost of goods sold or the net income for the period.

A.  

Cash discounts.

B.  

Quantity discounts.

C.  

Functional discounts.

D.  

Seasonal discounts.

A.  

Develop a bargaining zone that lies between $50 million and $70 million and create sets of outcomes between $50 million and $70 million.

B.  

Adopt an added-value negotiating strategy, develop a bargaining zone between $50 million and $70 million, and create sets of outcomes between $50 million and $70 million.

C.  

Involve a mediator as a neutral party who can work with the textile company's management to determine a bargaining zone.

D.  

Develop a bargaining zone that lies between $55 million and $60 million and create sets of outcomes between $55 million and $60 million.

A.  

Each party's negotiator presents a menu of options to the other party.

B.  

Each party adopts one initial position from which to start.

C.  

Each negotiator minimizes the information provided to the other party.

D.  

Each negotiator starts with an offer, which is optimal from the negotiator's perspective.

A.  

In a regressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

B.  

In a regressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

C.  

In a progressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

D.  

In a progressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

A.  

1 and 2 only

B.  

2 and 3 only

C.  

3 and 4 only

D.  

1, 2, and 3 only

A.  

It is expected that there will be slow retaliation from incumbents.

B.  

The acquiring organization has information that the selling organization is weak.

C.  

The number of bidders to acquire the organization for sale is low.

D.  

The condition of the economy is poor.

A.  

In a matrix organization, conflict between functional and product managers may arise.

B.  

In a matrix organization, staff under dual command is more likely to suffer stress at work.

C.  

Matrix organizations offer the advantage of greater flexibility.

D.  

Matrix organizations minimize costs and simplify communication.

A.  

Dairy manufacturing company taking over a large dairy farm.

B.  

A movie producer acquires movie theaters.

C.  

A petroleum processing company acquires an agro-processing firm.

D.  

A baker taking over a competitor.

A.  

Conform with all other parts of The IIA's Standards and provide appropriate disclosures.

B.  

Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.

C.  

Continue the engagement without conforming with the other parts of The IIA's Standards.

D.  

Withdraw from the engagement.

A.  

1 and 2 only

B.  

1 and 3 only

C.  

2 and 3 only

D.  

1, 2, and 3

A.  

Ensuring that payments to the vendor are appropriate and timely for the services delivered.

B.  

Ensuring that the vendor has complete management control of the outsourced process.

C.  

Ensuring that there are means of monitoring the efficiency of the outsourced process.

D.  

Ensuring that there are means of monitoring the effectiveness of the outsourced process.

A.  

A multinational company has stockholders in other countries.

B.  

A multinational company exports its products to other countries.

C.  

A multinational company operates outside of its country of origin.

D.  

A multinational company uses raw materials and components from more than one country.

A.  

1 only

B.  

2 and 4 only

C.  

1, 3, and 4 only

D.  

1, 2, 3, and 4

A.  

Identify redundant controls.

B.  

Improve budgeting accuracy.

C.  

Enhance assurance provided to management.

D.  

Assist in developing audit programs.

A.  

Firewalls can protect against computer viruses.

B.  

Firewalls monitor attacks from the Internet.

C.  

Firewalls provide network administrators tools to retaliate against hackers.

D.  

Firewalls may be software-based or hardware-based.