A.  

Error listings.

B.  

Distribution controls.

C.  

Transaction logging.

D.  

Systems development controls.

A.  

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.  

A combination of product and functional departments allows management to utilize personnel from various functions.

C.  

Authority, responsibility, and accountability of the units involved may vary based on the project's life or the organization's culture.

D.  

It is best suited for firms with scattered locations or for multi-line, large-scale firms.

A.  

Managerial accounting uses double-entry accounting and cost data.

B.  

Managerial accounting uses general accepted accounting principles.

C.  

Managerial accounting involves decision making based on quantifiable economic events.

D.  

Managerial accounting involves decision making based on predetermined standards.

A.  

To protect the effective performance of IT general and application controls.

B.  

To regulate users' behavior it the web and cloud environment.

C.  

To prevent unauthorized access to information assets.

D.  

To secure application of protocols and authorization routines.

A.  

Average cost method

B.  

First-in, first-out (FIFO) method

C.  

Specific identification method

D.  

Activity-based costing method

A.  

Restricting server room access to specific individuals.

B.  

Housing servers with sensitive software away from environmental hazards.

C.  

Ensuring that all user requirements are documented.

D.  

Performing intrusion testing on a regular basis.

A.  

Prompt response and remediation policy

B.  

Inventory of information assets

C.  

Information access management

D.  

Standard security configurations

A.  

Hot recovery plan

B.  

Warm recovery plan

C.  

Cold recovery plan

D.  

Absence of recovery plan

A.  

Encrypted physical copies of the data, and their encryption keys are stored together at the organization and are readily available upon request.

B.  

Encrypted physical copies of the data are stored separately from their encryption keys, and both are held in secure locations a few hours away from the organization.

C.  

Encrypted reports on usage and database structure changes are stored on a cloud-based, secured database that is readily accessible.

D.  

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readilyavailable.

A.  

Vertical integration.

B.  

Unrelated diversification.

C.  

Differentiation

D.  

Focus

A.  

Output controls.

B.  

Input controls

C.  

Processing controls.

D.  

Integrity controls.

A.  

Legal and regulatory requirements

B.  

Organization-wide risk assessment results

C.  

Key internal control activities

D.  

Organizational business objectives

A.  

Whether every call that the service provider received was logged by the help desk.

B.  

Whether a unique identification number was assigned to each issue identified by the service provider

C.  

Whether the service provider used its own facilities to provide help desk services

D.  

Whether the provider's responses and resolutions were well defined according to the service-level agreement.

A.  

To compare records from one source to subsequently prepared records about the anti-bribery program

B.  

To ascertain the existence of certain controls in the organization's anti-bribery program

C.  

To obtain testimonial information about certain controls in the organization's anti-bribery program

D.  

To validate control information through outside parties independent of the anti-bribery program

A.  

UDAs are less flexible and more difficult to configure than traditional IT applications.

B.  

Updating UDAs may lead to various errors resulting from changes or corrections.

C.  

UDAs typically are subjected to application development and change management controls.

D.  

Using UDAs typically enhances the organization's ability to comply with regulatory factors.

A.  

Top management does little monitoring of the decisions made at lower levels.

B.  

The decisions made at the lower levels of management are considered very important.

C.  

Decisions made at lower levels in the organizational structure are few.

D.  

Reliance is placed on top management decision making by few of the organization's departments.

A.  

Facial comparison using photo identification.

B.  

Signature comparison.

C.  

Voice comparison.

D.  

Retinal print comparison.

A.  

It easily aligns with existing internal audit competencies to reduce expenses

B.  

It provides a more holistic view of the audited area.

C.  

Its outcomes can be easily interpreted into audit: conclusions.

D.  

Its application increases internal auditors' adherence to the Standards

A.  

Deploys data visualization tool.

B.  

Adopt standardized data analysis software.

C.  

Define analytics objectives and establish outcomes.

D.  

Eliminate duplicate records.

A.  

Key performance indicators.

B.  

Reports of software customization.

C.  

Change and patch management.

D.  

Master data management

A.  

Yes, in order to be efficient and make better use of internal audit resources

B.  

No, as the finance department is an internal department of the organization

C.  

Yes, but the finance manager would be responsible for supporting the conclusions of the work

D.  

No, the internal audit function should do its own verification and should not rely on the work of finance

A.  

Net income would be understated.

B.  

Net income would not be affected.

C.  

Net income would be overstated.

D.  

Net income would be negative.

A.  

Risk tolerance.

B.  

Performance.

C.  

Threats and opportunities.

D.  

Governance.

A.  

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters

B.  

Orders, commands, and advice are sent to the subsidiaries from headquarters

C.  

People of local nationality are developed for the best positions within their own country

D.  

There is a significant amount of collaboration between headquarters and subsidiaries

A.  

Agreements with sanctioned vendors discovered by internal audit will be placed on hold until further notice from the government

B.  

A new procedure of vendor onboarding will be implemented to ensure that all new vendors undergo screenings against the sanctions list

C.  

Controls will be embedded in the vendor management processes to ensure that new and existing vendors are compliant with changes to the sanctions list

D.  

The legal team will be asked to prepare counter arguments to dispute audit findings and potential inquiries from the governmental authority

A.  

Normalization

B.  

Velocity

C.  

Structuration

D.  

Veracity

A.  

Social benefits.

B.  

Compensation.

C.  

Job safety.

D.  

Recognition

A.  

Time spent on coaching the internal audit function on new engagement procedures

B.  

Time spent on the preliminary risk assessment of the engagement

C.  

Time spent for the documentation of supporting files for the engagement

D.  

Time spent on reporting the results of the engagement

A.  

High-yield bonds

B.  

Commodity-backed bonds

C.  

Zero-coupon bonds

D.  

Junk bonds

A.  

It is useful when losses are considered insignificant.

B.  

It provides a better alignment with revenue.

C.  

It is the preferred method according to The IIA.

D.  

It states receivables at net realizable value on the balance sheet.

A.  

A router operates at layer two. while a switch operates at layer three of the open systems interconnection model.

B.  

A router transmits data through frames, while a switch sends data through packets.

C.  

A router connects networks, while a switch connects devices within a network.

D.  

A router uses a media access control address during the transmission of data, whie a switch uses an internet protocol address.

A.  

Wide area network.

B.  

Local area network

C.  

Metropolitan area network.

D.  

Storage area network.

A.  

Analysis of the full population of existing data.

B.  

Verification of the completeness and integrity of existing data.

C.  

Continuous monitoring on a repetitive basis.

D.  

Analysis of the databases of partners, such as suppliers.

A.  

Communicate the issue to senior management

B.  

Discuss the issue with members of management responsible for the risk area

C.  

Report the situation to the external auditors

D.  

Escalate the issue to the board

A.  

Identification of achievable goals and timelines

B.  

Analysis of the competitive environment.

C.  

Plan for the procurement of resources

D.  

Plan for progress reporting and oversight.

A.  

Prior to releasing engagement results to parties outside of the organization, the audit committee must assess the potential risk to the organization, consult with senior management and/or legal counsel, and control dissemination by restricting the use of the results

B.  

During an advisory engagement, if a significant governance issue is identified, it must be communicated to senior management and the board

C.  

The engagement supervisor is responsible for communicating the final results to the chief audit executive and other parties who can ensure that the results are given due consideration

D.  

The audit committee is responsible for reviewing and approving the final engagement communication before issuance and for deciding to whom and how it will be disseminated

A.  

Improve skills by strengthening staff competencies

B.  

Map the audit risk assessment to the organization's strategic plan

C.  

Collaborate with other risk management functions in the organization

D.  

Refine its audit processes according to the Global Internal Audit Standards

A.  

Lawfulness.

B.  

Consideration.

C.  

Agreement.

D.  

Discharge

A.  

To ensure data processing is complete, accurate, and authorized

B.  

To ensure data being processed remains consistent and intact

C.  

To monitor the effectiveness of other controls

D.  

To ensure the output aligns with the intended result

A.  

Legitimate authority

B.  

Coercive authority.

C.  

Referent authority.

D.  

Expert authority.

A.  

Online surveys sent randomly to employees.

B.  

Direct onsite observations of employees.

C.  

Town hall meetings with employees.

D.  

Face-to-face interviews with employees.

A.  

Anti-malware software

B.  

Authentication

C.  

Spyware

D.  

Rooting

A.  

It leads to an increase in risk and often results in rework.

B.  

It is an optimization technique where activities are performed in parallel rather than sequentially.

C.  

It involves a revaluation of project requirements and/or scope.

D.  

It is a compression technique in which resources are added so the project.

A.  

2 and 3 only.

B.  

1, 2, and 3 only

C.  

1, 3, and 4 only

D.  

2, 3, and 4 only

A.  

Theory of constraints.

B.  

Just-in-time method.

C.  

Activity-based costing.

D.  

Break-even analysis

A.  

To verify that the application meets stated user requirements.

B.  

To verify that standalone programs match code specifications.

C.  

To verify that the application would work appropriately for the intended number of users.

D.  

To verify that all software and hardware components work together as intended.

A.  

Annual rate of return.

B.  

Incremental analysis.

C.  

Discounted cash flow.

D.  

Cash payback

A.  

It explains the assumption mat both costs and revenues are linear through the relevant range

B.  

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.  

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.  

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

A.  

Board of directors.

B.  

Senior management.

C.  

Chief financial officer.

D.  

Accounting personnel.

A.  

An incorrect program fix was implemented just prior to the database backup.

B.  

The organization is preparing to train all employees on the new self-service benefits system.

C.  

There was a data center failure that requires restoring the system at the backup site.

D.  

There is a need to access prior year-end training reports for all employees in the human resources database

A.  

Only preventive measures.

B.  

Alternative and reactive measures.

C.  

Preventive and alternative measures.

D.  

Preventive and reactive measures.

A.  

First-in. first-out method (FIFO).

B.  

Last-in, first-out method (LIFO).

C.  

Specific identification method.

D.  

Average-cost method

A.  

It calculates the overall value of a project.

B.  

It ignores the time value of money.

C.  

It calculates the time a project takes to break even.

D.  

It begins at time zero for the project.

A.  

A star

B.  

A cash cow

C.  

A question mark

D.  

A dog

A.  

A summary of the strategic plan of the area under review

B.  

Appropriate response options for when findings are disputed by management

C.  

An explanation of the resources needed for each engagement

D.  

The extent of the auditor's authority to collect data from management

A.  

At the value agreed upon by the partners

B.  

At book value

C.  

At fair value

D.  

At the original cost

A.  

In order to maintain good relationships with senior management

B.  

Cybersecurity is a new area for auditors to learn

C.  

Cybersecurity has been identified as a high risk during the annual risk assessment

D.  

The Global Internal Audit Standards require that all management-requested engagements be included in the annual internal audit plan

A.  

A balanced scorecard.

B.  

A quality audit

C.  

Earned value analysis.

D.  

Trend analysis

A.  

Approval of identity request

B.  

Access logging.

C.  

Monitoring privileged accounts

D.  

Audit of access rights

A.  

A risk management maturity model

B.  

A risk matrix

C.  

An annual assurance map

D.  

An internal control framework

A.  

Greater cost-effectiveness

B.  

Increased economies of scale

C.  

Larger talent pool

D.  

Strong internal controls

A.  

The perpetrator is able to delete data on the network without physical access to the device.

B.  

The perpetrator is able to exploit network activities for unapproved purposes.

C.  

The perpetrator is able to take over control of data communication in transit and replace traffic.

D.  

The perpetrator is able to disable default security controls and introduce additional vulnerabilities

A.  

Cash payback

B.  

Annual rate of return

C.  

Incremental analysis

D.  

Net present value

A.  

Liquidity ratios.

B.  

Profitability ratios.

C.  

Solvency ratios.

D.  

Current ratios.

A.  

The organization is responsible for maintaining an effective QAIP

B.  

The organization is responsible for the internal assessment of the QAIP

C.  

The service provider is responsible for the external assessment of the QAIP every three years

D.  

The QAIP should be postponed until the organization insources or cosources the internal audit function

A.  

Authorization

B.  

Architecture model

C.  

Firewall

D.  

Virtual private network

A.  

Fraud committed through collusion is more likely when authority is centralized.

B.  

Centralized managerial authority typically enhances certainty and consistency within an organization.

C.  

When authority is centralized, the alignment of activities to achieve business goals typically is decreased.

D.  

Using separation of duties to mitigate collusion is reduced only when authority is centralized.

A.  

Readiness assessment.

B.  

Project risk assessment.

C.  

Post-implementation review.

D.  

Key phase review.

A.  

Firewall.

B.  

Encryption.

C.  

Antivirus.

D.  

Biometrics.

A.  

Operational management

B.  

External auditors

C.  

The CEO

D.  

Internal assurance providers

A.  

Remote wipe.

B.  

Software encryption.

C.  

Device encryption.

D.  

Authentication.

A.  

Just-in-time delivery plans.

B.  

Backup plans.

C.  

Contingency plans.

D.  

Standing plans.

A.  

Requested backup tapes were not returned from the offsite vendor In a timely manner.

B.  

Returned backup tapes from the offsite vendor contained empty spaces.

C.  

Critical systems have boon backed up more frequently than required.

D.  

Critical system backup tapes are taken off site less frequently than required

A.  

Require board oversight of the QAIP

B.  

Assess Standards conformance for each individual assurance engagement

C.  

Conduct a self-assessment at least once every five years

D.  

Report the results of the QAIP to the board

A.  

The sole responsibility for change management is assigned to an experienced and competent IT team

B.  

Change management follows a consistent process and is done in a controlled environment.

C.  

Internal audit participates in the implementation of change management throughout the organisation.

D.  

All changes to systems must be approved by the highest level of authority within an organization.

A.  

A flat structure results in lower operating and support costs than a hierarchical structure.

B.  

A flat structure results in a stable and very collaborative environment.

C.  

A flat structure enables field auditors to report to and learn from senior auditors.

D.  

A flat structure is more dynamic and offers more opportunities for advancement than a hierarchical structure.

A.  

Revise the internal audit plan to reduce coverage of new strategic critical areas so that the approved budget can be met

B.  

Reduce the scope of the remainder of the engagements in the internal audit plan to reduce overall costs

C.  

Communicate to senior management and the board the risk of not being able to complete the audit plan

D.  

Continue to complete the plan regardless of the budget variances, as the audit function is invaluable to sound corporate governance

A.  

Intrinsic reward.

B.  

Job enrichment

C.  

Extrinsic reward.

D.  

The hierarchy of needs.

A.  

Recommend improvements to the organization’s governance policies, processes, and structures

B.  

Define a hiring plan to address competency gaps needed to execute the audit plan

C.  

Construct periodic self-assessments, ongoing monitoring, and external assessments to measure quality

D.  

Assess the needs and expectations of the board, senior management, and external auditors

A.  

Management by objectives is most helpful in organizations that have rapid changes.

B.  

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.  

Management by objectives helps organizations to keep employees motivated.

D.  

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.

A.  

The auditor eliminated duplicate information

B.  

The auditor organized data to minimize useless information

C.  

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and addressed

D.  

The auditor ensured data fields were consistent and that data could be used for a specific purpose

A.  

Information integrity risk.

B.  

Privacy risk.

C.  

Access risk.

D.  

Software risk.

A.  

Gain sharing

B.  

Commission

C.  

Profit sharing

D.  

Pension

A.  

Escalate the concern to senior management

B.  

Send a letter to responsible management and provide a deadline to accept the risk

C.  

Escalate the concern to the board

D.  

Discuss the issue with the members of responsible management

A.  

Face or finger recognition equipment,

B.  

Radio-frequency identification chips to authenticate employees with cards.

C.  

A requirement to clock in and clock out with a unique personal identification number.

D.  

A combination of a smart card and a password to clock in and clock out.

A.  

Conduct interviews with senior management of the business unit

B.  

Request information from the business unit regarding the corrective actions taken

C.  

Review the previous audit findings and management's response

D.  

Conduct a walkthrough of the business unit

A.  

Constructive communications

B.  

Complete communications

C.  

Concise communications

D.  

Clear communications

A.  

A just-in-time purchasing environment

B.  

A Large volume of custom purchases

C.  

A variable volume sensitive to material cost

D.  

A currently inefficient purchasing process

A.  

Organization A

B.  

Organization B

C.  

Organization C

D.  

Organization D

A.  

Nondisclosure agreements between the firm and its employees.

B.  

Logs of user activity within the information system.

C.  

Two-factor authentication for access into the information system.

D.  

limited access so information, based on employee duties

A.  

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.  

A combination of product and functional departments allows management to utilize personnel from various Junctions.

C.  

Authority, responsibility and accountability of the units Involved may vary based on the project's life, or the organization's culture

D.  

It is best suited for firms with scattered locations or for multi-line, Large-scale firms.

A.  

Lower shareholder control

B.  

lower indebtedness

C.  

Higher company earnings per share.

D.  

Higher overall company earnings

A.  

The risk that users try to bypass controls and do not install required software updates

B.  

The risk that smart devices can be lost or stolen due to their mobile nature

C.  

The risk that an organization intrusively monitors personal information stored on smart devices

D.  

The risk that proprietary information is not deleted from the device when an employee leaves

A.  

Motion detectors.

B.  

Key card access to the facility.

C.  

Security cameras.

D.  

Monitoring access to data center workstations

A.  

Periodic assessments

B.  

Ongoing monitoring

C.  

Full external assessments

D.  

Self-Assessment with Independent Validation (SAIV)

A.  

UDAs arid traditional JT applications typically follow a similar development life cycle

B.  

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

C.  

Unlike traditional IT applications. UDAs typically are developed with little consideration of controls.

D.  

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

A.  

Locating servers in locked rooms with restricted admission.

B.  

Applying encryption where confidentiality is a stated requirement.

C.  

Allocating and controlling access rights according to the organization's stated policy.

D.  

Ensuring a tightly controlled process for applying all changes and patches to software, systems, network components, and data.

A.  

The effect of the observation

B.  

The criteria of the observation

C.  

The condition of the observation

D.  

The cause of the observation

A.  

Value-added network (VAN).

B.  

Local area network (LAN).

C.  

Metropolitan area network (MAN).

D.  

Wide area network (WAN).

A.  

An organization’s website becomes flooded with malicious traffic on the first day of the online shopping season, causing the website to crash and preventing customers from purchasing deals online

B.  

The employees of a retail organization responded to emails with a link to malware that enabled a hacker to access the point-of-sale system and obtain customers’ credit card information

C.  

An organization’s employees clicked on a link that allowed a worm to infiltrate and encrypt the organization’s operating system, rendering it unusable. A group of hackers is demanding payment to unlock the encryption

D.  

A group of online activists hacked into the private email and confidential records of the local police department and released the information online to expose the corrupt practices of the department

A.  

Big data is being generated slowly due to volume.

B.  

Big data must be relevant for the purposes of organizations.

C.  

Big data comes from a single type of formal.

D.  

Big data is always changing

A.  

Volume.

B.  

Velocity.

C.  

Variety.

D.  

Veracity.

A.  

The organization's operating expenses are increasing.

B.  

The organization has adopted just-in-time inventory.

C.  

The organization is experiencing Inventory theft

D.  

The organization's inventory is overstated.

A.  

Duplicate testing.

B.  

Joining data sources.

C.  

Gap analysis.

D.  

Classification

A.  

Functional structure.

B.  

Divisional structure.

C.  

Mechanistic structure.

D.  

Functional structure with cross-functional teams.

A.  

Phishing.

B.  

Ransomware.

C.  

Hacking.

D.  

Makvare

A.  

Internal audit charter

B.  

Annual internal audit plan

C.  

Internal audit policies

D.  

Quality assurance and improvement program

A.  

The auditor eliminated duplicate information.

B.  

The auditor organized data to minimize useless information.

C.  

The auditor made data usable for a specific purpose by ensuring that anomalies were Identified and corrected.

D.  

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

A.  

Analyze Invoice payments just under individual authorization limits.

B.  

Analyze stratification of inventory adjustments by warehouse location.

C.  

Analyze inventory invoice amounts and compare with approved contract amounts.

D.  

Analyze differences discovered during duplicate payment testing

A.  

Big data is often structured.

B.  

Big data analytic results often need to be visualized.

C.  

Big data is often generated slowly and is highly variable.

D.  

Big data comes from internal sources kept in data warehouses.

A.  

Conduct an inventory of access rights of all employees who have changed their position within the last year

B.  

Remove unneeded access rights for uncovered instances and reprimand system administrators for carelessness

C.  

Provide system administrators with job descriptions of employees and let them determine relevant access rights

D.  

Require that access rights to IT systems be ordered by process owners based on user role descriptions

A.  

The degree of risk associated with a proposed change determines whether the change request requires authorization

B.  

Program changes generally are developed and tested in the production environment.

C.  

Changes are only required by software programs

D.  

To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner

A.  

Install and update anti-virus software.

B.  

Implement data encryption techniques.

C.  

Set data availability by user need.

D.  

Upgrade firewall configuration

A.  

Reviewing the customer's wire activity to determine whether the request is typical.

B.  

Calling the customer at the phone number on record to validate the request.

C.  

Replying to the customer via email to validate the sender and request.

D.  

Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.

A.  

Engagement supervisor

B.  

Chief audit executive

C.  

The board

D.  

The internal audit team

A.  

Higher cash flow and treasury balances.

B.  

Higher inventory balances

C.  

Higher accounts receivable.

D.  

Higher accounts payable

A.  

Divesting product lines expected to have negative profitability.

B.  

Increasing the diversity of strategic business units.

C.  

Increasing investment in research and development for a new product.

D.  

Relocating the organization's manufacturing to another country.

A.  

All the correspondence exchanged between the audit team and IT department demonstrating the disagreement

B.  

The audit team's findings and the IT department’s opinion

C.  

Only the audit team's findings and the reasons they require immediate action from senior management

D.  

Only the findings that were agreed upon between the audit team and the IT department

A.  

Predictive analytics.

B.  

Prescriptive analytics.

C.  

Descriptive analytics.

D.  

Diagnostic analytics.

A.  

An extranet

B.  

A local area network

C.  

An Intranet

D.  

The internet

A.  

Automated password change requirements.

B.  

System data backup process.

C.  

User testing of system changes.

D.  

Formatted data fields.

A.  

Discuss the matter with the CEO and other senior management

B.  

Recommend that disciplinary action be taken against the manager for exposing the company to such risk

C.  

Communicate to the board the current situation, including the risk exposure to the company

D.  

Take on the initiative of implementing corrective actions to mitigate the identified risks

A.  

Identification of risk-mitigating options.

B.  

Definition of IT objectives.

C.  

Identification of IT risk events.

D.  

Definition of risk response policies.

A.  

Build and maintain a collaborative network with management

B.  

Build an organization-wide risk management process

C.  

Review the organization's procedures for conducting an annual risk assessment

D.  

Review the organization's procedures for establishing its risk appetite

A.  

Scope change requests are reviewed and approved by a manager with a proper level of authority.

B.  

Cost overruns are reviewed and approved by a control committee led by the project manager.

C.  

There is a formal quality assurance process to review scope change requests before they are implemented

D.  

There is a formal process to monitor the status of the project and compare it to the cost baseline

A.  

All observations

B.  

Only observations with an action plan

C.  

Only significant observations

D.  

Only observations agreed with management

A.  

Add higher level managers to invoice approval process

B.  

Request quality-related confirmations from vendors

C.  

Conduct random inspections and testing of deliveries

D.  

Improve technical specifications of procurement documents

A.  

The organizational chart shows only formal relationships.

B.  

The organizational chart shows only the line of authority.

C.  

The organizational chart shows only the senior management positions.

D.  

The organizational chart is irrelevant when testing the control environment.

A.  

Regular review of logs.

B.  

Two-level authentication.

C.  

Photos on smart cards.

D.  

Restriction of access hours.

A.  

Firewalls.

B.  

Activity logs.

C.  

Antivirus software.

D.  

File encryption.

A.  

Job complicating

B.  

Job rotation

C.  

Job enrichment

D.  

Job enlargement

A.  

Total tire production labor hours for the operating period.

B.  

Total tire production costs for the operating period.

C.  

Plant production employee headcount average for the operating period.

D.  

The production machinery utilization rates.

A.  

Employees can choose from a variety of devices they want to utilize to privately read work emails without their employer’s knowledge.

B.  

Physical devices, such as thermostats and heat pumps, can be set to react to electricity market changes and reduce costs.

C.  

Information can be extracted more efficiently from databases and transmitted to relevant applications for in-depth analytics.

D.  

Data mining and data collection from internet and social networks is easier, and the results are more comprehensive

A.  

1 and 2.

B.  

1 and 4.

C.  

3 and 4.

D.  

2 and 3.

A.  

Follow-up activities must be performed on an ongoing basis, such as quarterly, rather than being scheduled as specific assignments in the internal audit plan

B.  

The primary purpose of the CAE’s follow-up activities is to verify whether the audit issues raised in the audit report are valid

C.  

The CAE may plan follow-up activities on a selective basis, depending on risk significance, to verify whether management action plans were completed

D.  

Where management believes certain action plans are no longer necessary, the CAE must resolve the matter with the board and if the matter remains unresolved, communicate to senior management

A.  

The structure is dispersed geographically

B.  

The hierarchy levels are more numerous.

C.  

The span of control is wide

D.  

The tower-level managers are encouraged to exercise creativity when solving problems

A.  

Application management

B.  

Data center management

C.  

Managed security services

D.  

Systems integration

A.  

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.  

Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C.  

Applying administrative privileges to ensure right to access controls are appropriate.

D.  

Creating a standing cyber-security committee to identify and manage risks related to data security

A.  

12-digit password feature.

B.  

Security question feature.

C.  

Voice recognition feature.

D.  

Two-level sign-on feature

A.  

Placing the updated methodologies in an easily accessible location for reference

B.  

Requiring a signed acknowledgment that each auditor will comply with the updated methodologies

C.  

Preparing a recorded training that reviews the updated methodologies

D.  

Sharing a one-page summary of the updated methodologies during an internal audit function meeting

A.  

Six Sigma,

B.  

Quality circle.

C.  

Value chain analysis.

D.  

Theory of constraints.

A.  

Predictive analytics

B.  

Prescriptive analytics

C.  

Descriptive analytics

D.  

Diagnostic analytics

A.  

System backups should always be performed in real-time.

B.  

Backups should be stored in a secured location onsite for easy access.

C.  

The tape rotation schedule affects how long data is retained.

D.  

Backup media should be restored only in case of a hardware or software failure.

A.  

Controls that focus on segregation of duties, financial, and change management,

B.  

Personnel policies that define and enforce conditions for staff in sensitive IT areas.

C.  

Standards that support IT policies by more specifically defining required actions

D.  

Controls that focus on data structures and the minimum level of documentation required

A.  

Decentralized

B.  

Centralized

C.  

Departmentalized

D.  

Tall structure

A.  

Reiterating the importance of compliance with established policies and procedures.

B.  

Celebrating employees' individual excellence.

C.  

Periodically rotating operational managers.

D.  

Avoiding status differences among employees.

A.  

Version control

B.  

Privacy

C.  

Portability

D.  

Secure authentication

A.  

Direct materials, indirect materials, raw materials.

B.  

Overhead costs, direct labor, direct materials.

C.  

Direct materials, direct labor, depreciation on factory buildings.

D.  

Raw materials, factory employees' wages, production selling expenses.

A.  

Lack of coordination among different business units

B.  

Operational decisions are inconsistent with organizational goals

C.  

Suboptimal decision making

D.  

Duplication of business activities

A.  

Functional-level strategy

B.  

Corporate-level strategy.

C.  

Business-level strategy,

D.  

DepartmentsHevet strategy

A.  

To ensure proper segregation of duties

B.  

To create a master repository of user passwords

C.  

To enable monitoring for systems efficiencies

D.  

To enable tracking of privileges granted to users over time

A.  

The auditor is normalizing data in preparation for analyzing it.

B.  

The auditor is analyzing the data in preparation for communicating the results.

C.  

The auditor is cleaning the data in preparation for determining which processes may be involved.

D.  

The auditor is reviewing the data prior to defining the question.

A.  

Residual income

B.  

A flexible budget

C.  

Variance analysis.

D.  

A contribution margin income statement by segment.

A.  

26 days.

B.  

90 days,

C.  

100 days.

D.  

110 days