A.  

Lower shareholder control

B.  

lower indebtedness

C.  

Higher company earnings per share.

D.  

Higher overall company earnings

A.  

Measure product performance against an established standard.

B.  

Develop standard methods for performing established activities.

C.  

Require the grouping of activities under a single manager.

D.  

Assign each employee a reasonable workload.

A.  

The sole responsibility for change management is assigned to an experienced and competent IT team

B.  

Change management follows a consistent process and is done in a controlled environment.

C.  

Internal audit participates in the implementation of change management throughout the organisation.

D.  

All changes to systems must be approved by the highest level of authority within an organization.

A.  

The company's code of ethics.

B.  

The third-party management risk register.

C.  

The signed service-level agreement.

D.  

The subcontractors' annual satisfaction survey.

A.  

At fair value with changes reported in the shareholders' equity section.

B.  

At fair value with changes reported in net income.

C.  

At amortized cost in the income statement.

D.  

As current assets in the balance sheet

A.  

Password selection.

B.  

Password aging.

C.  

Password lockout.

D.  

Password rotation.

A.  

Average cost method

B.  

First-in, first-out (FIFO) method

C.  

Specific identification method

D.  

Activity-based costing method

A.  

Logical access controls monitor application usage and generate audit trails.

B.  

The development process is designed to prevent, detect, and correct errors that may occur.

C.  

A record is maintained to track the process of data from input, to output, to storage.

D.  

Business users' requirements are documented, and their achievement is monitored.

A.  

1 and 2.

B.  

1 and 4.

C.  

3 and 4.

D.  

2 and 3.

A.  

Data is synchronized in real time.

B.  

Recovery time is expected to be less than one week.

C.  

Servers are not available and need to be procured.

D.  

Recovery resources and data restore processes have been defined.

A.  

Anti-malware software

B.  

Authentication

C.  

Spyware

D.  

Rooting

A.  

There is a greater need for organizations to rely on users to comply with policies and procedures.

B.  

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

C.  

Incident response times are less critical in the BYOD environment compared to a traditional environment.

D.  

There is greater sharing of operational risk in a BYOD environment.

A.  

It calculates the overall value of a project.

B.  

It ignores the time value of money.

C.  

It calculates the time a project takes to break even.

D.  

It begins at time zero for the project.

A.  

Cost of sales and net income are understated

B.  

Cost of sales and net income are overstated

C.  

Cost of sales is understated and net income is overstated

D.  

Cost of sales is overstated and net income is understated

A.  

Firewalls.

B.  

Activity logs.

C.  

Antivirus software.

D.  

File encryption.

A.  

Encrypted data cannot be locked to prevent further access

B.  

Default settings cannot be restored on the device.

C.  

All data, cannot be completely removed from the device

D.  

Mobile device management software is required for successful remote wipe

A.  

Initiation.

B.  

Planning.

C.  

Execution.

D.  

Monitoring.

A.  

It explains the assumption mat both costs and revenues are linear through the relevant range

B.  

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.  

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.  

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

A.  

Vertical integration.

B.  

Unrelated diversification.

C.  

Differentiation

D.  

Focus

A.  

Less than 12 percent.

B.  

12 percent.

C.  

Between 12.01 percent and 12.50 percent.

D.  

More than 12 50 percent.

A.  

Project plan development.

B.  

Project plan execution

C.  

Integrated change control.

D.  

Project quality planning

A.  

Cost-plus contract.

B.  

Turnkey contract.

C.  

Service contract.

D.  

Solutions contract.

A.  

Process analysis

B.  

Process mining

C.  

Data analysis.

D.  

Data mining

A.  

Cash payback

B.  

Annual rate of return

C.  

Incremental analysis

D.  

Net present value

A.  

To restore all data and systems immediately after the occurrence of an incident.

B.  

To set the maximum allowable downtime to restore systems and data after the occurrence of an incident.

C.  

To set the point in time to which systems and data must be recovered after the occurrence of an incident.

D.  

To restore data and systems to a previous point in time after the occurrence of an incident

A.  

Cash budget.

B.  

Budgeted balance sheet.

C.  

Selling and administrative expense budget.

D.  

Budgeted income statement.

A.  

Commissions.

B.  

Stock options

C.  

Gain-sharing bonuses.

D.  

Allowances

A.  

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

B.  

Hackers breaching the organization's network to access research and development reports

C.  

A denial-of-service attack that prevents access to the organization's website.

D.  

A hacker accessing she financial information of the company

A.  

Management trail controls

B.  

Output controls.

C.  

Integrity controls

D.  

input controls

A.  

Application management

B.  

Data center management

C.  

Managed security services

D.  

Systems integration

A.  

Require complex passwords to be established and changed quarterly

B.  

Require swipe cards to control entry into secure data centers.

C.  

Monitor access to the data center with closed circuit camera surveillance.

D.  

Maintain current role definitions to ensure appropriate segregation of duties

A.  

Disk mirroring of the data being stored on the database.

B.  

A differential backup that is performed on a weekly basis.

C.  

An array of independent disks used to back up the database.

D.  

An incremental backup of the database on a daily basis.

A.  

Linking performance to profitability measures such as return on investment.

B.  

Linking performance to the stock price.

C.  

Linking performance to quotas such as units produced.

D.  

Linking performance to nonfinancial measures such as customer satisfaction and employees training

A.  

Whether customers are asked to renew their consent for their data processing at least quarterly.

B.  

Whether private data is processed in accordance with the purpose for which the consent was obtained?

C.  

Whether the organization has established explicit and entitywide policies on data transfer to third parties.

D.  

Whether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

A.  

50 units

B.  

60 units

C.  

70 units

D.  

1:20 units

A.  

Phishing.

B.  

Ransomware.

C.  

Hacking.

D.  

Makvare

A.  

Approval of identity request

B.  

Access logging.

C.  

Monitoring privileged accounts

D.  

Audit of access rights

A.  

A sinking fund bond.

B.  

A secured bond.

C.  

A junk bond.

D.  

A debenture bond

A.  

Big data is often structured.

B.  

Big data analytic results often need to be visualized.

C.  

Big data is often generated slowly and is highly variable.

D.  

Big data comes from internal sources kept in data warehouses.

A.  

A supplier of electrical parts analyzed an instances where different types of spare parts were out of stock prior to scheduled deliveries of those parts.

B.  

A supplier of electrical parts analyzed sales, applied assumptions related to weather conditions, and identified locations where stock levels would decrease more quickly.

C.  

A supplier of electrical parts analyzed all instances of a part being, out of stock poor to its scheduled delivery date and discovered that increases in sales of that part consistently correlated with stormy weather.

D.  

A supplier of electrical parts analyzed sales and stock information and modelled different scenarios for making decisions on stock reordering and delivery

A.  

Firewall.

B.  

Encryption.

C.  

Antivirus.

D.  

Biometrics.

A.  

Fixed maintenance costs.

B.  

Variable maintenance costs.

C.  

Mixed maintenance costs.

D.  

Indirect maintenance costs.

A.  

Management must ensure information storage systems are appropriately defined and processes to update critical data elements are clear.

B.  

External auditors must ensure that analytical models are periodically monitored and maintained.

C.  

The board must implement controls around data quality dimensions to ensure that they are effective.

D.  

Internal auditors must ensure the quality and security of data, with a heightened focus on the riskiest data elements.

A.  

Monitoring network traffic.

B.  

Using whitelists and blacklists to manage network traffic.

C.  

Restricting access and blocking unauthorized access to the network

D.  

Educating employees throughout the company to recognize phishing attacks.

A.  

Boundary defense

B.  

Malware defense.

C.  

Penetration tests

D.  

Wireless access controls

A.  

The term describes budgets that exclude fixed costs.

B.  

Flexible budgets exclude outcome projections, which are hard to determine, and instead rely on the most recent actual outcomes.

C.  

The term is a red flag for weak budgetary control activities.

D.  

Flexible budgets project data for different levels of activity.

A.  

An ABC costing system is similar to conventional costing systems in how it treats the allocation of manufacturing overhead.

B.  

An ABC costing system uses a single unit-level basis to allocate overhead costs to products.

C.  

An ABC costing system may be used with either a job order or a process cost accounting system.

D.  

The primary disadvantage of an ABC costing system is less accurate product costing.

A.  

1 and 2

B.  

1 and 4

C.  

3 and A

D.  

2 and 3

A.  

Esteem by colleagues.

B.  

Self-fulfillment

C.  

Series of belonging in the organization

D.  

Job security

A.  

Cost of sales and net income are understated.

B.  

Cost of sales and net income are overstated.

C.  

Cost of sales is understated and not income is overstated.

D.  

Cost of sales is overstated and net Income is understated.

A.  

Communication conflicts

B.  

Slower decision making.

C.  

Loss of economies of scale

D.  

Vulnerabilities in sharing knowledge

A.  

At the value agreed upon by the partners.

B.  

At book value.

C.  

At fair value

D.  

At the original cost.

A.  

Hot recovery plan

B.  

Warm recovery plan

C.  

Cold recovery plan

D.  

Absence of recovery plan

A.  

Compare to the annual cost of capital

B.  

Compare to the annual interest data.

C.  

Compare to the required rate of return.

D.  

Compare to the net present value.

A.  

Direct, product costs.

B.  

Indirect product costs.

C.  

Direct period costs,

D.  

Indirect period costs

A.  

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

B.  

Breakeven point is the amount of units sold to cover variable costs.

C.  

Breakeven occurs when the contribution margin covers fixed costs.

D.  

Following breakover1, he operating income will increase by the excess of fixed costs less the variable costs per units sold.

A.  

Lack of coordination among different business units

B.  

Operational decisions are inconsistent with organizational goals

C.  

Suboptimal decision making

D.  

Duplication of business activities

A.  

The auditor is normalizing data in preparation for analyzing it.

B.  

The auditor is analyzing the data in preparation for communicating the results,

C.  

The auditor is cleaning the data in preparation for determining which processes may be involves .

D.  

The auditor is reviewing trio data prior to defining the question

A.  

System backups should always be performed real time.

B.  

Backups should be stored in a secured location onsite for easy access.

C.  

The tape rotation schedule affects how long data is retained

D.  

Backup media should be restored only m case of a hardware or software failure

A.  

Greater cost-effectiveness

B.  

Increased economies of scale

C.  

Larger talent pool

D.  

Strong internal controls

A.  

Project portfolio.

B.  

Project development

C.  

Project governance.

D.  

Project management methodologies

A.  

1 and 3 only

B.  

1 and 4 only

C.  

2 and 3 only

D.  

3 and 4 only

A.  

Nondisclosure agreements between the firm and its employees.

B.  

Logs of user activity within the information system.

C.  

Two-factor authentication for access into the information system.

D.  

limited access so information, based on employee duties

A.  

Increased dependence on suppliers.

B.  

Increased importance of market strategy.

C.  

Decreased sensitivity to government regulation

D.  

Decreased focus on costs

A.  

Ease of use.

B.  

Value to the business.

C.  

Intrusion prevention.

D.  

Ergonomic model.

A.  

Immediately report the issue to the board to ensure timely corrective actions are taken to resolve the risk

B.  

Continue discussions with the security manager until he is persuaded and agrees to increase branch security

C.  

Document the security manager’s decision to accept the risk in the audit workpapers

D.  

Escalate the issue to the bank’s chief security officer to determine acceptability of the risk

A.  

Organize the auditable units within the organization into an audit universe to facilitate risk assessment

B.  

Select auditable units within the organization based on monetary values

C.  

Evaluate auditable units based on senior management's information about risks

D.  

Eliminate auditable units not mandated to be audited by laws and regulations applicable to the organization

A.  

The responsible personnel

B.  

The status of the action plan

C.  

A referral to the policy or procedure

D.  

The level of risk

A.  

Greater cost-effectiveness

B.  

Increased economies of scale

C.  

Larger talent pool

D.  

Strong internal controls

A.  

Visibility, validity, vulnerability

B.  

Velocity, variety, volume

C.  

Complexity, completeness, constancy

D.  

Continuity, control, convenience

A.  

The file transfer protocol (FTP) should always be enabled

B.  

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts

C.  

The number of ports and protocols allowed to access the web server should be maximized

D.  

Secure protocols for confidential pages should be used instead of clear-text protocols such as HTTP or FTP

A.  

Board of directors.

B.  

Senior management.

C.  

Chief financial officer.

D.  

Accounting personnel.

A.  

Gain sharing

B.  

Commission

C.  

Profit sharing

D.  

Pension

A.  

To ensure data processing is complete, accurate, and authorized

B.  

To ensure data being processed remains consistent and intact

C.  

To monitor the effectiveness of other controls

D.  

To ensure the output aligns with the intended result

A.  

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room

B.  

Review the password length, frequency of change, and list of users for the workstation’s login process

C.  

Review the list of people who attempted to access the workstation and failed, as well as error messages

D.  

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

A.  

1 and 2

B.  

1 and 3

C.  

2 and 4

D.  

3 and 4

A.  

A retina characteristics reader.

B.  

A PIN code reader.

C.  

A card-key scanner.

D.  

A fingerprint scanner.

A.  

Higher cash flow and treasury balances.

B.  

Higher inventory balances.

C.  

Higher accounts receivable.

D.  

Higher accounts payable.

A.  

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.  

A combination of product and functional departments allows management to utilize personnel from various functions.

C.  

Authority, responsibility, and accountability of the units involved may vary based on the project's life or the organization's culture.

D.  

It is best suited for firms with scattered locations or for multi-line, large-scale firms.

A.  

A star

B.  

A cash cow

C.  

A question mark

D.  

A dog

A.  

Tampering

B.  

Hacking

C.  

Phishing

D.  

Piracy

A.  

Lack of coordination among different business units

B.  

Operational decisions are inconsistent with organizational goals

C.  

Suboptimal decision-making

D.  

Duplication of business activities

A.  

Version control

B.  

Privacy

C.  

Portability

D.  

Secure authentication

A.  

Report identifying data that is outside of system parameters.

B.  

Report identifying general ledger transactions by time and individual.

C.  

Report comparing processing results with original input.

D.  

Report confirming that the general ledger data was processed without error.

A.  

Theory of constraints.

B.  

Just-in-time method.

C.  

Activity-based costing.

D.  

Break-even analysis

A.  

The auditor eliminated duplicate information

B.  

The auditor organized data to minimize useless information

C.  

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and addressed

D.  

The auditor ensured data fields were consistent and that data could be used for a specific purpose

A.  

Identify data anomalies and outliers

B.  

Define questions to be answered

C.  

Identify data sources available

D.  

Determine the scope of the data extract

A.  

Salary and status.

B.  

Responsibility and advancement.

C.  

Work conditions and security.

D.  

Peer relationships and personal life.

A.  

Individual workstation computer controls are not as important as companywide server controls

B.  

Particular attention should be paid to housing workstations away from environmental hazards

C.  

Cybersecurity issues can be controlled at an enterprise level, making workstation-level controls redundant

D.  

With security risks near an all-time high, workstations should not be connected to the company network

A.  

Risk tolerance.

B.  

Performance.

C.  

Threats and opportunities.

D.  

Governance.

A.  

Compare to the annual cost of capital.

B.  

Compare to the annual interest rate.

C.  

Compare to the required rate of return.

D.  

Compare to the net present value.

A.  

IT application-based controls

B.  

IT systems development controls

C.  

Environmental controls

D.  

IT governance controls

A.  

Formulas and static data are locked or protected.

B.  

The spreadsheet is stored on a network server that is backed up daily.

C.  

The purpose and use of the spreadsheet are documented.

D.  

Check-in and check-out software is used to control versions.

A.  

Initiation phase.

B.  

Bidding phase.

C.  

Development phase.

D.  

Management phase.

A.  

An organization’s website becomes flooded with malicious traffic on the first day of the online shopping season, causing the website to crash and preventing customers from purchasing deals online

B.  

The employees of a retail organization responded to emails with a link to malware that enabled a hacker to access the point-of-sale system and obtain customers’ credit card information

C.  

An organization’s employees clicked on a link that allowed a worm to infiltrate and encrypt the organization’s operating system, rendering it unusable. A group of hackers is demanding payment to unlock the encryption

D.  

A group of online activists hacked into the private email and confidential records of the local police department and released the information online to expose the corrupt practices of the department

A.  

Voice recognition and token

B.  

Password and fingerprint

C.  

Fingerprint and voice recognition

D.  

Password and token

A.  

High-yield bonds

B.  

Commodity-backed bonds

C.  

Zero-coupon bonds

D.  

Junk bonds

A.  

Hot recovery plan

B.  

Warm recovery plan

C.  

Cold plan

D.  

Absence of recovery plan

A.  

A witness verifies the quantities of the copies signed.

B.  

A witness verifies that the contract was signed with the free consent of the promisor and promise.

C.  

A witness ensures the completeness of the contract between the promisor and promise.

D.  

A witness validates that the signatures on the contract were signed by tire promisor and promise.

A.  

Requested backup tapes were not returned from the offsite vendor In a timely manner.

B.  

Returned backup tapes from the offsite vendor contained empty spaces.

C.  

Critical systems have boon backed up more frequently than required.

D.  

Critical system backup tapes are taken off site less frequently than required

A.  

Average cost method

B.  

First-in, first-out (FIFO) method

C.  

Specific identification method

D.  

Activity-based costing method

A.  

Predictive analytics.

B.  

Prescriptive analytics.

C.  

Descriptive analytics.

D.  

Diagnostic analytics.

A.  

26 days.

B.  

90 days,

C.  

100 days.

D.  

110 days

A.  

Decrease the transfer price

B.  

Increase the transfer price

C.  

Charge at the arm's length price

D.  

Charge at the optimal transfer price

A.  

Analyze invoice payments just under individual authorization limits.

B.  

Analyze stratification of inventory adjustments by warehouse location.

C.  

Analyze Inventory Invoice amounts and compare with approved contract amounts.

D.  

Analyze differences discovered curing duplicate payment testing.

A.  

Higher cash flow and treasury balances.

B.  

Higher inventory balances

C.  

Higher accounts receivable.

D.  

Higher accounts payable

A.  

Restricting server room access to specific individuals

B.  

Housing servers with sensitive software away from environmental hazards

C.  

Ensuring that all user requirements are documented

D.  

Performing of intrusion testing on a regular basis

A.  

Clothing company designs, makes, and sells a new item.

B.  

A commercial construction company is hired to build a warehouse.

C.  

A city department sets up a new firefighter training program.

D.  

A manufacturing organization acquires component parts from a contracted vendor

A.  

Compliance.

B.  

Privacy

C.  

Strategic

D.  

Physical security

A.  

1 and 2 only

B.  

2 and 3 only

C.  

1, 2 and 4 only

D.  

2, 3, and 4 only

A.  

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

B.  

Review the password length, frequency of change, and list of users for the workstation's login process.

C.  

Review the list of people who attempted to access the workstation and failed, as well as error messages.

D.  

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

A.  

Risk tolerance

B.  

Performance

C.  

Threats and opportunities

D.  

Governance

A.  

When an employee accesses an online digital certificate

B.  

When an employee's biometrics have been accepted.

C.  

When an employee creates a unique digital signature,

D.  

When an employee uses a key fob to produce a token.

A.  

Export strategy.

B.  

Transnational strategy

C.  

Multi-domestic strategy

D.  

Globalization strategy

A.  

Maintenance service items such as production support.

B.  

Management of infrastructure services, including network management.

C.  

Physical hosting of mainframes and distributed servers

D.  

End-to -end security architecture design.

A.  

Job complicating

B.  

Job rotation

C.  

Job enrichment

D.  

Job enlargement

A.  

Anti-malware software

B.  

Authentication

C.  

Spyware

D.  

Rooting

A.  

Review the call center script used by customer service agents to interact with callers, and update the script if necessary.

B.  

Be-emphasize the importance of call center employees completing a certain number of calls per hour.

C.  

Retrain call center staff on area processes and common technical issues that they will likely be asked to resolve.

D.  

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

A.  

The auditor eliminated duplicate information.

B.  

The auditor organized data to minimize useless information.

C.  

The auditor made data usable for a specific purpose by ensuring that anomalies were Identified and corrected.

D.  

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

A.  

They improve the effectiveness of spot check testing techniques.

B.  

They allow greater insight into high risk areas.

C.  

They reduce the overall scope of the audit engagement,

D.  

They increase the internal auditor's objectivity.

A.  

An offboarding procedure is initiated monthly to determine redundant physical access rights.

B.  

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

C.  

Requests for additional access rights are sent for approval and validation by direct supervisors.

D.  

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

A.  

The chief audit executive (CAE) must discuss this disagreement with senior management and communicate this information to external stakeholders

B.  

The CAE must include this disagreement in the final audit report and conclude the engagement

C.  

The CAE must make a judgment regarding the prudence of that decision and report to the board if needed

D.  

The CAE must establish a follow-up process to monitor the acceptable risk level as part of the engagement

A.  

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

B.  

Joint costs, incremental processing costs, and variable manufacturing expenses.

C.  

Incremental revenue, joint costs, and incremental processing costs.

D.  

Variable manufacturing expenses, incremental revenue, and joint costs

A.  

Frozen site

B.  

Cold site

C.  

Warm site

D.  

Hot site

A.  

Reactive strategy.

B.  

Cost leadership strategy.

C.  

Differentiation strategy.

D.  

Focus strategy

A.  

Top management does little monitoring of the decisions made at lower levels.

B.  

The decisions made at the lower levels of management are considered very important.

C.  

Decisions made at lower levels in the organizational structure are few.

D.  

Reliance is placed on top management decision making by few of the organization's departments.

A.  

Excessive collecting of information

B.  

Application of social engineering

C.  

Retention of incomplete information.

D.  

Undue disclosure of information

A.  

Six Sigma,

B.  

Quality circle.

C.  

Value chain analysis.

D.  

Theory of constraints.

A.  

Gather risk appetite data

B.  

Inform the internal legal counsel

C.  

Inform the board

D.  

Consult with the organization's regulators

A.  

Operational management

B.  

External auditors

C.  

The CEO

D.  

Internal assurance providers

A.  

Draft separate audit reports for business and IT management.

B.  

Conned IT audit findings to business issues.

C.  

Include technical details to support IT issues.

D.  

Include an opinion on financial reporting accuracy and completeness.

A.  

Only preventive measures.

B.  

Alternative and reactive measures.

C.  

Preventive and alternative measures.

D.  

Preventive and reactive measures.

A.  

A balanced scorecard.

B.  

A quality audit

C.  

Earned value analysis.

D.  

Trend analysis

A.  

They help identify gaps and duplications in an organization’s assurance coverage

B.  

They allow the board to coordinate activities of internal and external assurance providers

C.  

They help identify which assurance provider is responsible for performing each audit listed in the annual internal audit plan

D.  

They allow internal auditors to map competencies and specialty areas of the assurance providers in an organization

A.  

Whether every call that the service provider received was logged by the help desk.

B.  

Whether a unique identification number was assigned to each issue identified by the service provider

C.  

Whether the service provider used its own facilities to provide help desk services

D.  

Whether the provider's responses and resolutions were well defined according to the service-level agreement.

A.  

A summary of the strategic plan of the area under review

B.  

Appropriate response options for when findings are disputed by management

C.  

An explanation of the resources needed for each engagement

D.  

The extent of the auditor's authority to collect data from management

A.  

Improve skills by strengthening staff competencies

B.  

Map the audit risk assessment to the organization's strategic plan

C.  

Collaborate with other risk management functions in the organization

D.  

Refine its audit processes according to the Global Internal Audit Standards

A.  

To exploit core competence.

B.  

To increase market synergy.

C.  

To deliver enhanced value.

D.  

To reduce costs.

A.  

Less use of policies and procedures.

B.  

Less organizational commitment by employees.

C.  

Less emphasis on extrinsic rewards.

D.  

Less employee’s turnover.

A.  

A revenue calculation spreadsheet supported with price and volume reports from the production department.

B.  

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions.

C.  

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantities.

D.  

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances

A.  

Veracity, velocity, and variety.

B.  

Integrity, availability, and confidentiality.

C.  

Accessibility, accuracy, and effectiveness.

D.  

Authorization, logical access, and physical access.

A.  

The organization's customer satisfaction index does not show any signs of improvement

B.  

No budget or resources have been allocated to implement corrective measures

C.  

The board has not been informed about the planned improvements approved by senior management

D.  

Employees responsible for improvements are resisting any additional workload

A.  

Deploys data visualization tool.

B.  

Adopt standardized data analysis software.

C.  

Define analytics objectives and establish outcomes.

D.  

Eliminate duplicate records.

A.  

Escalate the issue to the chief risk officer

B.  

Raise the issue with senior management

C.  

Continue with the assurance engagement as planned

D.  

Place the assurance engagement on hold due to inappropriate timing

A.  

Design and recommend an appropriate response to the risk

B.  

Discuss the risk and the implications of the risk with management responsible for the risk area

C.  

Schedule an audit of the risk area to assess the risk likelihood and impact

D.  

Prepare a memo to report the risk to the board

A.  

Yes, in order to be efficient and make better use of internal audit resources

B.  

No, as the finance department is an internal department of the organization

C.  

Yes, but the finance manager would be responsible for supporting the conclusions of the work

D.  

No, the internal audit function should do its own verification and should not rely on the work of finance

A.  

HTTP sites provide sufficient security to protect customers' credit card information.

B.  

Web servers store credit cardholders' information submitted for payment.

C.  

Database servers send cardholders’ information for authorization in clear text.

D.  

Payment gatewaysauthorizecredit cardonlinepayments.

A.  

The authentication process relies on a simple password only, which is a weak method of authorization.

B.  

The system authorization of the user does not correctly reflect the access rights intended.

C.  

There was no periodic review to validate access rights.

D.  

The application owner apparently did not approve the access request during the provisioning process.

A.  

To compare records from one source to subsequently prepared records about the anti-bribery program

B.  

To ascertain the existence of certain controls in the organization's anti-bribery program

C.  

To obtain testimonial information about certain controls in the organization's anti-bribery program

D.  

To validate control information through outside parties independent of the anti-bribery program

A.  

Legal and regulatory requirements

B.  

Organization-wide risk assessment results

C.  

Key internal control activities

D.  

Organizational business objectives

A.  

Employees can choose from a variety of devices they want to utilize to privately read work emails without their employer’s knowledge.

B.  

Physical devices, such as thermostats and heat pumps, can be set to react to electricity market changes and reduce costs.

C.  

Information can be extracted more efficiently from databases and transmitted to relevant applications for in-depth analytics.

D.  

Data mining and data collection from internet and social networks is easier, and the results are more comprehensive

A.  

Constructive communications

B.  

Complete communications

C.  

Concise communications

D.  

Clear communications

A.  

Assets minus liabilities.

B.  

Total assets.

C.  

Total liabilities.

D.  

Owners contribution plus drawings.

A.  

Escalate the finding to the board, due to the significance of the risk

B.  

Recommend that management review the receivables for debts that can no longer be collected and remove them from the cash flow statement

C.  

Recommend that management review the receivables for debts that can no longer be collected and write them off

D.  

Document the finding and conclude that no immediate action is warranted, as bad debt allowances are merely estimates