Free IIA-CIA-Part3 Sample Questions — Certified Internal Auditor - Part 3 Business Analysis and Information Technology

An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two. Which of the following could be the reason for the decline in the net profit margin for year two?

• A. Cost of sales increased relative to sales
• B. Total sales increased relative to expenses
• C. The organization had a higher dividend payout rate in year two
• D. The government increased the corporate tax rate

Which of the following types of budgets will best provide the basis for evaluating the organization's performance?

• A. Cash budget
• B. Budgeted balance sheet
• C. Selling and administrative expense budget
• D. Budgeted income statement

Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

• A. Requested backup tapes were not returned from the offsite vendor in a timely manner
• B. Returned backup tapes from the offsite vendor contained empty spaces
• C. Critical systems have been backed up more frequently than required
• D. Critical system backup tapes are taken off site less frequently than required

Which mindset promotes the most comprehensive risk management strategy?

• A. Increase shareholder value
• B. Maximize market share
• C. Improve operational efficiency
• D. Mitigate losses

To assess the effectiveness of an organization's privacy program, which of the following approaches should an internal auditor take?

• A. Conduct a series of employee interviews
• B. Conduct penetration tests
• C. Review privacy policies and procedures
• D. Analyze the life cycle of sensitive data

Which of the following intangible assets is considered to have an indefinite life?

• A. Underground oil deposits
• B. Copyright
• C. Trademark
• D. Land

Which of the following analytical techniques would an internal auditor use to verify that none of an organization's employees are receiving fraudulent invoice payments?

• A. Perform gap testing
• B. Join different data sources
• C. Perform duplicate testing
• D. Calculate statistical parameters

Which of the following actions is most likely to gain support for process change?

• A. Set clear objectives
• B. Engage the various communities of practice within the organization
• C. Demonstrate support from senior management
• D. Establish key competencies

Which of the following is a distinguishing feature of managerial accounting, which is not applicable to financial accounting?

• A. Managerial accounting uses double-entry accounting and cost data
• B. Managerial accounting uses general accepted accounting principles
• C. Managerial accounting involves decision making based on quantifiable economic events
• D. Managerial accounting involves decision making based on predetermined standards

Which of the following describes a typical desktop workstation used by most employees in their daily work?

• A. Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network
• B. Workstation contains software that controls information flow between the organization's network and the Internet
• C. Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network
• D. Workstation contains software that manages user's access and processing of stored data on the organization's network

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?

• A. Determining the frequency with which backups will be performed
• B. Prioritizing the order in which business systems would be restored
• C. Assigning who in the IT department would be involved in the recovery procedures
• D. Assessing the resources needed to meet the data recovery objectives

Which of the following is a key characteristic of a zero-based budget?

• A. zero-based budget provides estimates of costs that would be incurred under different levels of activity
• B. zero-based budget maintains focus on the budgeting process
• C. zero-based budget is prepared each year and requires each item of expenditure to be justified
• D. zero-based budget uses input from lower-level and middle-level managers to formulate budget plans

In an analysis of alternative credit-management policies, which of the following components will cause the net present value of receivables on credit sales to increase, if everything else remains constant?

• A. tougher collections policy that reduces the bad debt loss ratio
• B. higher cost per unit sold
• C. longer average collection period
• D. An increase in the cost of capital

Which of the following is the most likely reason an organization may decide to undertake a stock split?

• A. To keep stock price constant
• B. To keep shareholders' equity constant
• C. To increase shareholders' equity
• D. To enhance the stock liquidity

Which of the following statements is true regarding the "management-by-objectives" method?

• A. Management by objectives is most helpful in organizations that have rapid changes
• B. Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks
• C. Management by objectives helps organizations to keep employees motivated
• D. Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Which of the following data security policies is most likely to be the result of a data privacy law?

• A. Access to personally identifiable information is limited to those who need it to perform their job
• B. Confidential data must be backed up and recoverable within a 24-hour period
• C. Updates to systems containing sensitive data must be approved before being moved to production
• D. record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods

Which of the following is a result of implementing an e-commerce system, which relies heavily on electronic data interchange and electronic funds transfer, for purchasing and billing?

• A. Higher cash flow and treasury balances
• B. Higher inventory balances
• C. Higher accounts receivable
• D. Higher accounts payable

An internal auditor is assigned to perform data analytics. Which of the following is the next step the auditor should undertake after she has ascertained the value expected from the review?

• A. Normalize the data
• B. Obtain the data
• C. Identify the risks
• D. Analyze the data

Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized. As such, which of the following would be a characteristic of the now highly centralized organization?

• A. Top management does little monitoring of the decisions made at lower levels
• B. The decisions made at the lower levels of management are considered very important
• C. Decisions made at lower levels in the organizational structure are few
• D. Reliance is placed on top management decision making by few of the organization's departments

Under a value-added taxing system:

• A. Businesses must pay a tax only if they make a profit
• B. The consumer ultimately bears the cost of the tax through higher prices
• C. Consumer savings are discouraged
• D. The amount of value added is the difference between an organization's sales and its cost of goods sold