Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIA Challenge Exam (CPA) > Business Knowledge of IA: Business Acumen > Flashcards

Business Knowledge of IA: Business Acumen Flashcards

1
Q

Fewer levels of authority, a shorter chain of command, and a wider span of control are characteristics of what type of organizational structure?

  1. Hierarchical
  2. Decentralized
  3. Centralized
  4. Hybrid
A

2- Decentralized

Rationale
A decentralized structure, also called a flat structure, is characterized by decision making dispersed in the lower levels of the organization, giving employees more freedom to take action and more autonomy. A centralized structure, also called a hierarchical, bureaucratic, or traditional structure, is one in which there are several levels of authority, a long chain of command, and a narrower span of control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

For organizational areas where processes/subprocesses potentially exist across functional lines, what is the benefit of using secondary links in a risk by process matrix?

  1. They link objectives to their relevant policies and procedures.
  2. They help show how processes are interrelated and impact each other.
  3. They help show the direct area impacted by failures in compliance and control.
  4. They furnish audit trails for use in audit programs that cross functional lines.
A

2- They help show how processes are interrelated and impact each other.

Rationale
Secondary links between processes and risks help show how processes are interrelated and affect one another. There could be any number of secondary links. The other three answer choices are not elements generally included or highlighted in detail in a risk by process matrix.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is make-to-stock rather than being special-ordered or custom-made. Considering these facts, the most common structure for this organization would be

  1. functional departmentalization.
  2. matrix organization.
  3. product departmentalization.
  4. divisional organization.
A

1- functional departmentalization.

Rationale
Organization by function is common to almost all firms at some level. It avoids duplication of effort and allows for specialization and supplied training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why are program evaluation review technique (PERT)/critical path management (CPM) charts useful for managing complex projects?

  1. Their simplicity allows for easy schedule modifications.
  2. They provide a basis for scheduling when tasks will be executed.
  3. They divide each project into sequential activities with estimated start and completion times.
  4. They identify and prioritize tasks that must be completed on time for the whole project to be completed on time.
A

4- They identify and prioritize tasks that must be completed on time for the whole project to be completed on time.

Rationale
PERT/CPM charts are used for large, complex projects that have a high degree of inter-task dependency. They graphically illustrate the critical path, which determines the total time required to complete the project and the critical activities on that path.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Projects can vary in duration and complexity, but most share similar characteristics. Which of the following is a characteristic of most projects?

  1. Doesn’t define a start date or target completion dates
  2. Includes a series of tasks and activities with a stated objective
  3. Has unlimited funding and resources
  4. Initiated at the request of regulators or as a result of new regulations
A

2- Includes a series of tasks and activities with a stated objective

Rationale
The majority of projects have clear start and end dates, a specific quantity of allocated resources, and a series of tasks and activities that allow it to reach its stated objective. Some projects (but not most) would be initiated as a result of new regulations or to meet compliance requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A matrix organization would be most appropriate for

  1. a company operating a set of geographically dispersed telephone call centers that provide technical support.
  2. a company that starts several complex, multidisciplinary engineering and construction projects each year.
  3. a retail company that sells to customers through multiple stores located in shopping malls as well as through a website and mailed catalogs.
  4. a company that provides temporary staffing to a wide variety of commercial and governmental agencies.
A

2- a company that starts several complex, multidisciplinary engineering and construction projects each year.

Rationale
A matrix organization that would assign specialists as needed to various projects would be appropriate for such a company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

____________ is the process of planning, organizing, directing, and controlling an organization’s resources (people, equipment, time, money) to achieve objectives of a temporary endeavor.

  1. Project management
  2. Organizational design
  3. Engagement planning
  4. Strategic planning
A

1- Project management

Rationale
A project is a specific temporary endeavour undertaken to achieve a particular objective or objectives. Project management is the process put in place to achieve a project’s objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is usually considered the differentiating factor in determining core vs. non-core activities of an organization?

  1. Competitive advantage
  2. Extent of process documentation
  3. Key controls determination(s)
  4. Organizational chart inclusion
A

1- Competitive advantage

Rationale
Competitive advantage is usually the differentiating factor in designating core vs. non-core activities of an organization. Key controls determinations could have applicability to both core and non-core activities. Process documentation can vary greatly between activities and is not the determining factor in judging core vs. non-core activities. Both core and non-core activities can be included on a functional organization chart.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Once an adequate understanding of a business process (and related subprocesses) and objectives has been attained, the auditor’s next step typically involves

  1. prioritizing key controls for testing.
  2. determining the existence and extent of process audit trails.
  3. identifying and assessing risks to the achievement of objectives.
  4. developing or updating the audit program for testing purposes.
A

3- identifying and assessing risks to the achievement of objectives.

Rationale
Identifying and assessing risk would be the next major step for an auditor. Prioritizing key controls comes after (or as a result of) the risk assessment process. Audit trails may be considered in the upfront business process understanding and analysis phase and/or as part of control activity specifics identification. Audit programs are developed or updated after risk assessment, control activity specifics, and audit trail determinations are completed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a major advantage of decentralized organizations?

  1. They have fewer managers than centralized organizations.
  2. They encourage increased initiative among employees.
  3. They streamline organizations and eliminate duplication of resources.
  4. They are easier to control.
A

2- They encourage increased initiative among employees.

Rationale
Increased initiative normally is associated with decentralized organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A bank is designing an on-the-job training program for its branch managers. The bank would like to design the program so that participants can complete it as quickly as possible. The training program requires that certain activities be completed before others. For example, a participant cannot make credit loan decisions without first having obtained experience in the loan department. An appropriate scheduling technique for this training program is

  1. PERT (program evaluation review technique)/CPM (critical path method).
  2. queuing theory.
  3. sensitivity analysis.
  4. linear programming.
A

1- PERT (program evaluation review technique)/CPM (critical path method).

Rationale
PERT and CPM are techniques for scheduling interrelated time-series activities and identifying any critical paths in the series of activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What organizational structure groups organizational work into specialized units and jobs?

  1. Compartmentalization
  2. Decentralization
  3. Specialization
  4. Departmentalization
A

4- Departmentalization

Rationale
Both centralized and decentralized organizations use departmentalization but in different ways and to different degrees. Departmentalization may use grouping classifications such as product, geographic, process, or customer. In addition, functional, divisional, and matrix structures are all classification groupings that result from departmentalization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What additional dimension of project management is depicted in Gantt charts as compared with flowcharts?

  1. Activity steps
  2. Time
  3. Resource allocation
  4. Cost
A

2- Time

Rationale
Gantt charts are a popular project management tool for planning and scheduling projects. They outline all of the tasks involved in a project and their order, shown against a time scale. Gantt charts show the time dimension of activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a major disadvantage of a matrix structure?

  1. Work conflicts due to dual reporting relationships
  2. Low employee participation
  3. Less efficient use of resources
  4. Loss of economies of scale
A

1- Work conflicts due to dual reporting relationships

Rationale
In a matrix structure, an employee may report to a functional head as well as a manager from another department on a special project/assignment. The matrix structure permits greater flexibility and use of resources. However, there can be accountability and work conflict issues because of the dual reporting relationship.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The following information applies to a project.

Immediate Activity Time (Days) Predecessor
A) 5 / None
B) 3 / None
C) 4 / A
D) 2 / B
E) 6 / C, D
Based on the information given, the earliest completion time for the project is

  1. 11 days.
  2. 14 days.
  3. 15 days.
  4. 20 days.
A

3- 15 days.

Rationale
There are two different activity paths listed: 5 + 4 + 6 = 15 days and 3 + 2 + 6 = 11 days. The longest path, which is called the critical path, determines the total time required to complete the project. Therefore, the earliest completion time for this project is 15 days.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A project manager is developing a schedule for a complex project that involves many different phases, tasks, and departments. Which of the following will be most helpful in this effort?

  1. Sensitivity analysis
  2. Process analysis
  3. Project charter
  4. Network analysis
A

4- Network analysis

Rationale
Network analysis is a graphical representation of a project’s tasks and schedule. It involves evaluating the network of tasks and functions that contribute to a project in order to determine the most efficient path for reaching the project goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The network below describes the interrelationships of several activities necessary to complete a project. The arrows represent the activities. The numbers between the arrows indicate the number of months to complete each activity. What is the shortest time to complete the project?

A-B: 2
B-D: 1
D-F: 2
A-C: 3
C-D: 3
C-E: 2
E-F: 1

  1. 8 months
  2. 6 months
  3. 5 months
  4. 14 months
A

1- 8 months

Rationale
The longest path from start to end is path A-C-D-F. Since all other paths are shorter in duration than path A-C-D-F, the activities along those paths can be completed before the activities along path A-C-D-F. Therefore, the amount of time to complete the activities along path A-C-D-F, which is 8 months, is the longest set of sequential durations and the shortest overall time in which the project can be completed (the critical path).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which source of potential competitive advantage for an organization would most likely afford the greatest opportunity for an internal audit activity to add value through its assurance and/or consulting services?

  1. Suppliers and raw materials
  2. Customer base
  3. Process and methodology maturity
  4. Supply chain and transportation
A

3- Process and methodology maturity

Rationale
Internal auditors can play a vital consulting and/or assurance role in supporting and strengthening risk, control, quality, and other organization frameworks from a process and methodology maturity or enhancement perspective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which are the primary elements of risk considered and documented as part of an auditor’s risk/control matrix?

  1. Magnitude and materiality
  2. Frequency and occurrence
  3. Preventive and detective
  4. Probability and impact
A

4- Probability and impact

Rationale
Probability, also called likelihood, and (potential) impact are the two primary elements of risk considered and highlighted in an auditor’s risk (impact) and control matrix, along with other components (objective, key risk, activity, and controls). Preventive and detective relate to the nature of controls. Magnitude and materiality relate more to impact but do not formally or necessarily consider (or address) probability. Frequency and occurrence relate more to probability but do not address impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In the context of organizational structure, what does the term “span of control” refer to?

  1. Line of authority in the organization
  2. Number of employees in management or supervisory positions
  3. Number of employees who report to an individual in the chain of command
  4. Organization’s formal decision-making framework
A

3- Number of employees who report to an individual in the chain of command

Rationale
The chain of command refers to the line of authority in the organization (i.e., who reports to whom), while the span of control refers to the number of employees (subordinates) who report to a particular individual. Span of control is used to determine how many subordinates can be managed effectively and efficiently by a manager or supervisor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is one of the first things internal auditors should do when preparing for an audit of an outsourced business process?

  1. Assess why a business process has been outsourced in the first place.
  2. Understand whether the business process has been outsourced to a local or international party.
  3. Determine whether the organization has a defined third-party risk management program and governance structure.
  4. Compare outsourced costs to in-house cost alternatives.
A

3- Determine whether the organization has a defined third-party risk management program and governance structure.

Rationale
The third-party risk management program provides a starting point for identifying outsourcing risk appetite, policies, roles and responsibilities, and available tools to control third-party risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which component of COSO’s Internal Control—Integrated Framework sets the foundation for the overall system of internal controls?

  1. Control activities
  2. Monitoring
  3. Control environment
  4. Risk assessment
A

3- Control environment

Rationale
The control environment includes the governance framework of an organization and is where the “tone at the top” (including commitment to internal control) is established. Objectives are set at and from the top (which falls within the context of an organization’s overall governance framework and entity-level controls in the control environment).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

If an internal auditor discovers that a project manager has been “crashing” to affect a project’s critical path, the internal auditor should also examine

  1. the cost of project resources against the budgeted costs.
  2. the ethics guidelines to determine if a conflict of interest has occurred.
  3. the slack time of the project.
  4. the expense reports of the project manager to look for unusual travel or expenditures.
A

1- the cost of project resources against the budgeted costs.

Rationale
The process of adding resources to shorten the length of a task on the critical path is called “crashing.” If the project manager is using this technique, it is unlikely that the project has any slack time, but the auditor should examine the cost of the resources against the budgeted costs to determine the relative costs of shortening the project’s time line in this way. The auditor can also determine whether the technique produced the desired result, which would usually be to get the project back on schedule (or some variant of that).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The project management triangle consists of which of the following?

  1. Scope, cost, quality, time
  2. Plan, scope, approach, deliverables
  3. Plan, execute, complete
  4. Scope, approach, time, quality
A

1- Scope, cost, quality, time

Rationale
The project management triangle is the traditional approach to performing and delivering projects. It includes four elements: scope, cost, quality, and time. A change to one of these elements impacts the other elements. This means that the elements form project constraints that compete with each other. For example, a tight time frame may mean increased cost and reduced scope or a tight budget might mean increased time and reduced scope.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following is an activity in the logistics process?

  1. Shipping and dispatch
  2. Purchasing product
  3. Manufacturing product
  4. Agreeing contract terms with clients
A

1- Shipping and dispatch

Rationale
The logistics process consists of inbound logistics (receiving products/raw materials and transporting to warehouse), warehousing (inventory storage and picking), and outbound logistics (shipping and dispatch of product to customer).

25
Q

An organization that operates in a highly competitive and changing market would most likely use which of the following organizational structures?

  1. Balanced hierarchy
  2. Decentralized
  3. Centralized
  4. Totally virtual
A

2- Decentralized

Rationale
In order to remain competitive and adaptable, many organizations adopt a flatter organizational structure.

26
Q

What is an example of external documents an internal auditor would review as part of overall process documentation review procedures for a heavily outsourced activity?

  1. Board of directors’ meeting minutes
  2. Monthly management process exceptions reporting
  3. Independent vendor due diligence reports
  4. Most recent internal audit activity external quality assurance report
A

3- Independent vendor due diligence reports

Rationale
In a heavily outsourced activity environment, an important example of external documents that an auditor would request and review are those supporting whether the function is exercising effective vendor due diligence related to key outsourced processes. This includes but is not limited to obtaining and reviewing third-party assessment reports of applicable vendors or vendor systems and financial information related to whether vendors are going concerns. Board minutes and management process exception reports would be considered internal documentation. An externally developed internal audit quality assurance report could include reinforcement or strengthening observations related to internal audit activity coverage, but this type of document would not typically be a primary external one used for an auditor’s review of outsourced business processes.

27
Q

Which is an advantage of decentralization?

  1. Motivation of managers increases.
  2. Governance controls are more easily established.
  3. Less inventory needs to be produced.
  4. Greater uniformity in decisions is achieved.
A

1- Motivation of managers increases.

Rationale
Decentralized systems give more autonomy to managers, and the entrepreneurial spirit this can create can be motivating. Increased uniformity in decisions is an advantage of centralization. While decisions at the local level can be more easily made, overall organizational decisions such as for governance controls could be harder to enact due to the need for agreement from the managers of the individual business units. Centralized decision making could also result in less inventory being produced, since how much to send to each area can be decided centrally rather than by each location.

28
Q

Which of the following lists project life cycle stages in the correct order?

  1. Design and scheduling, initiation, execution, monitoring and control, completion
  2. Initiation, design and scheduling, execution, monitoring and control, completion
  3. Initiation, design and scheduling, execution, completion, monitoring and control
  4. Design and scheduling, initiation, execution, completion, monitoring and control
A

2- Initiation, design and scheduling, execution, monitoring and control, completion

Rationale
Projects start off with conception or project initiation, which is when project goals and objectives are established. The second stage is planning, design, budgeting, and scheduling, and the third stage is execution and production, which is when the actual work on the project takes place. Monitoring and control is where the quality of work, progress against schedule, and proper use of schedule is overseen by the project manager. The last stage is project completion and evaluation, where project outputs are accepted and deliverables are signed off on. There is also a lessons learned review, which takes place to assess the project’s effectiveness.

29
Q

What is a key advantage of a centralized configuration for an organization?

  1. It is highly adaptable.
  2. It supports management consistency.
  3. It tends to empower employees.
  4. It encourages motivation and learning.
A

2- It supports management consistency.

Rationale
A centralized configuration has several levels of authority, a long chain of command, and a narrow span of control. All of these characteristics support management consistency and may discourage innovation and employee involvement and empowerment.

30
Q

Which category of objectives is typically identified as encompassing safeguarding of assets or resources?

  1. Compliance objectives
  2. Reporting objectives
  3. Operational objectives
  4. Strategic objectives
A

3- Operational objectives

Rationale
Operational objectives primarily relate to the effectiveness and efficiency of operations and are generally considered to include operational and financial performance goals, safeguarding of assets, etc.

31
Q

An organization that combines strict adherence to the unity of command with high division of labor may cause problems for customers trying to obtain information. Of the following, which is the most probable type of internal environment this structure creates?

  1. Networked and informal
  2. Compartmentalized and formal
  3. Networked and formal
  4. Compartmentalized and informal
A

2- Compartmentalized and formal

Rationale
A high division of labor results in compartmentalization. Strict adherence to unity of command results in formal relationships.

32
Q

Which situation is consistent with a successful flat organizational structure?

  1. Tasks are highly complex and varied.
  2. Subordinates perform distinctly different tasks.
  3. It is important that employees gain approval for actions.
  4. Tasks require little direction, and subordinates need little control.
A

4- Tasks require little direction, and subordinates need little control.

Rationale
For a flat structure to be successful, employees must be able to work unsupervised most of the time because the manager, having many employees, has little time for each one.

33
Q

Which is a good reason for a growing organization to move from a centralized structure to a hybrid centralized-decentralized structure over time?

  1. Shift in organizational strategy to be the low-cost leader in its industry
  2. Mergers and acquisitions of dissimilar businesses
  3. Risk that employees could create material losses with market investments
  4. Shift toward a strategy of running numerous cross-disciplinary projects
A

2- Mergers and acquisitions of dissimilar businesses

Rationale
As organizations grow by mergers and acquisitions, a decentralized structure between corporate headquarters and each business unit may become more and more necessary to minimize complexity and allow the leader of each business unit to apply local expertise in decision making. It is common to see hybrid structures forming in large diversified organizations in which selected functions are managed in a centralized fashion to provide control and economies of scale while other functions are decentralized to reduce bureaucratic complexity and improve local accountability. Each individual business unit could be more or less centralized or decentralized depending on how it was originally formed and what model works best going forward to achieve its objectives.

34
Q

For which of the following products would it be most appropriate for an organization to adopt a multinational strategy that treats the world as a portfolio of national opportunities?

  1. Frozen pizza for which the preference of taste varies across regions
  2. A consumer electronic product that most buyers will accept in a standardized version
  3. A cell phone that requires each nation to adapt the equipment, but the design and core components can be standardized
  4. Industrial chemicals sold to manufacturers for use in the making of various types of plastics
A

1- Frozen pizza for which the preference of taste varies across regions

Rationale
An organization’s strategy is established to determine not only what type of organization it wants to be but also how and if it can to thrive in its environment. Globalization has expanded most organizations’ environments and opportunities to include access to larger potential customer bases. This expansion can lead to a need for greater agility and customization or alteration of products. The increase in potential customers also comes with a risk of greater competition, which requires an organization to be more adaptable to the environments in which they operate. In the scenario in the question, given regional variances in taste, it would be most appropriate for the frozen pizza producer to treat the world as a portfolio of national opportunities. To ignore this factor could lead to failure or competitors dominating the market(s).

35
Q

Which particular type of organizational structure will likely have unity-of-command problems unless there is frequent and comprehensive communication between the various functional and project managers?

  1. Strategic business unit
  2. Matrix
  3. Centralized
  4. Line and staff
A

2- Matrix

Rationale
The matrix structure allows authority to flow both vertically and horizontally. A line and staff structure is designed to maximize unity of command by giving only line managers the authority to make decisions affecting those in their chain of command. A centralized structure should not have unity-of-command problems if management is organized in a line-and-staff fashion.

36
Q

The identification of key processes by management as well as auditors is essential, because the failure of a key process to function effectively could directly and negatively impact

  1. external auditor relations.
  2. control design-level documentation.
  3. the achievement of specific objectives.
  4. whistleblower hotline use.
A

3- the achievement of specific objectives.

Rationale
Failure of key process functioning has the greatest potential to negatively impact the achievement of objectives. External auditor relations can be impacted by many things during a client engagement, but key process functioning failure is usually the result of organizational issues, not external auditor deficiencies. Control design-level documentation relates to the business process understanding phase of an engagement and not the more detailed operating effectiveness testing aspects. Whistleblower hotlines represent a specific key control, but the question did not include specific key process or control references.

37
Q

While conducting a routine audit, an auditor finds the following symptoms of a dysfunctional work environment:

  • High levels of absenteeism and turnover
  • Strict adherence to policies and procedures without an understanding of their purpose
  • Employees who feel they are treated like numbers and not like people
    These problems are most likely to occur in an organization that practices
  1. classical bureaucracy.
  2. scientific management.
  3. Theory Y management.
  4. the contingency approach to management.
A

1- classical bureaucracy.

Rationale
All of the items listed are symptoms of a dysfunctional classical bureaucracy.

38
Q

Which of the following factors affects the control risk of an organization?

  1. Potential problems like technological obsolescence
  2. Segregation of duties
  3. Unusual pressures on management
  4. Complex accounts that require expert valuations
A

2- Segregation of duties

Rationale
Segregation of duties is a concept through which multiple people are required to complete an internal control task as a way to prevent error or fraud. For example, segregation of duties would mean that the same person could not create and approve a purchase requisition. Smaller organizations have fewer personnel and resources and therefore may have limited ability to apply controls such as segregation of duties.

39
Q

Appointing knowledgeable persons to manage the third-party relationship and checking KPIs, risk analyses, and required attestations are activities in which element of a third-party provider management process?

  1. Sourcing
  2. Monitoring
  3. Contracting
  4. Due diligence
A

2- Monitoring

Rationale
The elements of a third-party provider management process are:

  • Sourcing—issuing request for proposal.
  • Due diligence—assessing risks and ethics of potential providers, performing background checks.
  • Contracting—entering into a formal contract with the selected provider.
  • Monitoring—managing the relationship and performance of the selected provider against defined service levels and contractual requirements.
  • Issue resolution—addressing any issues that may arise with the selected provider.
  • Termination—ending the relationship with the selected provider.
40
Q

An organization has just decided to outsource a current major in-house function that was in the current version of the annual audit plan. What is the most significant risk listed that should be considered in preparing for this transition process?

  1. Elimination of current policies related to the area to be outsourced
  2. Underestimation of management and employee resistance to change
  3. Deletion of the function from the internal audit plan due to it being outsourced
  4. Removal of area to be outsourced from the budget
A

2- Underestimation of management and employee resistance to change

Rationale
Underestimating the challenges of change management (including organizational resistance to change) can be a major risk when transitioning from an in-house to an outsourced (or even cosourced) activity or environment. Policies (and policy guidelines) for major functions and areas will not typically go away when moving from an in-house to an outsourced function. Procedures will most likely be updated (including addition of vendor risk management due diligence enhancements), but policies/policy guidelines will typically still apply (with possible updates if/as applicable). Major functions, whether in-house or outsourced, will typically be included in the budget. The annual internal audit plan will typically include assurance coverage related to all major organizational areas and functions (regardless of whether they are in-house or outsourced). The nature of assurance coverage and specific testing procedures to apply may be revised to reflect the functional shift from in-house to outsourced functioning, but the transitioning to an outsourced activity will typically not involve a risk of deleting the activity from the annual internal audit plan.

41
Q

A control is more likely to be tested in only one site in a company that has a ___________ organizational structure.

  1. centralized
  2. hybrid
  3. matrix
  4. decentralized
A

1- centralized

Rationale
In a centralized structure, processes are more likely to be the same across the business. In a decentralized structure, there may be different processes, each of which may require testing of its specific controls.

42
Q

Which of the following would be the most likely reason a chief audit executive (CAE) decides to cancel planned key control effectiveness testing?

  1. Control design has been deemed to be inadequate for the controls to be tested.
  2. Management has agreed to take on the responsibility for control effectiveness testing.
  3. Control design has been deemed strong enough to negate the need for effectiveness testing.
  4. There are no auditors with prior experience in control effectiveness testing related to the controls to be tested.
A

1- Control design has been deemed to be inadequate for the controls to be tested

Rationale
There is no value-added benefit in testing the effectiveness of key controls that have been deemed inadequate in their design. Controls, especially key controls, deemed to be strong from a design perspective are just the type of controls that an auditor would want to test in detail to provide added assurance. The greater the effectiveness and positive results of the testing performed, the greater the reliability that can be placed on such controls. Management can take on their own testing of controls, but such testing would not be deemed independent. An auditor does not need to have prior experience with specific control effectiveness testing to perform such testing during an audit engagement. Proper supervision, training, and other related and relevant auditor experience can provide a sufficient foundation for an auditor to perform such testing (or additional expertise should be obtained if deemed necessary).

43
Q

A project manager gathers estimates from each team member on the earliest start date of each task as well as the estimated task duration and whether the tasks are parallel or sequential. Given just this information, which of the following project management tools could the manager create?

  1. Sensitivity analysis
  2. Critical path method (CPM)
  3. Gantt chart
  4. Program evaluation review technique (PERT)
A

3- Gantt chart

Rationale
This is the necessary information to create a Gantt chart. To calculate CPM or PERT, the manager would also need to know the latest start time for each task and the earliest and latest finish times.

44
Q

What element of the project management triangle is often a fixed constraint that organizations choose not to alter?

  1. Scope
  2. Cost
  3. Time
  4. Quality
A

4- Quality

Rationale
Projects need to be performed and delivered under the “project management triangle” of time, cost, and scope (quality and performance). One side of the triangle cannot be changed without impacting the others. As continuous quality and performance initiatives like total quality management have become increasingly important in performance management, quality and performance are sometimes separated from scope, creating a total of four project constraints. Often, organizations define what quality should be from the start of a project, thus fixing the size of this side of the triangle and requiring juggling of the other constraints to meet this requirement as defined by customer acceptance criteria.

45
Q

What is defined as a clear, formally written, and published statement that is the cornerstone of any planning system?

  1. Strategic plan
  2. Operational plan
  3. Vision
  4. Mission statement
A

4- Mission statement

Rationale
An organizational mission is a clear, formally written, and published statement that is the cornerstone of any planning system. It expresses, in broad terms, what the organization wants to achieve today.

46
Q

A project team is created for an emergency project that needs to be completed by the end of the month or customers will not be able to pay using credit cards. The team leader explains the seriousness of the issue to all team members. Team members immediately get to work with reprogramming and calling retail stores on the day the project charter is signed off on. The project has a hard deadline but a flexible budget. What is the most likely result?

  1. The team will avoid rework through crashing or fast tracking.
  2. Problems will become emergencies requiring extraordinary effort.
  3. The team will meet its deadline but go over budget.
  4. The team will anticipate problems and include them in the schedule.
A

2- Problems will become emergencies requiring extraordinary effort.

Rationale
Project management requires much up-front work to define the problem that needs to be solved and then form a plan to achieve it. Without such a plan, the total effort (including cost) and the project duration may end up being far greater overall because of problems such as scope creep and/or rework. The team would be better off determining what needs to be done and creating a plan, even if this can be allowed to take only a few days due to a short schedule.

47
Q

What is the term for a sequence of project activities that has no slack and will collectively take the longest time to complete (defining the shortest possible total project duration)?

  1. Gantt path
  2. Program evaluation
  3. Fast track
  4. Critical path
A

4- Critical path

Rationale
Activities on the critical path have no slack, meaning that their start times and durations need to be on schedule or the whole project will be delayed.

48
Q

Ensuring that project payments are in line with the contract relates to which category of objectives?

  1. Internal control objective
  2. Operations objective
  3. Reporting objective
  4. Compliance objective
A

4- Compliance objective

Rationale
Compliance objectives relate to adherence to laws, regulations, policies, and procedures as well as contracts applicable to an entity.

49
Q

Which of the following is a step in the strategic planning process?

  1. Developing a risk-based annual audit plan
  2. Comparing the budget for the period to actual results
  3. Developing the annual budget
  4. Evaluating changes in the organization’s business environment
A

4- Evaluating changes in the organization’s business environment

Rationale
A budget is the financial interpretation or tactical implementation of a strategic plan into financial targets for a particular year. It forms part of an annual business plan, not the strategic plan. A risk-based internal audit plan uses the outputs from the strategic planning process to ensure that internal audit resources are aligned to the organization’s strategy.

50
Q

Which of the following is the correct sequence of steps for internal auditors to use in developing an engagement plan?

  1. Gather information, assess risks, form objectives and scope, allocate resources.
  2. Allocate resources, form objectives and scope, gather information, assess risks.
  3. Form objectives and scope, gather information, assess risks, allocate resources.
  4. Assess risks, allocate resources, form objectives and scope, gather information.
A

1- Gather information, assess risks, form objectives and scope, allocate resources

Rationale
Internal auditors use the following steps to develop the engagement plan:
* Understand context.
* Gather information.
* Assess risks.
* Form objectives.
* Establish scope.
* Allocate resources.
* Document plan.

51
Q

Assessing third-party risks and ethics and background and business performance checks are activities in which element of a third-party provider management process?

  1. Due diligence
  2. Issue resolution
  3. Contracting
  4. Monitoring
A

1- Due diligence

Rationale
The elements of a third-party provider management process are:
* Sourcing—issuing request for proposal.
* Due diligence—assessing risks and ethics of potential providers, performing background checks.
* Contracting—entering into a formal contract with the selected provider.
* Monitoring—managing the relationship and performance of the selected provider against defined service levels and contractual requirements.
* Issue resolution—addressing any issues that may arise with the selected provider.
* * Termination—ending the relationship with the selected provider.

52
Q

Which of the following is true with regard to a matrix structure for an organization?

  1. The major disadvantage of a matrix structure is that, unlike a divisional structure, it fails to have an explicit focus on results.
  2. It is akin to a functional structure in that it fosters generalization.
  3. The major disadvantage of a matrix structure is its potential for creating confusion and power struggles.
  4. It works well only when the organization’s projects or products have a short life cycle.
A

3- The major disadvantage of a matrix structure is its potential for creating confusion and power struggles

Rationale
In a matrix structure, there can be accountability and work conflict issues because of the dual reporting relationships. A matrix assignment can be short- or long-term. A matrix can work regardless of whether the project or product life cycle is long or short. It is akin to a functional structure in that it fosters specialization. Like a divisional structure, it tends to have an explicit focus on results.

53
Q

Preparing a financial analysis, identifying stakeholders, and developing a project charter take place during which stage of the project life cycle?

  1. Conception or project initiation
  2. Monitoring and control
  3. Planning, design, budgeting, and scheduling
  4. Project execution or production
A

1- Conception or project initiation

Rationale
Project conception or project initiation is where a project is born. This starts with a feasibility study (i.e., financial analysis of the proposed project). Also during this stage, the scope of the project is determined and the project team is identified, and this is documented in a project charter.

53
Q

Which of the following is an example of a competitive advantage?

  1. Loyal and satisfied customers
  2. Low capital investment required for market entry
  3. Easily duplicated technology
  4. Access to high-cost labor
A

1- Loyal and satisfied customers

Rationale
Loyal and satisfied customers provide companies with the ability to retain market share. Low capital investments or easily duplicated technology allow competitors to easily enter the market and become viable competitors. High-cost labor increases product pricing and does not provide a relative advantage to a company. However, access to high-skilled labor may be considered a competitive advantage.

54
Q

Which of the following is a scheduling technique that visually divides a project into sequential activities with estimated start and completion times?

  1. Program evaluation review technique (PERT)
  2. Gantt chart
  3. Critical path method (CPM)
  4. Network analysis
A

2- Gantt chart

Rationale
A Gantt chart allows a decision maker to visually review a schematic presentation of the project time budget and compare it with actual times. Each step of a project is plotted in the Gantt chart according to its sequence and duration. A network analysis is also a graphical representation of a project’s tasks and schedule. However, it involves evaluating tasks and activities to determine the most efficient path for reaching the project’s goals. PERT and CPM are two common types of network analysis.

55
Q

What vital governance element is oriented to the present and indicates the organization’s reason for being?

  1. Core values
  2. Code of ethics/conduct
  3. Mission statement
  4. Operating plan/budget
A

3- Mission statement

Rationale
The mission indicates the organization’s purpose and functions as a day-to-day charge for employees, providing greater opportunities for meaning, growth, and fulfillment along the path toward achieving the organization’s highest aspirational goals and objectives and enhancing stakeholder value. The mission statement is oriented to the present while the vision statement is future-oriented.

56
Q

How can a chief audit executive (CAE) best ensure that the internal audit activity’s risk-based audit plan effectively aligns with organizational goals and objectives?

  1. Review organization-wide operating plans/budgets.
  2. Consider the results of the most recent regulatory exams and other independent assurance reports.
  3. Consult with the organization’s board and senior management.
  4. Refer to the internal audit activity charter.
A

3- Consult with the organization’s board and senior management.

Rationale
A CAE must consult directly with the board of directors and senior management to understand an entity’s key strategies, objectives, and risks/risk management processes and properly align the risk-based audit plan with these major organizational elements. The internal audit activity charter outlines the core purpose, mission, authority, and responsibilities of the activity but does not typically delve into the details of the risk assessment and planning process. Operating plans/budgets are often more quantitative in nature and may not fully address at functional levels the major qualitative aspects of broader organization objectives and goals. Considering the most recent results of regulatory exams and other independent assurance activity reports may be helpful in terms of awareness and targeting of internal audit’s follow-up on prior issues or recommendations. Such reporting may not fully or formally address all major goals or objectives of an organization that may be relevant to an internal audit activity’s coverage.

57
Q

Which of the following is generally true regarding a manager’s span of control?

  1. Wider spans of control mean higher administrative expense and less self-management.
  2. Wider spans of control help ensure good internal controls and policy compliance throughout an organization.
  3. Narrow spans of control are typically found in flat organizations, which have few hierarchical levels.
  4. An organization with narrow spans of control needs more managers than one with wider spans of control.
A

4- An organization with narrow spans of control needs more managers than one with wider spans of contro

Rationale
Narrow spans of control mean that the ratio of those supervised (subordinates) to those performing the supervision (managers) is lower.

58
Q

Which of the following project roles champions support for the project and commits the necessary resources?

  1. Project team
  2. Project stakeholders
  3. Project sponsor
  4. Project manager
A

3- Project sponsor

Rationale
Common project roles include:
* Project stakeholders—internal and/or external parties whose interest may be affected as a result of project execution or completion.
* Project sponsor—the person or group who wants the project to occur and who champions support for the project and commits the necessary resources.
* Project manager—project leader responsible for coordinating activities and accountable for project success.
* Project team—individuals assigned to a specific project and who disband once the project is over.

CIA Challenge Exam (CPA) (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions