[2023年03月07日] トップクラスのIIA-ACCA練習試験問題 [Q307-Q331]

Share

[2023年03月07日] トップクラスのIIA-ACCA練習試験問題

実際問題を使ってIIA-ACCA無料問題集サンプル問題と練習テストエンジン

質問 307
A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital's patient records information system. From the hospital management's perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement^

  • A. Include a "right to audit" clause in the contract and impose detailed security obligations on the outsourced vendor
  • B. Develop an incident monitoring and response plan to track breaches from internal and external sources
  • C. Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current legislation requirements in both regions.
  • D. Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services

正解: C

 

質問 308
When an organization is choosing a new external auditor, which of the following is the most appropriate role for the chief audit executive to undertake?

  • A. Review and acquire the external audit service.
  • B. Assess the appraisal and actuarial services.
  • C. Determine the selection criteria.
  • D. Identify regulatory requirements to be considered.

正解: D

 

質問 309
Which audit approach should be employed to test the accuracy of information housed in a database on an un-networked computer?

  • A. Evaluate compliance with the organization's change management process.
  • B. Select a sample of records from the database and ensure it matches supporting documentation.
  • C. Submit batches of test transactions through the current system and verify with expected results.
  • D. Use a test program to simulate the normal data entering process.

正解: B

 

質問 310
In mergers and acquisitions, which of the following is an example of a horizontal combination?

  • A. A baker taking over a competitor.
  • B. A petroleum processing company acquires an agro-processing firm.
  • C. A movie producer acquires movie theaters.
  • D. Dairy manufacturing company taking over a large dairy farm.

正解: A

 

質問 311
The first stage in the development of a crisis management program is to:

  • A. Create a crisis management team.
  • B. Practice the response to a crisis.
  • C. Conduct a risk analysis.
  • D. Formulate contingency plans.

正解: C

 

質問 312
Which of the following risks is best addressed by encryption?

  • A. Privacy risk
  • B. Information integrity risk.
  • C. Access risk
  • D. Software risk

正解: B

 

質問 313
Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?

  • A. Mesh network.
  • B. Token ring network.
  • C. Star network.
  • D. Bus network.

正解: B

 

質問 314
During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit.
Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

  • A. The observation has a common process, and the action plan for the observation has a common owner.
  • B. The observation was made during the same audit, and the action plan has a common owner.
  • C. The observation relates to the same control activity within a common process.
  • D. The observation has a common control, and it was noted in a prior audit.

正解: A

 

質問 315
A large retail organization, which sells most of its products online, experiences a computer hacking incident.
The chief IT officer immediately investigates the incident and concludes that the attempt was not successful.
The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.

  • A. 3 and 4
  • B. 2 and 4
  • C. 1 and 2
  • D. 1 and 3

正解: C

 

質問 316
Which of the following is false with regard to Internet connection firewalls?

  • A. Firewalls can protect against computer viruses.
  • B. Firewalls provide network administrators tools to retaliate against hackers.
  • C. Firewalls may be software-based or hardware-based.
  • D. Firewalls monitor attacks from the Internet.

正解: A

 

質問 317
When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

  • A. Indirect period costs.
  • B. Direct period costs
  • C. Indirect product costs
  • D. Direct product costs

正解: D

 

質問 318
Which of the following principles is shared by both hierarchical and open organizational structures?
1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions
2. A supervisor's span of control should not exceed seven subordinates
3. Responsibility should be accompanied by adequate authority
4. Employees at all levels should be empowered to make decisions.

  • A. 3 and 4 only.
  • B. 2 and 3 only
  • C. 1 and 4 only.
  • D. 1 and 3 only.

正解: D

 

質問 319
According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?
* They are discussed with management prior to finalizing the audit.
* They may be discarded after working papers are amended as appropriate.
* They are created by the auditor to support her fieldwork in case of questions.
* They are not required to support observations issued in the audit report.

  • A. 1 and 4 only
  • B. 1 and 3 only
  • C. 2 and 3 only
  • D. 2 and 4 only

正解: D

 

質問 320
Refer to the exhibit.

A company's financial balance sheet is presented below:
The company has net working capital of:

  • A. $350
  • B. $490
  • C. $210
  • D. $160

正解: C

 

質問 321
Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?

  • A. The risk that smart devices can be lost or stolen due to their mobile nature.
  • B. The risk that an organization intrusively monitors personal information stored on smart devices.
  • C. The risk that users try to bypass controls and do not install required software updates.
  • D. The risk that proprietary information is not deleted from the device when an employee leaves.

正解: B

 

質問 322
Operational management in the IT department has introduced performance evaluation policies that are linked to employees achieving continuing education hours. This activity is designed to prevent which of the following conditions?

  • A. Knowledge/skills gap
  • B. Accountability/reward failure.
  • C. Monitoring gap
  • D. Communication failure.

正解: A

 

質問 323
Which of the following options correctly defines a transmission control protocol/Internet protocol (TCP/IP)?

  • A. A network of servers used to control a variety of mission-critical operations.
  • B. System software that translates hypertext markup language to allow users to view a remote webpage.
  • C. A standardized set of guidelines that facilitates communication between computers on different networks.
  • D. System software that acts as an interface between a user and a computer.

正解: C

 

質問 324
Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement's objectives.
4. The factual evidence that the internal auditor found in the course of the examination.

  • A. 1 and 2
  • B. 1, 3, and 4
  • C. 1 and 3 only
  • D. 2 and 4

正解: D

 

質問 325
An employee frequently uses a personal smart device to send and receive work-related emails. Which of the following controls would be most effective to mitigate security risks related to these transmissions?

  • A. Authentication.
  • B. Software encryption
  • C. Hardware encryption.
  • D. Data encryption.

正解: D

 

質問 326
Which of the following statements is in accordance with COBIT?
1. Pervasive controls are general while detailed controls are specific.
2. Application controls are a subset of pervasive controls.
3. Implementation of software is a type of pervasive control.
4. Disaster recovery planning is a type of detailed control.

  • A. 1, 2, and 4 only
  • B. 2, 3, and 4 only
  • C. 1 and 4 only
  • D. 2 and 3 only

正解: C

 

質問 327
In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?

  • A. The potential for eliminating risk factors.
  • B. The impact of the risk on the organization's objectives.
  • C. The underlying causes of the risk.
  • D. The risk levels of current and future events.

正解: A

 

質問 328
A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.

  • A. 3 and 4
  • B. 2 and 4
  • C. 1 and 2
  • D. 1 and 3

正解: C

 

質問 329
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

  • A. The auditor must not perform the training, because any task to improve the business process could impact audit independence.
  • B. The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.
  • C. The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.
  • D. The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

正解: D

 

質問 330
According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

  • A. There has been an increase in unanticipated requests for advisory work.
  • B. The organization's audit universe is extensive and diverse.
  • C. A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.
  • D. Previous work provided by the external service provider has been of great quality and value.

正解: A

 

質問 331
......


IIA IIA-ACCA 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Prepare work papers and documentation of relevant information to support conclusions and engagement results
トピック 2
  • Summarize and develop engagement conclusions, including assessment of risks and controls
  • Determine the level of staff and resources needed for the engagement
トピック 3
  • Manage monitoring and follow-up of the disposition of audit engagement results communicated to management and the board
  • Arrange preliminary communication with engagement clients
トピック 4
  • Describe the audit engagement communication and reporting process
  • Complete a detailed risk assessment of each audit area, including evaluating and prioritizing risk and control factors
トピック 5
  • Demonstrate communication quality
  • Describethe process for communicating risk acceptance
  • Recognize the application of data analytics methods in internal auditing
トピック 6
  • Assess engagement outcomes, including the management action plan
  • Determine engagement procedures and prepare the engagement work program
トピック 7
  • Prepare interim reporting on the engagement progress
  • Evaluate the relevance, sufficiency, and reliability of potential sources of evidence
トピック 8
  • Describe the chief audit executive's responsibility for assessing residual risk
  • Plan the engagement to assure identification of key risks and controls
トピック 9
  • Describe data analytics, data types, data governance
  • Determine engagement objectives and evaluation criteria and the scope of the engagement
トピック 10
  • Develop checklists and risk-and-control questionnaires as part of a preliminary survey of the engagement area
  • Identify key activities in supervising engagements

 

合格させるIIA IIA-ACCA試験問題でテスト復刻エンジンとPDF:https://jp.fast2test.com/IIA-ACCA-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어