Free IIA IIA-ACCA Exam Dumps Questions & Answers

A large retail organization, which sells most of its products online, experiences a computer hacking incident.
The chief IT officer immediately investigates the incident and concludes that the attempt was not successful.
The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.

• A.  3 and 4
• B.  1 and 3
• C.  2 and 4
• D.  1 and 2

A brand manager in a consumer food products organization suspected that several days of the point-of-sale data on the spreadsheet from one grocery chain were missing. The best approach for detecting missing rows in spreadsheet data would be to:

• A.  Compare product identification codes by store for consecutive periods.
• B.  Compare product identification codes for consecutive periods.
• C.  Sort on product identification code and identify missing product identification codes.
• D.  Review store identification code and identify missing product identification codes.

An internal auditor in a small broadcasting organization was assigned to review the revenue collection process.
The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?

• A.  Copies of deposit slips.
• B.  Customer confirmation letters.
• C.  Copies of sales invoices.
• D.  Bank statements.

Which of the following statements is in accordance with COBIT?
1. Pervasive controls are general while detailed controls are specific.
2. Application controls are a subset of pervasive controls.
3. Implementation of software is a type of pervasive control.
4. Disaster recovery planning is a type of detailed control.

• A.  2 and 3 only
• B.  2, 3, and 4 only
• C.  1, 2, and 4 only
• D.  1 and 4 only

An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?

• A.  Stakeholders will have more assurance that the risks are assessed consistently.
• B.  Management will be able to reduce inherent risk because they will have a better understanding of risk.
• C.  Internal auditors will be able to reduce their sample sizes because controls will be more consistent.
• D.  Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.