Which of the following describes the result if an organization records merchandise as a purchase, but fails to include it in the closing inventory count? A . The cost of goods sold for the period will be understated. B . The cost of goods sold for the period will be overstated. C . The net income for the period will be understated. D . There will be no effect on the cost of goods sold or the net income for the period.
An internal auditor is reviewing physical and environmental controls for an IT organization .
Which control activity should not be part of this review? A . Develop and test the organization’s disaster recovery plan. B . Install and test fire detection and suppression equipment. C . Restrict access to tangible IT resources. D . Ensure that at least one developer has access to both systems and operations.
Which of the following statements is true regarding the relationship between an individual’s average tax rate and marginal tax rate? A . In a regressive personal tax system, an individual’s marginal tax rate is normally greater than his average tax rate. B . In a regressive personal tax system, an individual’s marginal tax rate is normally equal to his average tax rate. C . In a progressive personal tax system, an individual’s marginal tax rate is normally equal to his average tax rate. D . In a progressive personal tax system, an individual’s marginal tax rate is normally greater than his average tax rate.
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except: A . Adequate segregation of duties between data processing controls and file security controls. B . Documented procedures for remote job entry and for local data file retention. C . Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations. D . Established procedures to prevent and detect unauthorized changes to data files.
Which of the following techniques would be least effective in resolving the conflict created by an internal audit client’s perception of the audit report as a personal attack on his management performance? A . The auditor should focus on the audit client as a person and understand him, rather than just concentrating on the problem. B . The auditor should make recommendations based on objective criteria, rather than based on a subjective assessment. C . The auditor should explore alternative solutions to address the audit problem, so the audit client has options. D . The auditor should take a flexible position on the recommendations and focus on resolving the issue by addressing the interests of the people concerned.
Which of the following is the most appropriate test to assess the privacy risks associated with an organization’s workstations? A . Penetration test. B . Social engineering test. C . Vulnerability test. D . Physical control test.