Regulatory approval is most likely to be hardest to obtain in:

A. Mature industries.

B. Fragmented industries.

C. Emerging industries.

D. Declining industries.

Which of the following is not one of the advantages of self-managed teams?

A. Motivation is improved because decision making is decentralized.

B. Improved processes of production if the teams are supported properly.

C. Managerial acceptance by tradition-oriented managers.

D. Improved communication because all members understand the team's activities better.

An advisable strategy for a participant in a meeting of the employees would be to:

A. Read the agenda and supporting materials for the meeting during the early part of the meeting to prepare for later discussion.

B. Present strong opinions on one side of a proposal right away.

C. Present views as trial balloons that can be researched later.

D. Consider the opinions and information needs of other participants before speaking.

Which of the following statements is correct regarding corporate compensation systems and related bonuses?

1.

A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control.

2.

Compensation systems are not part of an organization's control system and should not be reported as such.

3.

An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.

A. 1 only

B. 2 only

C. 3 only

D. 2 and 3 only

An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows: Product X Product Y Selling price per unit $10 $13 Materials per unit (at $1/kg) 2 kg 6 kg Monthly demand 100 units 120 units

In order to maximize profit, how much of product Y should the organization produce each month?

A. 50 units.

B. 60 units.

C. 100 units.

D. 120 units.

A chief audit executive (CAE) was asked to participate in the selection of an external auditor. Which of the following would not be a typical responsibility for the CAE?

A. Evaluate the proposed external auditor fee.

B. Recommend criteria to be used in the selection process.

C. Develop appropriate performance metrics.

D. Monitor the work of the external auditors.

According to the waterfall cycle approach to systems development, which of the following sequence of events is correct?

A. Program design, system requirements, software design, analysis, coding, testing, operations.

B. System requirements, software design, analysis, program design, testing, coding, operations.

C. System requirements, software design, analysis, program design, coding, testing, operations.

D. System requirements, analysis, coding, software design, program design, testing, operations.

Which of the following is the most appropriate way to record each partner's initial investment in a partnership?

A. At the value agreed upon by the partners.

B. At book value.

C. At fair value.

D. At the original cost.

What would an internal auditor do to ensure that a process to mitigate risk is in place for the organization's change management process?

A. Develop and enforce change policies to ensure employees are continually trained.

B. Apply a risk-based approach and impose segregation of duties related to the change management process.

C. Conduct a high-level threat analysis and implement a compensating control.

D. Validate authorization, segregation of duties, testing of changes, and approval to move changes into production.

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet. When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book.

Which of the following controls would be most effective to prevent such an attack?

A. Monitoring network traffic.

B. Using whitelists and blacklists to manage network traffic.

C. Restricting access and blocking unauthorized access to the network.

D. Educating employees throughout the company to recognize phishing attacks.