IIA IIA-CIA-Part3 - Business Knowledge for Internal Auditing

Comprehensive and Detailed In-Depth Explanation:

Herzberg’s Two-Factor Theory identifies:

Motivators (Intrinsic factors) – Lead to job satisfaction (e.g., responsibility, recognition, growth).

Hygiene factors (Extrinsic factors) – Prevent dissatisfaction but do not create motivation (e.g., salary, work conditions).

Option A (Salary and status) – Hygiene factors that prevent dissatisfaction but do not drive motivation.

Option C (Work conditions and security) – Also hygiene factors, not motivators.

Option D (Peer relationships and personal life) – Affect job satisfaction indirectly, but are not primary motivators.

Since responsibility and advancement directly drive motivation, Option B is correct.

Comprehensive and Detailed In-Depth Explanation:

In a BYOD environment, employees use personal devices to access company systems, making compliance with policies and procedures critical for data security.

Option B (Reduced need for policies) – Incorrect, as BYOD increases security complexity, requiring stricter policies.

Option C (Less critical incident response) – Incorrect, as BYOD increases security risks, making quick response times crucial.

Option D (Greater risk sharing) – Organizations remain ultimately responsible for security, even with personal devices.

Since employee compliance is essential to mitigating security risks in BYOD settings, Option A is correct.

Comprehensive and Detailed In-Depth Explanation:

The cash conversion cycle (CCC) is calculated as:

CCC=Days Inventory Outstanding+Days Sales Outstanding−Days Payables Outstanding\text{CCC} = \text{Days Inventory Outstanding} + \text{Days Sales Outstanding} - \text{Days Payables Outstanding}CCC=Days Inventory Outstanding+Days Sales Outstanding−Days Payables Outstanding CCC=58+42−10=90 daysCCC = 58 + 42 - 10 = 90 \text{ days}CCC=58+42−10=90 days

Option A (26 days) – Incorrect, as it does not account for total cycle components.

Option C (100 days) & Option D (110 days) – Overestimate the cycle by not correctly adjusting for payables.

Thus, Option B (90 days) is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

In data analytics, data cleaning involves identifying and correcting errors, inconsistencies, and redundancies in the dataset to ensure accuracy and reliability. By eliminating duplicate or irrelevant data, the internal auditor enhances the quality of the dataset, which is crucial for accurate analysis and risk assessment. This process is a preparatory step before analyzing the data to identify high-risk areas. Normalization (option A) refers to organizing data to reduce redundancy but is more specific to database design. Analyzing data (option B) and reviewing data prior to defining the question (option D) are steps that occur before and after data cleaning, respectively.

Comprehensive and Detailed In-Depth Explanation:

The development phase of contracting involves drafting, negotiating, and finalizing the contract terms for a business activity. This phase ensures that agreements align with legal and operational requirements before execution.

Option A (Initiation phase) involves identifying needs and planning but does not include drafting contracts.

Option B (Bidding phase) focuses on soliciting and evaluating proposals but does not yet involve contract drafting.

Option D (Management phase) occurs after contracts are finalized and focuses on monitoring performance.

Since the development phase is when contracts are written and finalized, Option C is correct.

Comprehensive and Detailed In-Depth Explanation:

A Project Management Information System (PMIS) is a centralized tool used throughout a project's planning, execution, and monitoring phases. It helps track schedules, costs, and risks.

Option A (EVM) – Used primarily in monitoring and control phases, not all three.

Option B (Organizational procedures) – Provides guidance but is not actively used in all project phases.

Option C (Performance measurement) – Important in monitoring, but not central to planning or execution.

Since PMIS is used throughout the project lifecycle, Option D is correct.

Comprehensive and Detailed In-Depth Explanation:

Application controls are specific to software applications and help ensure data integrity and accuracy within systems.

Option A (Automated password change requirements) – A system security control, not specific to a single application.

Option B (System data backup) – A general IT control, not an application control.

Option C (User testing of system changes) – Part of software development controls, not an application-level control.

Formatted data fields ensure that users enter information in the correct format, preventing errors and improving data accuracy.

Since formatted data fields are an application-specific control, Option D is correct.