IIA Updated IIA-CIA-Part3 Exam Questions and Answers by tara

Understanding IT Infrastructure Risks and Workstation Security:

Reviewing an organization’s IT infrastructure risks includes assessing the security of workstations (desktops, laptops, and terminals) that connect to the organization's network.

Workstations are vulnerable to physical theft, unauthorized access, and malware attacks, making physical controls a critical security measure.

Why Physical Controls Are the Most Relevant for Workstations:

Physical controls prevent unauthorized physical access, theft, tampering, and damage to workstations.

Examples include:

Locked office spaces or workstation enclosures to restrict access.

Security badges or biometric authentication to prevent unauthorized use.

Cable locks for laptops and desktop computers to deter theft.

Surveillance cameras and security guards to monitor access.

Why Other Options Are Incorrect:

A. Input controls – Incorrect.

Input controls ensure accuracy and completeness of data entry, which applies more to application security, not workstation security.

B. Segregation of duties – Incorrect.

Segregation of duties prevents fraud and conflicts of interest, but it does not directly address workstation security risks.

D. Integrity controls – Incorrect.

Integrity controls ensure data consistency and accuracy in databases and transactions, not workstation security.

IIA’s Perspective on IT Risk and Physical Security Controls:

IIA Standard 2110 – Governance requires organizations to implement physical security measures for IT assets, including workstations.

IIA GTAG (Global Technology Audit Guide) on IT Risks highlights the importance of restricting physical access to IT devices to prevent unauthorized use or data breaches.

ISO 27001 Information Security Standard recommends physical controls to secure IT infrastructure and prevent workstation-related risks.

IIA References:

IIA Standard 2110 – IT Security & Physical Access Control

IIA GTAG – Physical Security of IT Assets

ISO 27001 – Physical Security and IT Risk Management

Thus, the correct and verified answer is C. Physical controls.

A periodic inventory system calculates cost of goods sold (COGS) using the formula:

COGS=Beginning Inventory+Purchases−Ending InventoryCOGS = \text{Beginning Inventory} + \text{Purchases} - \text{Ending Inventory}COGS=Beginning Inventory+Purchases−Ending Inventory

If beginning inventory is understated, it causes COGS to be understated, which in turn overstates net income because expenses are lower than they should be.

Understated Beginning Inventory → Understated COGS

Since COGS is too low, fewer expenses are deducted from revenue.

Understated COGS → Overstated Net Income

If COGS is too low, the company's profit (net income) is artificially inflated.

(A) COGS will be understated and net income will be overstated (Correct Answer):

Since the beginning inventory was understated, COGS is lower than it should be, making net income higher than it should be.

(B) COGS will be overstated and net income will be understated:

This would be true if beginning inventory was overstated, but in this case, it was understated, making this incorrect.

(C) COGS will be understated and there will be no impact on net income:

Since COGS affects net income, this statement is incorrect. Understated COGS overstates net income.

(D) There will be no impact on COGS and net income will be overstated:

This is incorrect because COGS is directly affected by an inventory misstatement.

IIA GTAG 3: Continuous Auditing – Discusses the importance of accurate financial reporting in preventing misstatements.

COSO Internal Control Framework – Financial Reporting Component – Highlights the impact of inventory errors on financial accuracy.

IIA Standard 2330 – Documenting Information – Requires auditors to evaluate financial calculations for accuracy and completeness.

Step-by-Step Impact on Financial Statements:Analysis of Each Option:IIA References:Conclusion:Since COGS is understated and net income is overstated, option (A) is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

Herzberg’s Two-Factor Theory identifies:

Motivators (Intrinsic factors) – Lead to job satisfaction (e.g., responsibility, recognition, growth).

Hygiene factors (Extrinsic factors) – Prevent dissatisfaction but do not create motivation (e.g., salary, work conditions).

Option A (Salary and status) – Hygiene factors that prevent dissatisfaction but do not drive motivation.

Option C (Work conditions and security) – Also hygiene factors, not motivators.

Option D (Peer relationships and personal life) – Affect job satisfaction indirectly, but are not primary motivators.

Since responsibility and advancement directly drive motivation, Option B is correct.

Comprehensive and Detailed In-Depth Explanation:

Primary controls in spreadsheet management focus on ensuring data accuracy, integrity, and security.

Option A (Locking formulas and static data) prevents unauthorized changes, ensuring data integrity. This is a direct control over spreadsheet accuracy, making it the correct answer.

Option B (Backup storage) is an IT operational control, not a primary financial reporting control.

Option C (Documentation of spreadsheet use) is important for governance but does not directly prevent errors.

Option D (Version control software) helps manage changes but does not directly ensure financial reporting accuracy.

Thus, locking and protecting spreadsheet formulas is the most critical primary control for accurate financial reporting.