IIA-CIA-Part3-CN Exam Question 16
下列哪一項是管理會計的顯著特徵,但不適用於財務會計?
Correct Answer: D
Managerial accounting differs from financial accounting in that it focuses on internal decision-making, cost control, and performance evaluation based on predetermined standards. Unlike financial accounting, which follows GAAP (Generally Accepted Accounting Principles) for external reporting, managerial accounting sets internal benchmarks to guide operational efficiency and strategic planning.
Use of Predetermined Standards:
Managerial accounting often uses standard costing, budgets, and variance analysis to compare actual performance against pre-set benchmarks.
This helps management make data-driven decisions and improve efficiency.
Internal Decision-Making:
Managerial accounting reports are used by internal stakeholders (e.g., managers, executives) rather than external entities.
Control and Performance Measurement:
It focuses on variance analysis (actual vs. expected performance) to highlight areas requiring corrective action.
Not Governed by GAAP:
Unlike financial accounting, managerial accounting does not require compliance with GAAP or IFRS since it is meant for internal use only.
A). Managerial accounting uses double-entry accounting and cost data:
While cost data is relevant to managerial accounting, double-entry accounting is a fundamental principle of all accounting systems, including financial accounting.
B). Managerial accounting uses generally accepted accounting principles (GAAP):
GAAP is required for financial accounting (external reporting), but managerial accounting does not follow GAAP since it focuses on internal decision-making.
C). Managerial accounting involves decision making based on quantifiable economic events:
While managerial accounting analyzes economic data, its distinguishing feature is using predetermined standards to evaluate and improve performance, which makes Option D the best choice.
IIA Standard 2110 - Governance: Internal auditors should assess decision-making processes, including managerial accounting techniques.
IIA Standard 2120 - Risk Management: Cost control and budget variance analysis are key components of risk management.
COSO Framework - Performance Monitoring: Emphasizes variance analysis, which aligns with predetermined standards in managerial accounting.
Key Reasons Why Option D is Correct:Why Other Options Are Incorrect:IIA References:Thus, the correct answer is D. Managerial accounting involves decision making based on predetermined standards.
Use of Predetermined Standards:
Managerial accounting often uses standard costing, budgets, and variance analysis to compare actual performance against pre-set benchmarks.
This helps management make data-driven decisions and improve efficiency.
Internal Decision-Making:
Managerial accounting reports are used by internal stakeholders (e.g., managers, executives) rather than external entities.
Control and Performance Measurement:
It focuses on variance analysis (actual vs. expected performance) to highlight areas requiring corrective action.
Not Governed by GAAP:
Unlike financial accounting, managerial accounting does not require compliance with GAAP or IFRS since it is meant for internal use only.
A). Managerial accounting uses double-entry accounting and cost data:
While cost data is relevant to managerial accounting, double-entry accounting is a fundamental principle of all accounting systems, including financial accounting.
B). Managerial accounting uses generally accepted accounting principles (GAAP):
GAAP is required for financial accounting (external reporting), but managerial accounting does not follow GAAP since it focuses on internal decision-making.
C). Managerial accounting involves decision making based on quantifiable economic events:
While managerial accounting analyzes economic data, its distinguishing feature is using predetermined standards to evaluate and improve performance, which makes Option D the best choice.
IIA Standard 2110 - Governance: Internal auditors should assess decision-making processes, including managerial accounting techniques.
IIA Standard 2120 - Risk Management: Cost control and budget variance analysis are key components of risk management.
COSO Framework - Performance Monitoring: Emphasizes variance analysis, which aligns with predetermined standards in managerial accounting.
Key Reasons Why Option D is Correct:Why Other Options Are Incorrect:IIA References:Thus, the correct answer is D. Managerial accounting involves decision making based on predetermined standards.
IIA-CIA-Part3-CN Exam Question 17
組織正在考慮將治理、風險和合規 (GRC) 活動整合到基於技術的集中資源中。在實施此 GRC 資源時,下列何者是最終產品應滿足的關鍵企業治理問題?
Correct Answer: A
When an organization integrates governance, risk, and compliance (GRC) activities into a centralized technology-based resource, enterprise governance must ensure that the system:
Supports strategic decision-making by the board and senior management.
Provides accurate, reliable, and quality information to demonstrate an effective governance framework.
Aligns with IIA Standard 2110 - Governance, which requires auditors to assess whether the organization's governance structure supports accountability, transparency, and effective decision-making.
(A) The board should be fully satisfied that there is an effective system of governance in place through accurate, quality information provided. (Correct Answer) Governance is about ensuring that stakeholders, particularly the board, have confidence in the organization's control environment and decision-making process.
IIA Standard 2110 (Governance) states that internal auditors must evaluate the adequacy and effectiveness of governance structures.
A GRC system should ensure transparency, accountability, and quality reporting to enable strategic governance oversight.
(B) Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.
While improving efficiency is a benefit of a GRC system, it is a secondary objective, not a primary enterprise governance concern.
(C) Key compliance and risk metrics can be tracked and compared throughout the enterprise, aiding in identifying problem departments.
Tracking risk metrics is useful but does not directly address governance at the board level, making this answer incomplete.
(D) Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization.
Analytics support monitoring, but the core governance concern is ensuring the board's confidence in the system.
IIA Standard 2110 - Governance: Internal auditors must assess whether governance processes are effective.
GTAG 1 - Information Technology Risks and Controls: IT governance must provide quality, reliable information for decision-making.
COSO ERM Framework: Emphasizes governance as a key driver of enterprise risk management.
Analysis of Each Option:IIA References Supporting the Answer:Thus, the correct answer is (A) because effective enterprise governance relies on accurate and high-quality information for strategic decision-making.
Supports strategic decision-making by the board and senior management.
Provides accurate, reliable, and quality information to demonstrate an effective governance framework.
Aligns with IIA Standard 2110 - Governance, which requires auditors to assess whether the organization's governance structure supports accountability, transparency, and effective decision-making.
(A) The board should be fully satisfied that there is an effective system of governance in place through accurate, quality information provided. (Correct Answer) Governance is about ensuring that stakeholders, particularly the board, have confidence in the organization's control environment and decision-making process.
IIA Standard 2110 (Governance) states that internal auditors must evaluate the adequacy and effectiveness of governance structures.
A GRC system should ensure transparency, accountability, and quality reporting to enable strategic governance oversight.
(B) Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.
While improving efficiency is a benefit of a GRC system, it is a secondary objective, not a primary enterprise governance concern.
(C) Key compliance and risk metrics can be tracked and compared throughout the enterprise, aiding in identifying problem departments.
Tracking risk metrics is useful but does not directly address governance at the board level, making this answer incomplete.
(D) Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization.
Analytics support monitoring, but the core governance concern is ensuring the board's confidence in the system.
IIA Standard 2110 - Governance: Internal auditors must assess whether governance processes are effective.
GTAG 1 - Information Technology Risks and Controls: IT governance must provide quality, reliable information for decision-making.
COSO ERM Framework: Emphasizes governance as a key driver of enterprise risk management.
Analysis of Each Option:IIA References Supporting the Answer:Thus, the correct answer is (A) because effective enterprise governance relies on accurate and high-quality information for strategic decision-making.
IIA-CIA-Part3-CN Exam Question 18
如果高階管理層選擇不採取行動糾正發現的問題並接受風險,則下列哪一項是內部稽核職能的必要行動?
Correct Answer: C
According to IIA Standards, if senior management accepts a risk that the CAE believes may be unacceptable, the CAE must judge whether the risk is indeed acceptable and, if not, escalate the matter to the board. This ensures that governance bodies are aware of significant exposures. Reporting directly to external stakeholders (Option A) is not internal audit's role. Option B alone is insufficient if the risk is significant. Option D applies only when management's acceptance aligns with tolerance.
Reference:
IIA Standards - Standard 2600: Communicating the Acceptance of Risks.
Reference:
IIA Standards - Standard 2600: Communicating the Acceptance of Risks.
IIA-CIA-Part3-CN Exam Question 19
某組織的庫存週轉率下降,但毛利率卻上升。下列哪一種說法最能解釋這種情況?
Correct Answer: D
A declining inventory turnover combined with an increasing gross margin rate suggests that the organization is not selling inventory as quickly as before, but still reporting higher profitability. This can indicate overstated inventory values, meaning that financial statements show higher inventory balances than what actually exists.
(A) Incorrect - The organization's operating expenses are increasing.
Operating expenses do not directly affect inventory turnover, which measures how quickly inventory is sold.
Higher expenses could reduce net profit, but they would not explain a higher gross margin.
(B) Incorrect - The organization has adopted just-in-time (JIT) inventory.
JIT inventory systems increase inventory turnover by reducing excess stock.
Since turnover is declining, this suggests the opposite of JIT.
(C) Incorrect - The organization is experiencing inventory theft.
Inventory theft usually reduces inventory levels, potentially increasing inventory turnover due to lower stock.
Theft could lower gross margins if significant losses occur.
(D) Correct - The organization's inventory is overstated.
Overstated inventory leads to lower COGS, artificially inflating gross margin.
If inventory levels are inflated, turnover appears lower because reported inventory is higher than actual sales justify.
IIA's Global Internal Audit Standards - Financial Statement Audits and Fraud Risk Covers risks related to inventory misstatements and financial fraud.
IFRS & GAAP Accounting Standards - Inventory Valuation
Defines how inventory overstatement impacts financial ratios.
Analysis of Answer Choices:IIA References and Internal Auditing Standards:
(A) Incorrect - The organization's operating expenses are increasing.
Operating expenses do not directly affect inventory turnover, which measures how quickly inventory is sold.
Higher expenses could reduce net profit, but they would not explain a higher gross margin.
(B) Incorrect - The organization has adopted just-in-time (JIT) inventory.
JIT inventory systems increase inventory turnover by reducing excess stock.
Since turnover is declining, this suggests the opposite of JIT.
(C) Incorrect - The organization is experiencing inventory theft.
Inventory theft usually reduces inventory levels, potentially increasing inventory turnover due to lower stock.
Theft could lower gross margins if significant losses occur.
(D) Correct - The organization's inventory is overstated.
Overstated inventory leads to lower COGS, artificially inflating gross margin.
If inventory levels are inflated, turnover appears lower because reported inventory is higher than actual sales justify.
IIA's Global Internal Audit Standards - Financial Statement Audits and Fraud Risk Covers risks related to inventory misstatements and financial fraud.
IFRS & GAAP Accounting Standards - Inventory Valuation
Defines how inventory overstatement impacts financial ratios.
Analysis of Answer Choices:IIA References and Internal Auditing Standards:
IIA-CIA-Part3-CN Exam Question 20
隨著網路安全威脅的增加,管理階層應考慮下列哪些事項以確保實施強而有力的安全治理?
Correct Answer: D
Strong Security Governance Requires Well-Defined Policies:
Cybersecurity governance is built upon clear, documented, and enforceable security policies that outline expectations, roles, responsibilities, and processes.
Policies define acceptable behaviors, security controls, incident response, and compliance requirements.
IIA Standard 2110 - Governance: Requires organizations to establish effective IT security governance, including policies that address cybersecurity risks.
IIA GTAG (Global Technology Audit Guide) on Information Security Governance:
Recommends that clear policies should guide security controls, user access, and incident response to address cybersecurity threats.
A). Inventory of information assets (Incorrect)
While identifying critical information assets is essential for risk management, it does not constitute security governance on its own.
Asset inventories support governance but must be reinforced by policies that define how data should be protected.
B). Limited sharing of data files with external parties (Incorrect)
Restricting data sharing is a control measure, not a governance principle.
Policies define when, how, and under what conditions data can be shared securely.
C). Vulnerability assessment (Incorrect)
Assessments help identify security gaps but do not establish governance.
Effective governance ensures that vulnerabilities are identified, prioritized, and remediated in accordance with policies.
Explanation of Answer Choice D (Correct Answer):Explanation of Incorrect Answers:Conclusion:To ensure strong security governance, organizations must have clearly defined security policies (Option D) as a foundation for managing cybersecurity threats.
IIA References:
IIA Standard 2110 - Governance
IIA GTAG - Information Security Governance
Cybersecurity governance is built upon clear, documented, and enforceable security policies that outline expectations, roles, responsibilities, and processes.
Policies define acceptable behaviors, security controls, incident response, and compliance requirements.
IIA Standard 2110 - Governance: Requires organizations to establish effective IT security governance, including policies that address cybersecurity risks.
IIA GTAG (Global Technology Audit Guide) on Information Security Governance:
Recommends that clear policies should guide security controls, user access, and incident response to address cybersecurity threats.
A). Inventory of information assets (Incorrect)
While identifying critical information assets is essential for risk management, it does not constitute security governance on its own.
Asset inventories support governance but must be reinforced by policies that define how data should be protected.
B). Limited sharing of data files with external parties (Incorrect)
Restricting data sharing is a control measure, not a governance principle.
Policies define when, how, and under what conditions data can be shared securely.
C). Vulnerability assessment (Incorrect)
Assessments help identify security gaps but do not establish governance.
Effective governance ensures that vulnerabilities are identified, prioritized, and remediated in accordance with policies.
Explanation of Answer Choice D (Correct Answer):Explanation of Incorrect Answers:Conclusion:To ensure strong security governance, organizations must have clearly defined security policies (Option D) as a foundation for managing cybersecurity threats.
IIA References:
IIA Standard 2110 - Governance
IIA GTAG - Information Security Governance
- Other Version
- 1200IIA.IIA-CIA-Part3-CN.v2025-06-26.q187
- Latest Upload
- 133Microsoft.AB-731.v2026-07-03.q32
- 140Microsoft.AI-900-CN.v2026-07-03.q148
- 150GIAC.GICSP.v2026-07-03.q43
- 190EC-COUNCIL.212-89.v2026-07-03.q125
- 158Salesforce.Plat-Admn-201.v2026-07-02.q74
- 280AAPC.CPC.v2026-07-02.q224
- 166Cisco.820-605.v2026-07-02.q83
- 171Cisco.300-435.v2026-07-02.q95
- 135PaloAltoNetworks.XSIAM-Analyst.v2026-07-02.q35
- 228IIA.IIA-CIA-Part3-CN.v2026-07-02.q222
[×]
Download PDF File
Enter your email address to download IIA.IIA-CIA-Part3-CN.v2026-07-02.q222 Practice Test
