A company records income from an investment in common stock when it does which of the following?
Correct Answer: C
When a company invests in common stock, it can earn income in two primary ways: Dividend income: When the company receives dividends, it recognizes the income. Capital gains: When the stock is sold for a higher price than its purchase price, it results in a gain. Why Option C (Receives dividends) is Correct: Dividends represent income from an investment in common stock when declared and paid by the issuing company. Under GAAP and IFRS, dividend income is recognized when received, not when declared. Companies record dividends as investment income in their income statement. Why Other Options Are Incorrect: Option A (Purchases bonds): Incorrect because purchasing bonds is an investment transaction, not income recognition. Option B (Receives interest): Incorrect because interest income applies to bond investments, loans, or deposits, not common stock investments. Option D (Sells bonds): Incorrect because selling bonds results in capital gains or losses, not regular investment income from common stock. IIA Practice Guide - "Auditing Investment & Treasury Activities": Discusses the recognition of investment income. IFRS 9 (Financial Instruments) & GAAP Standards: Provide guidance on recording dividends as investment income. COSO Internal Control - Integrated Framework: Emphasizes proper financial reporting and income recognition. IIA References:
IIA-CIA-Part3 Exam Question 102
Which of the following assessments will assist in evaluating whether the internal audit function is consistently delivering quality engagements?
Correct Answer: B
The QAIP (Quality Assurance and Improvement Program) requires both ongoing monitoring and periodic assessments. Among these, ongoing monitoring is the mechanism that ensures continuous evaluation of whether engagements are being performed with quality and in conformance with the Standards. Option A (periodic assessments) review effectiveness but are not continuous. Option C (external assessments) and Option D (SAIV) are broader and periodic, not engagement-level consistency checks. Reference: IIA Standards - Standard 1311: Internal Assessments.
IIA-CIA-Part3 Exam Question 103
According to Herzberg's Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees?
Correct Answer: B
Comprehensive and Detailed In-Depth Explanation: Herzberg's Two-Factor Theory identifies: Motivators (Intrinsic factors) - Lead to job satisfaction (e.g., responsibility, recognition, growth). Hygiene factors (Extrinsic factors) - Prevent dissatisfaction but do not create motivation (e.g., salary, work conditions). Option A (Salary and status) - Hygiene factors that prevent dissatisfaction but do not drive motivation. Option C (Work conditions and security) - Also hygiene factors, not motivators. Option D (Peer relationships and personal life) - Affect job satisfaction indirectly, but are not primary motivators. Since responsibility and advancement directly drive motivation, Option B is correct. Reference: IIA Human Resource Management - Employee Motivation Theories
IIA-CIA-Part3 Exam Question 104
An internal auditor discovered that the organization was not in full compliance with a regulatory labeling requirement for one of its products. The responsible manager indicated that the current product labeling has been in use for several years without any problems. If discovered, this regulatory breach could result in significant fines for the organization. What should be the chief audit executive's next course of action?
Correct Answer: C
The CAE must communicate significant risk exposures and control issues to the board. A regulatory noncompliance issue that could result in significant fines qualifies as a high residual risk. Internal audit should not implement corrective actions (management's responsibility) or recommend disciplinary action. While discussions with management (Option A) are appropriate, the ultimate duty is to escalate the matter to the board (Option C). Reference: IIA Standards - Standard 2060: Reporting to Senior Management and the Board.
IIA-CIA-Part3 Exam Question 105
In reviewing an organization's IT infrastructure risks, which of the following controls is to be tested as pan of reviewing workstations?
Correct Answer: C
Understanding IT Infrastructure Risks and Workstation Security: Reviewing an organization's IT infrastructure risks includes assessing the security of workstations (desktops, laptops, and terminals) that connect to the organization's network. Workstations are vulnerable to physical theft, unauthorized access, and malware attacks, making physical controls a critical security measure. Why Physical Controls Are the Most Relevant for Workstations: Physical controls prevent unauthorized physical access, theft, tampering, and damage to workstations. Examples include: Locked office spaces or workstation enclosures to restrict access. Security badges or biometric authentication to prevent unauthorized use. Cable locks for laptops and desktop computers to deter theft. Surveillance cameras and security guards to monitor access. Why Other Options Are Incorrect: A). Input controls - Incorrect. Input controls ensure accuracy and completeness of data entry, which applies more to application security, not workstation security. B). Segregation of duties - Incorrect. Segregation of duties prevents fraud and conflicts of interest, but it does not directly address workstation security risks. D). Integrity controls - Incorrect. Integrity controls ensure data consistency and accuracy in databases and transactions, not workstation security. IIA's Perspective on IT Risk and Physical Security Controls: IIA Standard 2110 - Governance requires organizations to implement physical security measures for IT assets, including workstations. IIA GTAG (Global Technology Audit Guide) on IT Risks highlights the importance of restricting physical access to IT devices to prevent unauthorized use or data breaches. ISO 27001 Information Security Standard recommends physical controls to secure IT infrastructure and prevent workstation-related risks. IIA References: IIA Standard 2110 - IT Security & Physical Access Control IIA GTAG - Physical Security of IT Assets ISO 27001 - Physical Security and IT Risk Management Thus, the correct and verified answer is C. Physical controls.
