Quality control circles are now used all over the world. The circles typically consist of a group of five to ten employees who meet regularly. The primary goal of these circles is to:
Correct Answer: B
Quality control circles are used to obtain voluntary input from employees to promote problem solving. Potential benefits include lower costs, better employer-employee relations, and greater employee commitment.
Question 22
The airlines have been leaders in the use of technology. Customers can make reservations either with an airline or through a travel agency. In this situation, a travel agency is classified as which type of distribution channel?
Correct Answer: A
Marketing intermediaries assist companies in promoting, selling, and distributing their goods and services to ultimate consumers. For example, travel agents access an airline's computerized reservation system and make reservations for their customers without ever taking title to the ticket.
Question 23
If the market rate of interest is [List A] the coupon rate when bonds are issued, then the bonds will sell in the market at a price [List B] the face value and the issuing firm will record a [List C] on bonds payable.
Correct Answer: A
Question 24
An organization selected a differentiation strategy to compete at the business level. Which of the following structures best fits this strategic choice?
Correct Answer: B
A differentiation strategy focuses on creating unique products or services to stand out from competitors. This strategy requires a flexible, decentralized structure that encourages innovation and market responsiveness, which is best achieved through a divisional structure. * Divisional Structure Supports Differentiation: * A divisional structure organizes the company into semi-autonomous business units, each focusing on a specific product, market, or geographic area. * This allows businesses to adapt strategies based on customer needs and competitive positioning. * Enhances Responsiveness and Innovation: * Each division operates independently, making quicker decisions that align with the differentiation strategy. * Fits Competitive Strategies: * Companies using differentiation need flexibility and customer focus, which a divisional structure provides better than rigid structures. * A. Functional structure: * Functional structures group employees by departments (e.g., finance, marketing) and are more suited for cost-leadership strategies, not differentiation. * C. Mechanistic structure: * A mechanistic structure is highly centralized and rigid, making it incompatible with innovation and differentiation. * D. Functional structure with cross-functional teams: * While this adds flexibility, it does not provide the autonomy needed for differentiation like a divisional structure does. * IIA Standard 2110 - Governance: Internal auditors assess business structures and strategies for alignment with organizational objectives. * COSO Framework - Performance Component: Ensures organizational structure supports strategic goals. Key Reasons Why Option B is Correct:Why Other Options Are Incorrect:IIA References:Thus, the correct answer is B. Divisional structure.
Question 25
An IT auditor is evaluating IT controls of a newly purchased information system. The auditor discovers that logging is not configured al database and application levels. Operational management explains that they do not have enough personnel to manage the logs and they see no benefit in keeping logs. Which of the fallowing responses best explains risks associated with insufficient or absent logging practices?
Correct Answer: C
Logging at the database and application levels is a critical security control that enables monitoring, detecting, and investigating potential security incidents. The absence of logging significantly increases cybersecurity risks and can leave an organization vulnerable to undetected attacks. * Incident Response & Forensics: Without logs, the organization will be unable to determine the cause, origin, and impact of cyber incidents or system intrusions. * Compliance Requirements: Many regulatory frameworks (e.g., ISO 27001, NIST 800-53, GDPR, PCI-DSS, SOX) require logging for security monitoring and auditability. * Threat Detection: Logs help in identifying malicious activities, unauthorized access, and data breaches. * Accountability: Ensures that actions taken within the system can be traced back to specific users or administrators. * Option A (The organization will be unable to develop preventative actions based on analytics): While logging helps in analytics, its primary function is incident detection and forensic investigation. * Option B (The organization will not be able to trace and monitor the activities of database administrators): This is partially correct, but logging is not just for administrators-it is essential for monitoring all system activities, including unauthorized access attempts. * Option D (The organization will be unable to upgrade the system to newer versions): Logging does not impact system upgrades; upgrades are related to software lifecycle management, not logging practices. * IIA's Global Technology Audit Guide (GTAG) - Information Security Controls recommends logging as a fundamental security control. * IIA Standard 2110 - IT Governance: Emphasizes the need for adequate IT risk management, including logging. * COSO Framework (Monitoring Component): Highlights the importance of system monitoring, which includes logging. Why Option C is Correct:Why Other Options Are Incorrect:IIA References:Thus, the most appropriate answer is C. The organization will be unable to determine why intrusions and cyber incidents took place.
