aat Practice Exams & CIMA Mock Exams

CIMA Mock Exams
Buy Mock Exams
Login

P3 – Mock Exam 2 – Free Mode

Time limit: 0

Mock Summary

0 of 60 Questions completed

Questions:

Information

You have already completed the mock before. Hence you can not start it again.

Mock is loading…

You must sign in or sign up to start the mock.

You must first complete the following:

Results

Mock complete. Results are being recorded.

Results

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

P3A: Enterprise Risk 0%
P3B: Strategic risk 0%
P3C: Internal Controls 0%
P3D: Cybersecurity risks 0%

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

Current
Review
Answered
Correct
Incorrect

Question 1 of 60

1. Question
The Production Manager has four possible suppliers for a key component. The organisation operates a Just-in-Time manufacturing process and requires parts to be delivered within 4 hours of placing the order. The organisation has a monthly demand of 2.5m for this specific component. The cost of production coming to a halt will cost the organisation £100,000 per 15 minutes and £1.75m in start up costs once production can be resumed.

Consider each proposal, using a 3×3 risk matrix (low medium and high) with impact on the Y axis and likelihood on the X axis, with the criteria: Capacity Issues, Delivery disruption and Infrastructure.

Based on your analysis of the risk matrix which of the following suppliers minimises the potential of the organisation incurring any downside risk?
- Is an experienced manufacture of this component with a production capacity of 15m per month, currently operating at 70%. They are located 75 miles from the organisation's factory and have their own fleet of delivery lorries.
- Has the technical capabilities to manufacture this component with a production capacity of 5m per month, currently operating at 0%. They are located 15 miles from the organisation's factory and would outsource the delivery to a specialist logistics firm.
- Is the world leading producer of this component and has the production capacity of 25m per month currently operating at 90%. They are located 20 miles from the organisation's factory and have their own fleet of delivery lorries.
- An international manufacture of a very similar component is prepared to establish a factory just 2 miles of the organisation's factory. The international manufacturer would initially only serve the needs of the organisation. They are prepared to utilise the old railway line between their proposed factory and the location of the organisation, delivering the components by rail.
Correct

Incorrect
Question 2 of 60

2. Question
An organisation operates as part of a oligopoly within the fleet industry, which naturally comes with high barriers to entry, with fierce competitive behaviour between the companies. Customers tend to be locked into long term contracts and it is known within the oligopoly when customer contracts are due for renewal, with competitors quick to promote their offer to customers. The market size is in excess of 100,000 customers.

Which one of the following would be the weakest competitive strategy to adopt?
- Cost Leadership
- Cost Focus
- Differentiation
- Differentiation Focus
Correct

Incorrect
Question 3 of 60

3. Question
Under the COSO framework, match the element to the principle:
Sort elements
- Sets the tone at the top
- Applies relevant expertise
- Established reporting lines
- Established policies and practices
- Established performance measures and incentives
- Integrity & Ethics
- Oversight
- Authority
- Competence
- Accountability
Correct

Incorrect
Question 4 of 60

4. Question
Which of the following is the first line of defence against a malware attack?
- Antivirus software
- Firewalls
- User privileges
- Spam email protector
Correct

Incorrect
Question 5 of 60

5. Question
Which one of the following represents the greatest operational risk for a national telecoms company?
- Funding the growth of the business using the short term credit facilities of the bank and suppliers
- A single cybersecurity breach resulting in the names, addresses and payment details of 25% of the organisations customers
- A single outage resulting in 10% of the customers not being to access their internet for 24 hours
- A 24 month delay on installing fibre broadband to rural customers
Correct

Incorrect
Question 6 of 60

6. Question
An established organisation who has become a byword for quality and service in their industry and has been rewarded with a very high market share is looking to grow over the next few years.

Which Product-Market strategy would be the most appropriate?
- Market penetration
- Product development
- Market development
- Product diversification
Correct

Incorrect
Question 7 of 60

7. Question
An organisation has analysed the amount it is spending on raw materials and does not understand how it has increased so much more than revenue despite the price per unit being fixed.

Which type of management control system could be introduced to analyse this issue further?
- Inventory Control
- Quality Control
- Risk Control
- Performance Management
Correct

Incorrect
Question 8 of 60

8. Question
Some hackers are called Grey Hat, what makes Grey Hat hackers different to Black and White Hat hackers?
- Grey Hat hackers do the same work as a White Hat hacker but ask for a payment from the company for finding the issue
- Grey Hat hackers do the same work as a Black Hat hacker and hold the company to ransom
- Grey Hat hackers attempt to find vulnerabilities and share this information with Black Hat hackers in exchange for a finders fee
- Grey Hat hackers do not report or ask for payment for finding vulnerabilities, they simple do this as a hobby
Correct

Incorrect
Question 9 of 60

9. Question
An American company needs to reduce costs, they are considering approaching Asian companies to manufacture their products.

Which of the following generates the most downside risk?
- The copyright laws in this country are very weak
- The supply of components and volume of production required will require significant investment
- Consumers in the American company's domestic market are used to companies outsourcing to Asia
- The Asian company is located in a country that is introducing tariffs on imported goods
Correct

Incorrect
Question 10 of 60

10. Question
Scenario planning is used in risk mitigation, as it removes which two of the following from the decision making process?
- Emotion
- Reactionary response
- Estimates
- Corrleation
- Risk
Correct

Incorrect
Question 11 of 60

11. Question
Under COSO, an organisation’s effective internal communication of issues is dependent on which of the following?

Select all that apply
- Assesses Results
- Monitors Corrective Actions
- Integrates with Risk Assessment
- Determines Relevant Business Processes
- Considers Entity-Specific Factors
Correct

Incorrect
Question 12 of 60

12. Question
Which of the following are characteristics of good cybersecurity policy?

Select all that apply
- Endorsed
- Relevant
- Realistic
- Secure
- Data focused
Correct

Incorrect
Question 13 of 60

13. Question
An organisation has a risk which has a 40% probability of occurring and would require extensive renovations to the projects lasting 26 weeks.

On further analysis, it is confirmed that of the 40% probability, this is made up of a 20% probability of requiring a 26-week renovation and a 20% probability of only needing minor remedial work, there is a 50% chance the remedial work could be delivered within 5 weeks and a 50% chance of it taking 10 weeks.

If this risk was to occur what is the exposure?

Enter your answer to one decimal places in the field below.
Correct

Incorrect
Question 14 of 60

14. Question
A business-to-consumer organisation is concerned over a possible recession and has asked the accounting department to conduct stress testing on its liquidity.

Which one of the following should not be considered?
- Customers increasing the amount of time to pay invoices
- Suppliers decreasing the credit terms
- Consumers cutting back spending
- The rising cost of supplies
Correct

Incorrect
Question 15 of 60

15. Question
An organisation has a policy where management can sign purchases off up to a value of £500. To do this they need to ensure that the invoice arrives with a purchase order number, they need to sign the invoice and hand it to the accounting department two weeks before the payment is due. The accounting department will issue purchase orders verbally via the telephone, which sometimes leads to issues as the purchase orders on the invoice don’t always match the number the accounting department is expecting.

What, if any, is a control weakness in this system?
- Documentation
- Training
- Authorisation
- There is no weakness
Correct

Incorrect
Question 16 of 60

16. Question
Which one of the following is not a security method for managing third party vendor security risks:
- Incorporated within security policies
- Extend security awareness
- Foster communication
- Know your vendor
- Malware training
Correct

Incorrect
Question 17 of 60

17. Question
An organisation has a policy of reporting only risks with a score of 9 or above to the Non-Executive Directors.

Which of the following would need to be reported?

Select all that apply
- Risk A: Likelihood 5, Impact 4
- Risk B: Likelihood 2, Impact 4
- Risk C: Likelihood 3, Impact 5
- Risk D: Likelihood 3, Impact 1
- Risk E: Likelihood 3, Impact 3
Correct

Incorrect
Question 18 of 60

18. Question
Which one of the following would not result in reputational risk?
- Ethics violations
- Safety issues
- Lack of sustainability
- Unethical innovation
- Lack of diversification
Correct

Incorrect
Question 19 of 60

19. Question
A temporary recruitment company has developed an automated system to record the workers time sheets. Workers are employed within the haulage sector where 10 hour days, 5 days a week are the norm and most contracts allow the agency to pay an overtime rate for any hours in excess of 10 hours per day. The system has the following criteria:
1. No more than 10 normal hours per day
2. No more than 5 overtime hours per day
3. Total Normal hours between 0 and 48
4. Total Overtime hours not in excess of 36
Which of the following statements are true?
- The system has a built in excess of 1 additional total overtime hour
- Some workers will have their time sheet rejected as the 10 normal hours per day is insufficient
- Workers can only record a maximum of 15 hours per day and a maximum of 84 hours per week
- A minority of staff will have their time sheet rejected due to insufficient overtime hours
Correct

Incorrect
Question 20 of 60

20. Question
Many online services require the employee to select the security question ‘Mother’s maiden name’, where is the weak link in this security question?
- Social Media
- Emails
- Electoral Roll
- HR Records
Correct

Incorrect
Question 21 of 60

21. Question
An organisation responsible for the design and installation of a new software system, which must be complete within the next eight weeks for the company is facing a overrun resulting in a penalty of £15,000 for each week the project is late, current projections are the project is between 8 and 12 weeks delayed. On further analysis, there is a probability of achieving the project by week 8 of 40% and by week 12 of 60%.

The organisation could bring in a number of freelance programmers to help catch up, the cost of this would be £25,000 per week and the project manager believes they would need the freelance programmers for 4 to six weeks. On further analysis there is a 60% probability of being caught up in four weeks and a 40% chance of it taking six weeks.

Which of the following statements is true?
- The organisation was a penalty exposure of £156,000 and the freelancers would cost £120,000
- The organisation was a penalty exposure of £180,000 and the freelancers would cost £150,000
- The organisation was a penalty exposure of £120,000 and the freelancers would cost £100,000
- The organisation was a penalty exposure of £126,000 and the freelancers would cost £116,000
Correct

Incorrect
Question 22 of 60

22. Question
Which one of the following would have the greatest reputational impact for an auditing firm?
- Ethics violations
- Safety issues
- Lack of sustainability
- Unethical innovation
Correct

Incorrect
Question 23 of 60

23. Question
Which one of the following does not require the legal business name of a company to be displayed?
- Business letter head
- Cheques
- On every page of the business website
- Company notices and publications
Correct

Incorrect
Question 24 of 60

24. Question
To implement an ISO 27001 compliant system, which of the following steps must be taken?

Select all that apply
- Scope the project
- Get board commitment and secure budget
- Identify interested parties, and legal, regulatory and contractual requirements
- Secure stakeholder buy in
- Define the project requirements
Correct

Incorrect
Question 25 of 60

25. Question
Which non-executive committee is often tasked with providing risk oversight?
- Audit
- Renumeration
- Nomination
- Ethics
Correct

Incorrect
Question 26 of 60

26. Question
A high street retailer known for low prices and quality that was reflective of the price was found to be mistreating its staff in its warehouses.

What impact will this have on the organisation’s strategy?
- No impact
- A reduction in sales
- An increase in orders
- Significant change will be required
Correct

Incorrect
Question 27 of 60

27. Question
An organisation is constantly calculating an adverse variance on raw material. Production volumes and efficiency have remained consistent and the price has actually fallen over the past six months.

There is a growing belief that a number of staff are stealing the raw material from the company. Which of the following detective controls would allow the company to identify if this is the case?
- Segregation of duties
- Security of assets
- Reconciliation
- Audit
Correct

Incorrect
Question 28 of 60

28. Question
Which one of the following is not part of a Cyber Security Incident Response Plan?
- Complete a risk assessment
- Identify key team members and stakeholders
- Define security incident types
- Issue a press release
Correct

Incorrect
Question 29 of 60

29. Question
Under IFRS 7 – Financial Instruments: Disclosure, which of the following must management disclosure to shareholders?

Select all that apply.
- The nature of risks being hedged
- Credit, Liquidity and Market risks and how these risks are managed
- The risks associated with the transfer of finical assets
- Interests in subsidiaries
- Disaggregate revenue
Correct

Incorrect
Question 30 of 60

30. Question
What is the role of the CEO when it comes to risk?
- Oversight
- Management
- Conducting tests
- Implementing policy
Correct

Incorrect
Question 31 of 60

31. Question
What type of audit being being described below:

This procedure is more detailed than a normal audit, since some issues involving smaller amounts of money and other assets that they might fall below the standard materiality thresholds
- Compliance
- Fraud
- Social and Environmental
- Management audit
Correct

Incorrect
Question 32 of 60

32. Question
Which one of the following would identify if an employee has accessed a database which has recently been involved in a security breach?
- Data Loss Prevention System
- Intrusion Detection Systems
- Antivirus Software
- Log Analyser
Correct

Incorrect
Question 33 of 60

33. Question
An charitable organisation is putting together a bid for a project. The amount the charity is asking for will exactly cover the costs of the project. As part of the project the charity is at risk of incurring a significant additional expense, which the charity would find difficult to cover. The charity is relatively small and as such is quite risk averse.

Which of the following should the charity do?
- Accept the risk, although potentially very damaging it is unlike to occur
- Transfer the risk, an insurance policy is available and the cost of this can be included in the bid
- Reduce the risk, by incurring additional expense which would not be covered by the funds from the bid
- Avoid the risk, by not pursuing the bid and thus the project
Correct

Incorrect
Question 34 of 60

34. Question
For a listed company the UK Corporate Governance Code suggests what fraction of the board should be independent non-executive directors?
- One-third
- One-half
- Two-thirds
- One-quarter
Correct

Incorrect
Question 35 of 60

35. Question
A Social and Environmental Audit would consider which of the following:

Select all that apply
- Donations
- Health and Safety
- Ethical investments
- Effectiveness of operations
- Cost/benefit analysis
Correct

Incorrect
Question 36 of 60

36. Question
If an organisation is affected by a malware attack, sort the following steps of response from once the attack is known:
- Disconnect
- Monitor online behaviour
- Scan
- Reinstall operating system
- Backup
Correct

Incorrect
Question 37 of 60

37. Question
If an organisation was to compile a COSO ERM report, which of the following must the organisation cover?

Select all that apply
- Internal Environment
- Risk Assessment
- Information and Communication
- Triple bottom line
- Risk Framework
Correct

Incorrect
Question 38 of 60

38. Question
Which of the following senior managers have powers of day-to-day management of the company that are exercisable without reference to the board?

Select all that apply
- Chief Executive Officer
- Chief Finance Officer
- The Chairperson
- Chief Legal Officer
- Chief Risk Officer
Correct

Incorrect
Question 39 of 60

39. Question
The three primary purposes of analytical review are:

Select three
- Preliminary analytical review
- Substantive analytical procedures
- Final analytical review
- Material analytical review
- Post audit analytical review
Correct

Incorrect
Question 40 of 60

40. Question
If an organisation wanted to develop an app which followed industry guidelines on software security, which body could they turn to for guidance?
- OWASP
- NIST
- Strong Foundation
- SAMM
Correct

Incorrect
Question 41 of 60

41. Question
Consider the Assurance Map below

Which department has the lowest level of assurance?
- Financial Reporting
- Legal
- Tax, Pensions and Insurance
- Human Resources
- Health and Safety
Correct

Incorrect
Question 42 of 60

42. Question
Which one of the following statements is true regarding the Nomination Committee?
- The Committee is responsible for the diversity of only the executive directors
- The Committee is responsible for the diversity of only the non-executive directors
- The Committee is responsible for the diversity of both the non-executive and executive directors
- The Committee is not responsible for the diversity in any way
Correct

Incorrect
Question 43 of 60

43. Question
What type of risk is being defined below:

is the probability that an auditor will fail to find material misstatements that exist in an organisation’s financial statements
- Detection
- Control
- Inherent
- Net
Correct

Incorrect
Question 44 of 60

44. Question
A Trust Gap exists between the Board and C-Suite on matters of cyber security, which one of the following should be adopted to overcome this issue?
- Create more transparency and forge stronger communication
- The organisation can provide comprehensive cybersecurity training to all staff
- Schedule regular conversations with vendors to assert the levels of security required to protect shared business information
- Request the national government intervene and supply the necessary support
Correct

Incorrect
Question 45 of 60

45. Question
Consider the Risk Register below:

Click to Open Risk Register in New Window

Which Risk is yet to be agreed?
- 1
- 2
- 3
- 4
- 5
- 6
Correct

Incorrect
Question 46 of 60

46. Question
The shareholders of an organisation want the share price to increase over the next five years, which of the following compensation packages for the CEO offers the lowest risk to this strategy?
- A basic of £250,000, short term performance related pay of 150% per annum and stock options of 300%
- A basic of £300,000, short term performance related pay of 100% per annum and stock options of 150%
- A basic of £450,000, short term performance related pay of 50% per annum and stock options of 75%
- A basic of £500,000, short term performance related pay of 25% per annum and stock options of 50%
Correct

Incorrect
Question 47 of 60

47. Question
Which of the following are elements of effective internal audits according to the COSO framework?

Select all that apply
- Control environment
- Risk assessment
- Control activities
- Independence
- Materiality Statement
Correct

Incorrect
Question 48 of 60

48. Question
When writing a cyber risk report, rearrange the following into a suitable structure:
- Analyse and evaluate identified risks and their relevance to the organisation
- Treat risks that exceed the organisations risk appetite
- Monitor risks and their relevance to the organisation
- Identify top risks, appetite for risks and assess controls and vulnerability
Correct

Incorrect
Question 49 of 60

49. Question
Rearrange the following to reflect the correct format of a Risk Report
- Risk
- Priority
- Amount
- Likelihood
- Notes
- Impact
Correct

Incorrect
Question 50 of 60

50. Question
A national manufacturer is looking to strength its non-executive directors. The CEO has asked the nominations committee to consider a recently retired partner from the accounting firm the organisations currently uses for consultancy.

If this partner was to be appointed, where might a conflict exist?
- Nomination Committee
- Risk Committee
- Audit Committee
- Renumeration Committee
Correct

Incorrect
Question 51 of 60

51. Question
Rank the following three internal audit findings from highest to lowest risk.
- A review of current banking arrangements found: a) The school arranged Insurance and signed a finance agreement with Close Brothers Premium Finance to pay the policy with interest in instalments. The Scheme for financing schools section 3.7 states that Governing Bodies may borrow monies, (which includes finance leases) only with the written permission of the Secretary of State. There was no evidence of such permission being granted
- A review of current purchasing arrangements found: The school is not preparing purchase order forms for all items ordered in school. These costs are not recorded as a committed expense, and accurate budget monitoring is not possible.
- The school's business continuity plan should be approved by the Governing Body.
Correct

Incorrect
Question 52 of 60

52. Question
An organisation has three subsidiaries, the internal auditors of each subsidiary also complete auditors at the other subsidiaries. Two of the internal auditors have a romantic relationship.

What is the ethical threat in the above scenario?
- Self interest
- Self review
- Advocacy
- Familiarity
- Intimidation
Correct

Incorrect
Question 53 of 60

53. Question
Which one of the following is an indicator that there is an issue with ineffective risk oversight?
- Lack of communication of risk information, up, down and across the organisation
- There is a lack of accountability to prudent risk-taking within the boundaries set out in the policy
- The process does not consider the extreme of events with little effort at improving readiness
- The risks inherent in the organisation's strategy are not identified
Correct

Incorrect
Question 54 of 60

54. Question
A small independent online retailer has taken the action to make the website unavailable, why might the retailer do this?

Select all that apply
- To protect customers confidentiality
- To protect the integrity of data
- To protect the process of establishing, maintaining and approving orders
- To protect the inventory levels
- To protect the staff from excess orders
Correct

Incorrect
Question 55 of 60

55. Question
Which of the following will influence the mitigation technique an organisation will adopt?
- Tolerance
- Appetite
- Capacity
- Likelihood
- Impact
Correct

Incorrect
Question 56 of 60

56. Question
Which one of the following is not the responsibility of the Risk Manager?
- Designing and implementing an overall risk management process for the organisation
- Performing a risk assessment
- Performing a risk evaluation
- Provide oversight of risk appetite and risk tolerance
Correct

Incorrect
Question 57 of 60

57. Question
Which one of the following is not a characteristic of a digital organisation?
- Data-driven
- Customer focused
- Collaborative
- Virtual
Correct

Incorrect
Question 58 of 60

58. Question
A UK organisation has just completed an update to its five year strategy, when a USA based supplier announced it plans to open operations in the UK.

Which underlying Strategic assumptions changed significantly?
- Market dynamics
- Porter's Five Forces
- The strengths and weaknesses of its assets
- Macro-environmental forces
Correct

Incorrect
Question 59 of 60

59. Question
Which model provides a framework covering operations, reporting and compliance?
- COSO
- Triple Bottom Line
- Integrated Reporting
- IAS
Correct

Incorrect
Question 60 of 60

60. Question
According to the UK Government’s guidance ‘Reducing the Cyber Risk in 10 Critical Areas’, which one of the following is not one of the ten?
- Network Security
- User Education and Awareness
- Managing User Privileges
- Offsite Restoration
Correct

Incorrect

CIMA Mock Exams

Operational Level
CIMA E1 Mock Exams
CIMA P1 Mock Exams
CIMA F1 Mock Exams

Management Level
CIMA E2 Mock Exams
CIMA P2 Mock Exams
CIMA F2 Mock Exams

Strategic Level
CIMA E3 Mock Exams
CIMA P3 Mock Exams
CIMA F3 Mock Exams

CIMA Mock Exams

aat Practice Exams

L2 Foundation Certificate
Bookkeeping Transactions
More Coming 2020/21

L3 Advanced Diploma
More Coming 2020/21

L4 Professional Diploma
More Coming 2020/21

aat Practice Exams

LDNx

Contact Us
Privacy Policy

aat Practice Exams & CIMA Mock Exams
Ionmhas Limited, 101 Rose Street South Lane, Edinburgh, Scotland, EH2 3JG

error: Content is protected !!

Mock Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

Sort elements

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question

51. Question

52. Question

53. Question

54. Question

55. Question

56. Question

57. Question

58. Question

59. Question

60. Question