MCQ questions on Data Analytics

MCQ questions on Data Analytics...

Section A:

*1. Big Data & Data Types*

_Which characteristic best defines “Big Data” in the context of IS audit?_

A) Small volume of structured data

B) High volume, velocity, and variety of data 

C) Only financial transaction records

D) Data stored exclusively on mainframes

*2. Data & Information*

_Information differs from data primarily because it:_

A) Is raw facts

B) Has context and meaning 

C) Is stored in databases

D) Never changes

*3. Data Analytics*

_Which technique is most appropriate for detecting patterns in large datasets?_

A) Manual sampling

B) Descriptive statistics

C) Predictive data analytics 

D) Compliance testing

*4. Data Integrity*

_Which control BEST ensures data integrity during data entry?_

A) Field checks 

B) Data encryption

C) Backup procedures

D) Network firewalls

*5. Data Mining*

_Data mining is primarily used to:_

A) Store current operational data

B) Discover hidden patterns in large datasets 

C) Perform routine transaction processing

D) Conduct physical security audits

*6. Data Warehouse & Data Mart*

_What is the main difference between a data warehouse and a data mart?_

A) Data warehouses store only current data; data marts store historical data

B) Data warehouses are department‑specific; data marts are enterprise‑wide

C) Data warehouses are centralized repositories of integrated data; data marts are subsets for specific user groups 

D) Data warehouses are cloud‑only; data marts are on‑premises only

*7. Structured, Unstructured & Semi‑Structured Data*

_Which of the following BEST describes “semi‑structured” data?_

A) Data that fits neatly into rows and columns

B) Data without any organization

C) Data that contains tags or markers to separate elements (e.g., XML, JSON) 

D) Data stored only in paper files

*8. Data Science & Cloud Computing*

_In cloud computing, “Software as a Service (SaaS)” means:_

A) The organization provides hardware to users

B) The provider delivers applications over the internet 

C) Users manage the underlying infrastructure

D) Data is stored only on local servers

*9. Computer Bug & Computer Virus*

_Which statement accurately differentiates a “bug” from a “virus”?_

A) A bug is malicious code; a virus is a coding error

B) A bug is an unintentional coding error; a virus is malicious software 

C) Both are types of malware

D) Bugs affect hardware; viruses affect software

*10. Data Redundancy*

_Which of the following is a benefit of controlled data redundancy?_

A) Improves data consistency when properly managed 

B) Reduces storage costs

C) Increases risk of unauthorized access

D) Eliminates the need for backups

*11. Data Life Cycle*

_Which phase of the data life cycle involves deciding when data is no longer needed and can be destroyed?_

A) Creation

B) Usage

C) Retention

D) Disposal 

*12. Data Visualization*

_The primary purpose of data visualization is to:_

A) Encrypt sensitive data

B) Present data in graphical formats to aid understanding 

C) Increase data storage capacity

D) Perform complex calculations

*13. Application Controls*

_Which of the following is an example of an application control?_

A) Firewalls

B) Input validation checks 

C) Intrusion detection systems

D) Physical access locks

Section B:

1. Big Data & Data Types

_Which “V” of Big Data refers to the speed at which data is generated and processed?_

A) Volume

B) Variety

C) Velocity 

D) Veracity

2. Structured vs. Unstructured Data

_Which of the following is an example of unstructured data?_

A) Relational database tables

B) CSV files

C) Emails 

D) Excel spreadsheets

3. Semi‑Structured Data

_XML and JSON are examples of:_

A) Structured data

B) Unstructured data

C) Semi‑structured data 

D) No data

4. Data Analytics – Types

_Descriptive analytics helps organizations:_

A) Predict future trends

B) Summarize historical data 

C) Recommend optimal actions

D) Identify hidden patterns

5. Data Integrity Controls

_Which control is MOST effective to prevent unauthorized alterations of financial data?_

A) Data encryption at rest

B) Digital signatures 

C) Regular backups

D) Network intrusion detection

6. Data Mining

_The “association rule learning” technique in data mining is used to:_

A) Classify data into predefined categories

B) Discover relationships between variables 

C) Reduce dataset dimensionality

D) Perform statistical hypothesis testing

7. Data Warehouse & Data Mart

_Data marts typically serve which of the following purposes?_

A) Store all enterprise data in raw form

B) Provide department‑specific analytical data 

C) Replace operational databases

D) Perform real‑time transaction processing

8. Cloud Computing Models

_In which cloud service model does the provider manage the operating system, middleware, and runtime?_

A) IaaS

B) PaaS 

C) SaaS

D) Hybrid cloud

9. Computer Bug vs. Virus

_A “bug” in software typically results from:_

A) Intentional malicious code

B) Unintentional programming error 

C) Hardware failure

D) User negligence

10. Data Redundancy

_Controlled redundancy in a database improves:_

A) Storage cost efficiency

B) Fault tolerance 

C) Processing speed exclusively

D) Complexity of queries

11. Data Life Cycle – Retention

_During which phase are data retention policies defined?_

A) Creation

B) Usage

C) Retention 

D) Disposal

12. Data Visualization

_Which chart type is BEST for showing trends over time?_

A) Pie chart

B) Line chart 

C) Scatter plot

D) Heat map

13. Application Controls – Input Controls

_Which of the following validates that a date entry falls within a permissible range?_

A) Check digit

B) Reasonableness check 

C) Hash total

D) Authorization check

14. Cloud Data Security

_When data resides in a public cloud, which party is primarily responsible for physical security of the data center?_

A) Cloud customer

B) Cloud provider 

C) Third‑party auditor

D) End‑users

15. Data Science Lifecycle (CRISP‑DM)

_Which step follows “Data Understanding” in the CRISP‑DM methodology?_

A) Business Understanding

B) Data Preparation 

C) Modeling

D) Evaluation

www.gmsisuccess.in

ANSWERS:

MCQ questions on Data Analytics...

Section A:

*1. Big Data & Data Types*

_Which characteristic best defines “Big Data” in the context of IS audit?_

A) Small volume of structured data

B) High volume, velocity, and variety of data ✅

C) Only financial transaction records

D) Data stored exclusively on mainframes

*2. Data & Information*

_Information differs from data primarily because it:_

A) Is raw facts

B) Has context and meaning ✅

C) Is stored in databases

D) Never changes

*3. Data Analytics*

_Which technique is most appropriate for detecting patterns in large datasets?_

A) Manual sampling

B) Descriptive statistics

C) Predictive data analytics ✅

D) Compliance testing

*4. Data Integrity*

_Which control BEST ensures data integrity during data entry?_

A) Field checks ✅

B) Data encryption

C) Backup procedures

D) Network firewalls

*5. Data Mining*

_Data mining is primarily used to:_

A) Store current operational data

B) Discover hidden patterns in large datasets ✅

C) Perform routine transaction processing

D) Conduct physical security audits

*6. Data Warehouse & Data Mart*

_What is the main difference between a data warehouse and a data mart?_

A) Data warehouses store only current data; data marts store historical data

B) Data warehouses are department‑specific; data marts are enterprise‑wide

C) Data warehouses are centralized repositories of integrated data; data marts are subsets for specific user groups ✅

D) Data warehouses are cloud‑only; data marts are on‑premises only

*7. Structured, Unstructured & Semi‑Structured Data*

_Which of the following BEST describes “semi‑structured” data?_

A) Data that fits neatly into rows and columns

B) Data without any organization

C) Data that contains tags or markers to separate elements (e.g., XML, JSON) ✅

D) Data stored only in paper files

*8. Data Science & Cloud Computing*

_In cloud computing, “Software as a Service (SaaS)” means:_

A) The organization provides hardware to users

B) The provider delivers applications over the internet ✅

C) Users manage the underlying infrastructure

D) Data is stored only on local servers

*9. Computer Bug & Computer Virus*

_Which statement accurately differentiates a “bug” from a “virus”?_

A) A bug is malicious code; a virus is a coding error

B) A bug is an unintentional coding error; a virus is malicious software ✅

C) Both are types of malware

D) Bugs affect hardware; viruses affect software

*10. Data Redundancy*

_Which of the following is a benefit of controlled data redundancy?_

A) Improves data consistency when properly managed ✅

B) Reduces storage costs

C) Increases risk of unauthorized access

D) Eliminates the need for backups

*11. Data Life Cycle*

_Which phase of the data life cycle involves deciding when data is no longer needed and can be destroyed?_

A) Creation

B) Usage

C) Retention

D) Disposal ✅

*12. Data Visualization*

_The primary purpose of data visualization is to:_

A) Encrypt sensitive data

B) Present data in graphical formats to aid understanding ✅

C) Increase data storage capacity

D) Perform complex calculations

*13. Application Controls*

_Which of the following is an example of an application control?_

A) Firewalls

B) Input validation checks ✅

C) Intrusion detection systems

D) Physical access locks

Section B:

1. Big Data & Data Types

_Which “V” of Big Data refers to the speed at which data is generated and processed?_

A) Volume

B) Variety

C) Velocity ✅

D) Veracity

2. Structured vs. Unstructured Data

_Which of the following is an example of unstructured data?_

A) Relational database tables

B) CSV files

C) Emails ✅

D) Excel spreadsheets

3. Semi‑Structured Data

_XML and JSON are examples of:_

A) Structured data

B) Unstructured data

C) Semi‑structured data ✅

D) No data

4. Data Analytics – Types

_Descriptive analytics helps organizations:_

A) Predict future trends

B) Summarize historical data ✅

C) Recommend optimal actions

D) Identify hidden patterns

5. Data Integrity Controls

_Which control is MOST effective to prevent unauthorized alterations of financial data?_

A) Data encryption at rest

B) Digital signatures ✅

C) Regular backups

D) Network intrusion detection

6. Data Mining

_The “association rule learning” technique in data mining is used to:_

A) Classify data into predefined categories

B) Discover relationships between variables ✅

C) Reduce dataset dimensionality

D) Perform statistical hypothesis testing

7. Data Warehouse & Data Mart

_Data marts typically serve which of the following purposes?_

A) Store all enterprise data in raw form

B) Provide department‑specific analytical data ✅

C) Replace operational databases

D) Perform real‑time transaction processing

8. Cloud Computing Models

_In which cloud service model does the provider manage the operating system, middleware, and runtime?_

A) IaaS

B) PaaS ✅

C) SaaS

D) Hybrid cloud

9. Computer Bug vs. Virus

_A “bug” in software typically results from:_

A) Intentional malicious code

B) Unintentional programming error ✅

C) Hardware failure

D) User negligence

10. Data Redundancy

_Controlled redundancy in a database improves:_

A) Storage cost efficiency

B) Fault tolerance ✅

C) Processing speed exclusively

D) Complexity of queries

11. Data Life Cycle – Retention

_During which phase are data retention policies defined?_

A) Creation

B) Usage

C) Retention ✅

D) Disposal

12. Data Visualization

_Which chart type is BEST for showing trends over time?_

A) Pie chart

B) Line chart ✅

C) Scatter plot

D) Heat map

13. Application Controls – Input Controls

_Which of the following validates that a date entry falls within a permissible range?_

A) Check digit

B) Reasonableness check ✅

C) Hash total

D) Authorization check

14. Cloud Data Security

_When data resides in a public cloud, which party is primarily responsible for physical security of the data center?_

A) Cloud customer

B) Cloud provider ✅

C) Third‑party auditor

D) End‑users

15. Data Science Lifecycle (CRISP‑DM)

_Which step follows “Data Understanding” in the CRISP‑DM methodology?_

A) Business Understanding

B) Data Preparation ✅

C) Modeling

D) Evaluation

*Answers Key*

1‑C, 2‑C, 3‑C, 4‑B, 5‑B, 6‑B, 7‑B, 8‑B, 9‑B, 10‑B, 11‑C, 12‑B, 13‑B, 14‑B, 15‑B

www.gmsisuccess.in

MCQ questions on Financial statements

✅ MCQ QUESTIONS— FINANCIAL ACCOUNTING

---

1. Which of the following is a characteristic of an operating lease (lessee books)?

A. Lessee records asset and liability
B. Lease transfers major risks & rewards
C. Lease rental is charged to Profit & Loss
D. Lessee records depreciation

Answer: 

---

2. In a finance/capital lease, the leased asset is recorded by the lessee at:

A. Residual value
B. Fair value or PV of lease payments, whichever is lower
C. Cost of asset to lessor
D. Only PV of lease payments

Answer: 

---

3. Age-wise analysis of trade receivables is mainly used for:

A. Cash flow forecasting
B. Bad debts provisioning
C. Inventory valuation
D. Depreciation estimation

Answer: 

---

4. Under mortgage loan, the security is:

A. Movable property
B. Immovable property
C. Hypothecated stock
D. Shares pledged

Answer: 

---

5. Under hypothecation, the lender has:

A. Physical possession of goods
B. No charge on assets
C. Charge on movable goods without possession
D. Charge on immovable property

Answer: 

---

6. Under pledge, the lender has:

A. Physical possession of goods
B. Charge without possession
C. Charge only on immovable assets
D. Charge on debtor's receivables

Answer: 

---

7. Refinance loan taken to repay an existing long-term loan is classified as:

A. Current liability
B. Non-current liability
C. Other equity
D. Deferred asset

Answer: 

---

8. The prudent (conservatism) concept requires:

A. Recognise income early
B. Record liabilities when uncertain
C. Ignore probable losses
D. Overstate assets

Answer: 

---

9. The first footnote below a balance sheet generally contains:

A. Auditor’s report
B. Accounting policies summary
C. Director’s report
D. Cash flow information

Answer: 

---

10. Going concern assumption means:

A. Business is for temporary period
B. Business will liquidate shortly
C. Business will continue for foreseeable future
D. Business will operate for one year only

Answer: 

---

11. Realisation concept recognizes revenue when:

A. Cash is received
B. Risk and rewards transfer
C. Order is received
D. Invoice is raised

Answer: 

---

12. Separate entity concept means:

A. Owner and business are same
B. Owner is responsible for all acts
C. Business is distinct from owner
D. Assets belong to owner personally

Answer: 

---

13. Capital expenditure relates to:

A. Day-to-day expenses
B. Cost generating future economic benefits
C. Purely advertisement cost
D. Salary of employees

Answer: 

---

14. Revenue expenditure is:

A. Cost improving asset life
B. Expenses recurring in nature
C. Cost of new machine installation
D. Cost of building extension

Answer: 

---

15. Proprietary theory treats equity as:

A. Owners’ interest
B. Liability
C. Asset
D. Capital loss

Answer: 

---

16. Under proprietary theory, accounting equation is:

A. Assets = Liabilities
B. Assets – Liabilities = Equity
C. Assets = Equity
D. Assets = Equity – Liabilities

Answer: 

---

17. Residuary equity theory views ownership interest as:

A. Fixed claim
B. Residual claim after satisfying liabilities
C. Equal to liabilities
D. Priority claim

Answer: 

---

18. A stock dividend means:

A. Dividend paid in cash
B. Dividend paid in shares
C. Dividend paid in debentures
D. Dividend paid through assets

Answer: 

---

19. Equity dividend refers to:

A. Dividend paid to preference shareholders
B. Dividend paid to debenture holders
C. Dividend paid to equity shareholders
D. Dividend paid to creditors

Answer: 

---

20. Audit committee independence requires:

A. Majority internal employees
B. Majority independent directors
C. CEO must be chairperson
D. CFO must be a member

Answer: 

---

21. Which is NOT a component of the annual report?

A. Director’s Report
B. Auditor’s Report
C. Statement of Profit & Loss
D. Employees’ personal information

Answer: 

---

22. Accrual concept means revenue/expense is recorded:

A. Only when cash is received
B. On performance/obligation basis
C. Only when bank approves
D. Only at end of year

Answer: 

---

23. Money measurement concept records transactions:

A. In units of time
B. In monetary terms only
C. In physical quantities
D. Based on manager’s judgment

Answer: 

---

24. An item of value in accounting is:

A. Liability
B. Asset
C. Expense
D. Loss

Answer: 

---

25. Net worth of a company equals:

A. Total assets – Total liabilities
B. Current assets – current liabilities
C. Equity share capital only
D. Profit for the year

Answer: 

---

26. Listing of a public company in stock exchange requires:

A. Only incorporation
B. SEBI approval and compliance
C. RBI approval only
D. GST registration

Answer: 

---

27. CEO stands for:

A. Chief Engineering Officer
B. Central Executive Officer
C. Chief Executive Officer
D. Chief Entity Officer

Answer: 

---

28. CFO is responsible for:

A. HR management
B. Finance and financial reporting
C. Legal affairs only
D. Production planning

Answer: 

---

29. Depreciation is:

A. Physical reduction only
B. Allocation of cost of tangible asset
C. Market value reduction
D. Cash loss

Answer: 

---

30. Amortisation is used for:

A. Tangible asset
B. Intangible asset
C. Land
D. Inventory

Answer: 

---

31. Impairment loss equals:

A. Carrying amount – recoverable amount
B. Cost – depreciation
C. Market value – cost
D. Fair value – residual value

Answer: 

---

32. Historical cost concept records assets at:

A. Market value
B. Replacement cost
C. Original purchase price
D. Discounted value

Answer: 

---

33. Which is a component of financial statements?

A. Internal memo
B. Board meeting notes
C. Cash flow statement
D. Advertisement brochure

Answer: 

---

34. Lessor in a finance lease recognises:

A. Lease expenses
B. Lease receivable
C. Leased asset
D. Asset impairment only

Answer: 

---

35. Lessee in an operating lease recognises:

A. Leased asset
B. Lease liability
C. Lease rental expense
D. Lease receivable

Answer: 

---

36. Mortgage loan appears in the balance sheet under:

A. Equity
B. Other current liabilities
C. Long-term borrowings
D. Other assets

Answer: 

37. Hypothecated goods appear in:

A. Off-balance sheet only
B. Inventory
C. Other current liabilities
D. Loans & advances

Answer: 

---

38. Footnotes in FS are used for:

A. Disclosing accounting policies
B. Selecting audit firm
C. Disclosing salary slips
D. Registering company

Answer: 

---

39. Capital lease depreciation is charged by:

A. Lessor
B. Lessee
C. Bank
D. Auditor

Answer: 

---

40. Impairment is required when:

A. Market value increases
B. Asset becomes obsolete
C. Asset is under construction
D. Inventory is sold at higher price

Answer: 

---

www.gmsisuccess.in

ANSWERS....

✅ MCQ QUESTIONS WITH ANSWERS — FINANCIAL ACCOUNTING

---

1. Which of the following is a characteristic of an operating lease (lessee books)?

A. Lessee records asset and liability
B. Lease transfers major risks & rewards
C. Lease rental is charged to Profit & Loss
D. Lessee records depreciation

Answer: C

---

2. In a finance/capital lease, the leased asset is recorded by the lessee at:

A. Residual value
B. Fair value or PV of lease payments, whichever is lower
C. Cost of asset to lessor
D. Only PV of lease payments

Answer: B

---

3. Age-wise analysis of trade receivables is mainly used for:

A. Cash flow forecasting
B. Bad debts provisioning
C. Inventory valuation
D. Depreciation estimation

Answer: B

---

4. Under mortgage loan, the security is:

A. Movable property
B. Immovable property
C. Hypothecated stock
D. Shares pledged

Answer: B

---

5. Under hypothecation, the lender has:

A. Physical possession of goods
B. No charge on assets
C. Charge on movable goods without possession
D. Charge on immovable property

Answer: C

---

6. Under pledge, the lender has:

A. Physical possession of goods
B. Charge without possession
C. Charge only on immovable assets
D. Charge on debtor's receivables

Answer: A

---

7. Refinance loan taken to repay an existing long-term loan is classified as:

A. Current liability
B. Non-current liability
C. Other equity
D. Deferred asset

Answer: B

---

8. The prudent (conservatism) concept requires:

A. Recognise income early
B. Record liabilities when uncertain
C. Ignore probable losses
D. Overstate assets

Answer: B

---

9. The first footnote below a balance sheet generally contains:

A. Auditor’s report
B. Accounting policies summary
C. Director’s report
D. Cash flow information

Answer: B

---

10. Going concern assumption means:

A. Business is for temporary period
B. Business will liquidate shortly
C. Business will continue for foreseeable future
D. Business will operate for one year only

Answer: C

---

11. Realisation concept recognizes revenue when:

A. Cash is received
B. Risk and rewards transfer
C. Order is received
D. Invoice is raised

Answer: B

---

12. Separate entity concept means:

A. Owner and business are same
B. Owner is responsible for all acts
C. Business is distinct from owner
D. Assets belong to owner personally

Answer: C

---

13. Capital expenditure relates to:

A. Day-to-day expenses
B. Cost generating future economic benefits
C. Purely advertisement cost
D. Salary of employees

Answer: B

---

14. Revenue expenditure is:

A. Cost improving asset life
B. Expenses recurring in nature
C. Cost of new machine installation
D. Cost of building extension

Answer: B

---

15. Proprietary theory treats equity as:

A. Owners’ interest
B. Liability
C. Asset
D. Capital loss

Answer: A

---

16. Under proprietary theory, accounting equation is:

A. Assets = Liabilities
B. Assets – Liabilities = Equity
C. Assets = Equity
D. Assets = Equity – Liabilities

Answer: C

---

17. Residuary equity theory views ownership interest as:

A. Fixed claim
B. Residual claim after satisfying liabilities
C. Equal to liabilities
D. Priority claim

Answer: B

---

18. A stock dividend means:

A. Dividend paid in cash
B. Dividend paid in shares
C. Dividend paid in debentures
D. Dividend paid through assets

Answer: B

---

19. Equity dividend refers to:

A. Dividend paid to preference shareholders
B. Dividend paid to debenture holders
C. Dividend paid to equity shareholders
D. Dividend paid to creditors

Answer: C

---

20. Audit committee independence requires:

A. Majority internal employees
B. Majority independent directors
C. CEO must be chairperson
D. CFO must be a member

Answer: B

---

21. Which is NOT a component of the annual report?

A. Director’s Report
B. Auditor’s Report
C. Statement of Profit & Loss
D. Employees’ personal information

Answer: D

---

22. Accrual concept means revenue/expense is recorded:

A. Only when cash is received
B. On performance/obligation basis
C. Only when bank approves
D. Only at end of year

Answer: B

---

23. Money measurement concept records transactions:

A. In units of time
B. In monetary terms only
C. In physical quantities
D. Based on manager’s judgment

Answer: B

---

24. An item of value in accounting is:

A. Liability
B. Asset
C. Expense
D. Loss

Answer: B

---

25. Net worth of a company equals:

A. Total assets – Total liabilities
B. Current assets – current liabilities
C. Equity share capital only
D. Profit for the year

Answer: A

---

26. Listing of a public company in stock exchange requires:

A. Only incorporation
B. SEBI approval and compliance
C. RBI approval only
D. GST registration

Answer: B

---

27. CEO stands for:

A. Chief Engineering Officer
B. Central Executive Officer
C. Chief Executive Officer
D. Chief Entity Officer

Answer: C

---

28. CFO is responsible for:

A. HR management
B. Finance and financial reporting
C. Legal affairs only
D. Production planning

Answer: B

---

29. Depreciation is:

A. Physical reduction only
B. Allocation of cost of tangible asset
C. Market value reduction
D. Cash loss

Answer: B

---

30. Amortisation is used for:

A. Tangible asset
B. Intangible asset
C. Land
D. Inventory

Answer: B

---

31. Impairment loss equals:

A. Carrying amount – recoverable amount
B. Cost – depreciation
C. Market value – cost
D. Fair value – residual value

Answer: A

---

32. Historical cost concept records assets at:

A. Market value
B. Replacement cost
C. Original purchase price
D. Discounted value

Answer: C

---

33. Which is a component of financial statements?

A. Internal memo
B. Board meeting notes
C. Cash flow statement
D. Advertisement brochure

Answer: C

---

34. Lessor in a finance lease recognises:

A. Lease expenses
B. Lease receivable
C. Leased asset
D. Asset impairment only

Answer: B

---

35. Lessee in an operating lease recognises:

A. Leased asset
B. Lease liability
C. Lease rental expense
D. Lease receivable

Answer: C

---

36. Mortgage loan appears in the balance sheet under:

A. Equity
B. Other current liabilities
C. Long-term borrowings
D. Other assets

Answer: C

---

37. Hypothecated goods appear in:

A. Off-balance sheet only
B. Inventory
C. Other current liabilities
D. Loans & advances

Answer: B

---

38. Footnotes in FS are used for:

A. Disclosing accounting policies
B. Selecting audit firm
C. Disclosing salary slips
D. Registering company

Answer: A

---

39. Capital lease depreciation is charged by:

A. Lessor
B. Lessee
C. Bank
D. Auditor

Answer: B

---

40. Impairment is required when:

A. Market value increases
B. Asset becomes obsolete
C. Asset is under construction
D. Inventory is sold at higher price

Answer: B

---

www.gmsisuccess.in

Cybersecurity Audit Basic concept

Cybersecurity Audit:

cybersecurity audit basic concepts and process by CISA auditor

The basic concepts of a cybersecurity audit by a CISA auditor focus on risk-based assessment, strong access controls, and continuous monitoring of security policies and compliance with regulations. The audit process involves planning and scoping risks, evaluating cybersecurity controls like firewalls, encryption, and multi-factor authentication, and assessing the organization's incident response and recovery capabilities. A CISA auditor examines vulnerabilities, analyzes their impact, tests controls, reviews logs for unusual activities, and provides recommendations to improve security posture and ensure the confidentiality, integrity, and availability of information assets.

### Basic Concepts of Cybersecurity Audit by CISA

- Risk-based approach: Identifying, analyzing, and mitigating cybersecurity risks to protect business assets.

- Access controls: Ensuring only authorized users have access to sensitive data and systems through mechanisms like multi-factor authentication.

- Continuous monitoring: Regular review of system logs and security policies to detect and respond to suspicious activities.

- Compliance review: Checking adherence to standards (ISO 27001, GDPR, SOC 2) and regulatory requirements.

- Control evaluation: Assessing effectiveness of controls such as firewalls, encryption, and vulnerability management.

### Cybersecurity Audit Process by a CISA Auditor

- Planning and Scoping: Defining audit objectives, audit scope, and methodology based on risks and business needs.

- Risk Assessment: Identifying threats, vulnerabilities, and their potential impacts.

- Control Testing: Verifying logical, physical, and environmental security controls are effective.

- Evidence Collection and Analysis: Gathering audit evidence through testing and review of policies, processes, and logs.

- Reporting and Recommendations: Communicating findings, providing mitigation advice, and following up on implementation.

- Continuous Auditing: Incorporating ongoing monitoring practices to keep security posture updated with evolving threats.

### CISA Auditor Role in Cybersecurity Audit

- Implementing a risk-based audit strategy that aligns with organizational goals.

- Executing audits to evaluate the protection and management of IT assets.

- Reviewing incident response plans and security awareness training.

- Advising on improvements to strengthen governance and security controls.

- Performing follow-up audits to ensure remediation measures are effective.

This comprehensive approach by CISA auditors helps organizations proactively manage cybersecurity risks and enhance resilience against cyber threats 

---

✅ Cybersecurity Audit – Key Points to Remember (CISA Exam)

---

1. Understand the Cybersecurity Governance Frameworks

• NIST CSF – Identify, Protect, Detect, Respond, Recover
• ISO/IEC 27001 – Information Security Management System (ISMS)
• COBIT 2019 – Governance & management of enterprise IT
• CIS Controls – Prioritized set of 18 controls
• ITIL – Service management; incident/problem/change management

CISA may ask to identify which framework best supports governance, risk, or controls.

---

2. Cybersecurity Policies & Procedures

• Information security policy → High-level, approved by board
• Standards → Mandatory rules
• Procedures → Step-by-step instructions
• Guidelines → Recommended practices

Key policies:

• Acceptable use policy (AUP)
• Incident response policy
• Access control policy
• Data classification & retention policy

---

3. Risk Management in Cybersecurity

• Steps: Identify → Analyze → Evaluate → Treat → Monitor
• Risk = Threat × Vulnerability × Impact
• Risk treatment options: Avoid, Mitigate, Transfer, Accept
• CISA focuses on:
  • ALMOST (Annualized Loss Expectancy)
  • SLE (Single Loss Expectancy)
  • ARO (Annual Rate of Occurrence)

---

4. Cybersecurity Controls

A. Preventive Controls

• Firewalls
• Encryption
• MFA / 2FA
• Access control (RBAC, ABAC, MAC, DAC)
• Endpoint protection

B. Detective Controls

• IDS/IPS
• Log monitoring (SIEM)
• Security alerts
• File integrity monitoring

C. Corrective Controls

• Incident response actions
• Patching
• Backups & restoration

---

5. Endpoint & Network Security Basics (Exam Favorite)

• Firewall types: Packet filtering, Stateful, Proxy, NGFW
• IDS vs IPS:
  • IDS → Detect only
  • IPS → Detect + block
• VPN: Ensures confidentiality + integrity
• DMZ: Hosts public-facing systems, isolates internal network

---

6. Identity & Access Management (IAM)

• Authentication factors:
  • Something you know / have / are
• Authorization models:
  • RBAC → Roles
  • ABAC → Attributes
  • MAC → High security environments
  • DAC → Owner decides
• Least privilege and Segregation of duties (SoD)
• Privilege creep → common exam question

---

7. Cryptography Essentials

• Encryption: AES, DES/3DES, RSA
• Hashing: SHA-256, MD5 (weak)
• Digital signatures: Integrity + Authentication + Non-repudiation
• Key management: Most critical control in cryptography

---

8. Vulnerability & Penetration Testing

• Vulnerability assessment: Identifies weaknesses
• Penetration test: Attempts exploitation
• Types: Black box, White box, Grey box
• Steps: Planning → Discovery → Attack → Reporting
• Evidence must be properly documented for the audit trail.

---

9. Cybersecurity Incident Management

• Phases (NIST 800-61):
  Preparation → Detection → Containment → Eradication → Recovery → Lessons learned
• Key roles:
  • Incident Response Team (IRT)
  • Forensics experts
• Chain of custody is essential to maintain evidence integrity.

---

10. Business Continuity & Disaster Recovery

• Cybersecurity audit checks:
  • Backup strategy
  • DR plan testing
  • RPO & RTO
  • Alternate sites: Hot, Warm, Cold
• Focus on resilience, redundancy, recovery.

---

11. Security Logging & Monitoring

• Logs must be:
  • Complete
  • Tamper-proof
  • Time synchronized
  • Reviewed regularly
• SIEM helps correlate events & detect anomalies.

---

12. Cloud Cybersecurity Controls

• Shared responsibility model (IaaS, PaaS, SaaS differences)
• Cloud risks:
  • Misconfiguration
  • Vendor lock-in
  • Data residency
• Controls:
  • CASB
  • Encryption
  • IAM
  • Logging & monitoring tools

---

13. Auditing Cybersecurity – What CISA Expects

• Determine control design effectiveness.
• Test operating effectiveness.
• Ensure alignment with business objectives.
• Evaluate compliance with:
  • Policies
  • Standards
  • Regulatory requirements (GDPR, HIPAA, PCI-DSS)

---

14. Common Cyber Attacks (Must Memorize)

• Phishing / Spear-phishing / Whaling
• DoS / DDoS attacks
• Man-in-the-middle (MITM)
• SQL injection / XSS
• Ransomware
• Zero-day exploits

Know: attack → threat → control to mitigate.

---

🎯 Exam Tips (Golden Rules)

• In CISA questions, auditors DO NOT perform operational security tasks (like patching). They evaluate controls.
• The best answer typically focuses on:
  ✓ Risk-based approach
  ✓ Governance & management-level controls
  ✓ Policies > Procedures
  ✓ Preventive > Detective > Corrective (if choosing best control)
• When asked “What should the IS auditor do FIRST?”
  → Answer typically involves understanding, reviewing, or risk assessment, NOT execution.

---

Define the audit scope and objectives for a CISA cybersecurity audit

The audit scope for a CISA cybersecurity audit defines the boundaries and extent of the evaluation, specifying which systems, networks, processes, and organizational units will be covered. It includes identifying the IT infrastructure components that will be assessed, such as network security, application security, data handling, access controls, and compliance with relevant regulations. The scope is risk-based and aligned with business and regulatory requirements to focus on areas of highest risk and importance.

The audit objectives clarify why the audit is conducted and what it aims to achieve. Common objectives include identifying vulnerabilities and weaknesses in cybersecurity controls, evaluating the effectiveness of existing security measures, ensuring compliance with laws and standards (e.g., GDPR, HIPAA, ISO 27001), assessing incident response preparedness, and verifying that information assets are adequately protected from unauthorized access, disclosure, alteration, or destruction. Objectives should align with the organization's cybersecurity and protection goals and be realistically limited to a manageable scope.

In summary:

- Audit Scope: Specifies the systems, processes, and locations included in the audit, based on risk assessment and compliance needs.

- Audit Objectives: Defines the purpose such as vulnerability detection, control effectiveness evaluation, regulatory compliance, risk reduction, and security assurance.

This clear definition guides the audit planning and execution phases to ensure focused, effective cybersecurity assessment by CISA auditors 

Feel free 🆓 to discuss with me if you have any questions ‼️ Call or Text on 9773464206

www.gmsisuccess.in

Strategic Management with MCQ questions ‼️

📘 STRATEGIC PLANNING — BULLET POINT NOTES (US CMA PART 1)

---

1. Analysis of External & Internal Factors Affecting Strategy

A. External Environment Analysis

These factors are outside the organization’s control but influence strategic direction.

1. PEST / PESTEL Analysis

• Political: regulations, taxes, trade policies, government stability.
• Economic: inflation, interest rates, GDP growth, exchange rates.
• Social: demographics, education levels, customer preferences, culture.
• Technological: automation, innovation rate, digital disruption.
• Environmental: sustainability, climate risk, resource shortages.
• Legal: labor laws, data protection laws, compliance requirements.

2. Industry & Competitive Forces (Porter’s Five Forces)

• Threat of new entrants — barriers to entry, capital needs, brand loyalty.
• Threat of substitutes — alternative products/services.
• Supplier power — availability of inputs, switching costs.
• Buyer power — customer concentration, price sensitivity.
• Competitive rivalry — industry growth rate, competitive intensity.

3. Market & Customer Analysis

• Market size and growth
• Customer segments
• Trends and future demand
• Competitor offerings

---

B. Internal Environment Analysis

Identifies the firm’s strengths & weaknesses.

1. Resource-Based View (RBV)

• Tangible resources: assets, equipment, cash, factories.
• Intangible resources: brand, patents, reputation, technology.
• Capabilities: processes, skills, culture, management systems.

2. VRIO Framework (Value, Rarity, Imitability, Organization)

A resource creates sustainable competitive advantage if:

• It is Valuable
• It is Rare
• It is Costly to Imitate
• The company is Organized to exploit it

3. Value Chain Analysis

• Primary activities: inbound logistics, operations, outbound logistics, marketing, service.
• Support activities: HR, technology, procurement, firm infrastructure.
• Helps detect cost drivers & areas to differentiate.

4. Internal Controls & Processes

• Efficiency of operations
• Cost structures
• Productivity and capacity
• Technology systems
• Governance and risk management

---

2. Long-Term Mission and Goals

Mission Statement

• Defines the organization’s core purpose, reason for existence, value to stakeholders.
• Should be clear, future-oriented, and inspirational.

Vision Statement

• Describes the desired future state (what the organization wants to become).
• Long-term direction for strategy.

Organizational Values

• Ethical principles
• Cultural priorities
• Behavior expectations

Long-Term Goals (Strategic Goals)

• Derived from mission and vision
• Set for 3–5 years or more
• Examples:
  • Market share growth
  • Cost leadership
  • Innovation leadership
  • Expanding into new markets
  • Long-term financing or capital structure targets

SMART Framework for goal setting

• Specific
• Measurable
• Achievable
• Relevant
• Time-bound

---

3. Alignment of Tactics with Long-Term Strategic Goals

Hierarchy of Planning

1. Mission & Vision (Top level)
2. Long-term strategy (Corporate/Business strategy)
3. Tactical plans (1–2 years)
4. Operational plans (Daily/weekly/monthly)

How Alignment is Ensured

• Every department plan must support overall strategic objectives.
• KPIs should be linked to strategic goals through a Balanced Scorecard (BSC).
• Budgeting must reflect strategic priorities (e.g., capital budgeting).
• Resource allocation must favor strategic initiatives.

Examples of Alignment

• Strategic goal: market expansion → Tactical plan: launch new product line.
• Strategic goal: cost leadership → Tactical plan: implement lean production.
• Strategic goal: digital transformation → Tactical plan: upgrade ERP system.

---

4. Strategic Planning Models & Analytical Techniques

A. Common Planning Models

1. SWOT Analysis

• Strengths (internal)
• Weaknesses (internal)
• Opportunities (external)
• Threats (external)

2. Porter’s Generic Strategies

• Cost leadership
• Differentiation
• Focus (niche)

3. Balanced Scorecard (BSC)

Four perspectives:

• Financial
• Customer
• Internal Processes
• Learning & Growth
  Used to align activities with long-term strategy.

4. Scenario Planning

• Creates optimistic, pessimistic, and expected scenarios.
• Helps in uncertainty and risk management.

5. Growth Strategies (Ansoff Matrix)

• Market penetration
• Market development
• Product development
• Diversification

B. Analytical Techniques

• Trend analysis
• Benchmarking
• Break-even analysis
• Sensitivity analysis
• Predictive analytics
• Ratio analysis
• Cost-benefit analysis

---

5. Characteristics of a Successful Strategic-Planning Process

Key Characteristics

• Top management commitment
• Clear mission and vision
• Data-driven decision making (internal + external analysis)
• Cross-functional participation
• Realistic and financially viable goals
• Effective communication throughout the organization
• Continuous monitoring and performance measurement
• Flexibility and adaptability to change
• Integration with budgeting and performance evaluation
• Alignment with risk management and internal controls

Outcome Indicators of Successful Planning

• Achievement of objectives
• Strong competitive position
• Sustainable profitability
• Improved operational efficiency
• Better resource allocation
• Employee engagement and strategic clarity

---

www.gmsisuccess.in

---

1. Meaning of Strategic Management

• Process of defining long-term direction and allocating resources to achieve organizational goals.
• Integrates analysis, formulation, implementation, and control.
• Focuses on sustainable competitive advantage.

---

2. Levels of Strategy

Corporate Level

• Decisions on overall scope, long-term growth, mergers, diversification.

Business Level

• How a business competes within a particular industry.
• Includes differentiation, cost leadership, focus strategies.

Functional Level

• Departmental strategies (marketing, HR, finance, production).

---

⭐ 3. External Environment Analysis (Macro) – PESTEL

• P – Political: regulations, taxes, government stability.
• E – Economic: inflation, interest rates, GDP, income levels.
• S – Social: demographics, lifestyle changes.
• T – Technological: innovation, automation, digital trends.
• E – Environmental: climate change, sustainability norms.
• L – Legal: labor laws, competition laws, compliance.

---

⭐ 4. Internal Environment Analysis

VRIO Framework

• V – Valuable resources create value.
• R – Rare resources not widely available.
• I – Inimitable resources difficult to copy.
• O – Organized to capture value.

Core Competencies

• Unique strengths that provide competitive advantage.

Value Chain Analysis (Porter)

• Primary Activities: inbound logistics, operations, outbound logistics, marketing & sales, service.
• Support Activities: HRM, procurement, tech development, infrastructure.

---

⭐ 5. Porter’s Five Forces Model

Used to analyze industry attractiveness & competitive intensity.

1. Threat of New Entrants

   • High when barriers to entry are low (low capital, weak regulation).

2. Bargaining Power of Suppliers

   • High when few suppliers or unique inputs.

3. Bargaining Power of Customers

   • High when customers are concentrated, price-sensitive.

4. Threat of Substitute Products

   • High when alternatives are affordable, easily available.

5. Industry Rivalry

   • Intense when many competitors, slow growth, high fixed costs.

---

⭐ 6. Generic Competitive Strategies (Porter)

• Cost Leadership: lowest cost in industry.
• Differentiation: unique features to charge premium price.
• Focus/Niche: target narrow segment with cost or differentiation focus.

---

⭐ 7. Ansoff Growth Matrix

• Market Penetration: increase share in existing markets.
• Market Development: new markets for existing products.
• Product Development: new products for existing markets.
• Diversification: new products + new markets.

---

⭐ 8. BCG Matrix (Boston Consulting Group Matrix)

Used to manage a portfolio of business units based on market share and market growth.

Category	Market Growth	Relative Market Share	Strategy
Stars	High	High	Invest for growth
Cash Cows	Low	High	Maintain, harvest profits
Question Marks	High	Low	Selective investment or divest
Dogs	Low	Low	Divest or reposition

---

⭐ 9. GE McKinsey Matrix (9-Cell Matrix)

• Dimensions: Industry Attractiveness vs. Business Unit Strength.
• Strategies:
  • Grow (high–high)
  • Select/Invest selectively (medium zones)
  • Harvest/Divest (low–low)

---

⭐ 10. SWOT Analysis

Internal:

• Strengths, Weaknesses

External:

• Opportunities, Threats

Basis for matching internal capabilities with external environment.

---

⭐ 11. Balanced Scorecard (BSC)

Performance measurement system with four perspectives:

• Financial
• Customer
• Internal Processes
• Learning & Growth

Aligns operations with long-term strategy.

---

⭐ 12. Strategic Planning Process

1. Define vision, mission, values.
2. Environmental scanning (external + internal).
3. Set long-term goals.
4. Formulate strategy.
5. Resource allocation.
6. Implementation.
7. Strategic control & performance monitoring.

---

⭐ 13. Strategic Implementation Issues

• Resistance to change.
• Lack of leadership.
• Poor communication.
• Insufficient resources.
• Misaligned structure or culture.

---

⭐ 14. Competitive Advantage

• Ability to outperform rivals consistently.
• Focus on unique value, cost advantage, or innovation.
• Must be valuable, rare, inimitable, non-substitutable.

---

www.gmsisuccess.in

---

⭐ BCG MATRIX – COMPLETE NOTES (US CMA Part 1)

(Boston Consulting Group Growth-Share Matrix)

The BCG Matrix is a portfolio analysis tool used to evaluate Strategic Business Units (SBUs) or product lines based on:

1. Market Growth Rate (Industry attractiveness) → HIGH / LOW
2. Relative Market Share (Competitive strength) → HIGH / LOW

It helps managers decide:
✔ Where to invest
✔ Where to grow
✔ Where to divest
✔ How to allocate resources

---

⭐ BCG Matrix Structure

BCG Quadrant	Market Growth	Market Share	Typical Strategy
Stars	High	High	Invest & grow
Cash Cows	Low	High	Maintain & harvest cash
Question Marks	High	Low	Selective investment or divest
Dogs	Low	Low	Harvest or divest

---

⭐ DESCRIPTION OF EACH QUADRANT

1. ⭐ Stars (High Growth, High Market Share)

• Leaders in a fast-growing market
• Need high investment to maintain leadership
• Potential future cash cows

Strategy:
✔ Invest for growth
✔ Expand capacity
✔ Maintain competitive advantage

---

2. 💰 Cash Cows (Low Growth, High Market Share)

• Industry growth slow but SBU dominates
• Generates steady cash with low investment needs
• Funds Stars & Question Marks

Strategy:
✔ Maintain leadership
✔ Maximize cash flow
✔ Cost efficiency

---

3. ❓ Question Marks (High Growth, Low Market Share)

• High market potential but weak competitive position
• Uncertain future → can become Star or Dog
• Require high investment

Strategy:
✔ Invest selectively where chances of leadership exist
✔ Otherwise divest

---

4. 🐶 Dogs (Low Growth, Low Market Share)

• Weak competitive position in a stagnant or shrinking market
• Low cash generation
• Often over-aged products

Strategy:
✔ Harvest (reduce investment)
✔ Liquidate/divest
✔ Do not invest further

---

⭐ How Companies Use the BCG Matrix

1. Resource allocation
2. Deciding which SBUs to grow or cut
3. Strategic planning (long-term)
4. Capital budgeting priorities
5. Monitoring product portfolio health

---

⭐ Critical Assumptions & Limitations of BCG Matrix

Assumptions

• Market share → profitability
• Market growth → investment need

Limitations

• Oversimplified (only 2 variables: market share & growth)
• Ignores synergies between SBUs
• Industry growth rate may not reflect attractiveness
• Relative market share may not always mean profitability
• Static snapshot – not dynamic

---

⭐ FORMULA USED (Important for CMA Exam)

Relative Market Share = (Firm’s Market Share) / (Largest Competitor’s Market Share)

If RMS > 1 → HIGH market share
If RMS < 1 → LOW market share

---

⭐ CASE STUDY 1 – SIMPLE (Easy to Understand)

Company: Nova Electronics Ltd.

It produces 4 product lines:

Product	Market Growth	Market Share	Category
Smartphones	High	High	?
Earbuds	High	Low	?
TVs	Low	High	?
MP3 Players	Low	Low	?

Classification Using BCG Matrix

1. Smartphones

• High growth + High market share
  → ⭐ Star

2. Earbuds

• High growth + Low market share
  → ❓ Question Mark

3. TVs

• Low growth + High market share
  → 💰 Cash Cow

4. MP3 Players

• Low growth + Low market share
  → 🐶 Dog

Strategic Recommendations

• Smartphones: Invest heavily to maintain leadership
• Earbuds: Evaluate potential → invest selectively
• TVs: Use profits to fund Stars and Question Marks
• MP3 Players: Stop investment & consider divestment

---

⭐ CASE STUDY 2 – ADVANCED (CMA-LEVEL)

Company: Global Foods Pvt. Ltd.

A diversified food company with the following SBUs:

SBU	Market Growth Rate	Market Share	Notes
Frozen Meals	15%	35%	Leader in growing market
Instant Noodles	2%	50%	Mature industry
Energy Drinks	18%	5%	Competing against strong global brands
Biscuits	1%	4%	Highly competitive, saturated market
Plant-Based Meat	20%	10%	New market, rising demand

BCG Analysis

---

1. Frozen Meals → ⭐ Star

• High market growth (15%)
• High relative market share (dominant at 35%)

Strategy:
✔ Continue investment
✔ Expand distribution
✔ Maintain competitive advantage

---

2. Instant Noodles → 💰 Cash Cow

• Low growth (2%)
• High market share (50%)

Strategy:
✔ Maximize profit
✔ Reduce unnecessary investment
✔ Use cash to fund growth markets

---

3. Energy Drinks → ❓ Question Mark

• High growth (18%)
• Low market share (only 5%)
• Competitors strong (Red Bull, Monster, etc.)

Strategy:
✔ Analyze feasibility of gaining share
✔ If branding or R&D can help → invest
✔ If gains unlikely → divest

---

4. Biscuits → 🐶 Dog

• Low growth (1%)
• Low market share (4%)

Strategy:
✔ Stop new investments
✔ Sell or discontinue product line

---

5. Plant-Based Meat → ❓ Question Mark (Potential Future Star)

• High growth (20%)
• Low share (10%)
• Market is emerging

Strategy:
✔ Invest more due to strong future potential
✔ Improve production efficiency
✔ Build brand loyalty early

---

⭐ Portfolio Strategy Based on BCG Matrix Outcome

• Heavy investment → Frozen Meals, Plant-based Meat
• Maintain & Harvest → Instant Noodles
• Selective investment → Energy Drinks
• Divest/Harvest → Biscuits

This allows optimal capital allocation and long-term profit maximization.

Below are 50 high-quality MCQs with answers and explanations covering Mission, Vision, Strategic Management Process, Organizational Values & Culture, BCG Matrix, Porter’s Five Forces, Product Differentiation & Cost Leadership, Cost Competitiveness, Core Competencies, SWOT, PESTEL, Balanced Scorecard, Stakeholder Analysis, aligned with US CMA Part 1 – Strategic Planning.

---

✅ MCQ QUESTIONS WITH ANSWERS (50 Questions)

(All answers are provided at the end of each question)

---

1. A mission statement primarily answers which question?

A. Where do we want to be in 10 years?
B. What is our purpose and reason for existence?
C. What are the strategic business units?
D. What are our future financial targets?
Answer: B

---

2. A vision statement primarily focuses on:

A. Long-term future aspirations
B. Current operations and purpose
C. Product design decisions
D. Departmental budgets
Answer: A

---

3. Which of the following is not part of the strategic management process?

A. Strategy formulation
B. Strategy implementation
C. Strategy evaluation
D. Operational troubleshooting
Answer: D

---

4. Organizational values serve to:

A. Establish moral principles and decision guidelines
B. Define market share targets
C. Allocate budgets
D. Create marketing slogans
Answer: A

---

5. A strong organizational culture usually results in:

A. Higher employee turnover
B. Better alignment with strategy
C. More bureaucratic barriers
D. Lower motivation levels
Answer: B

---

6. In the BCG Matrix, a business unit with high market growth and high market share is:

A. Dog
B. Question Mark
C. Cash Cow
D. Star
Answer: D

---

7. In the BCG Matrix, which unit generates excess cash but has low growth?

A. Star
B. Cash Cow
C. Dog
D. Question Mark
Answer: B

---

8. According to Porter’s Five Forces, the threat of substitutes increases when:

A. Switching costs are high
B. Customers are loyal
C. Alternatives are readily available
D. Products are unique
Answer: C

---

9. A cost leadership strategy focuses on:

A. Providing standard products at the lowest cost
B. Offering highly unique products
C. Charging premium prices
D. Reducing value chain activities
Answer: A

---

10. Product differentiation allows firms to:

A. Achieve the lowest cost
B. Increase prices due to unique value
C. Eliminate competition entirely
D. Remove need for marketing
Answer: B

---

11. Cost competitiveness refers to a firm’s ability to:

A. Offer the cheapest product in the market
B. Manage cost structure efficiently
C. Focus only on cost reduction
D. Ignore quality
Answer: B

---

12. Core competencies must be:

A. Easy to imitate
B. Central to competitive advantage
C. Unrelated to customers
D. Short-term skills
Answer: B

---

13. SWOT analysis classifies internal factors as:

A. Opportunities and threats
B. Strengths and weaknesses
C. Profit and loss
D. Vision and mission
Answer: B

---

14. PESTEL analysis includes all except:

A. Technological
B. Legal
C. Ethical
D. Political
Answer: C
(Ethical is not part of standard PESTEL: Political, Economic, Social, Technological, Environmental, Legal)

---

15. Balanced Scorecard financial perspective includes:

A. Customer retention
B. ROI and revenue growth
C. Employee skills
D. Process efficiency
Answer: B

---

16. Stakeholder analysis determines:

A. Product prices
B. Key stakeholders’ needs and influence
C. Employee salary levels
D. Marketing strategies only
Answer: B

---

17. A mission statement should NOT include:

A. Purpose
B. Core values
C. Detailed financial forecast
D. Products/services
Answer: C

---

18. Which best describes strategy evaluation?

A. Choosing new markets
B. Monitoring performance and taking corrective action
C. Hiring employees
D. Setting vision
Answer: B

---

19. In Porter’s Five Forces, supplier power increases when:

A. Many suppliers exist
B. Switching suppliers is easy
C. Inputs are unique
D. Customers are powerful
Answer: C

---

20. A “Dog” business unit should typically be:

A. Expanded
B. Harvested or divested
C. Increased in investment
D. Merged with stars
Answer: B

---

21. Which is a characteristic of low-cost leadership?

A. Superior design innovation
B. High economies of scale
C. Expensive materials
D. Custom solutions
Answer: B

---

22. A firm uses unique packaging and branding. It is pursuing:

A. Focus strategy
B. Differentiation strategy
C. Cost leadership
D. Market penetration
Answer: B

---

23. A core competency must contribute directly to:

A. Short-term sales
B. Customer value
C. Asset depreciation
D. IT budgets
Answer: B

---

24. Which element belongs to the internal environment?

A. Government regulation
B. Organizational culture
C. Economic inflation
D. Technological trends
Answer: B

---

25. A company’s values guide:

A. Ethical behavior and decision-making
B. Organizational structure
C. Supply chain design
D. Tax planning
Answer: A

---

26. PESTEL “Environmental” factor includes:

A. Company’s carbon emission policies
B. Hiring rules
C. Employee bonuses
D. Customer satisfaction
Answer: A

---

27. Balanced Scorecard’s customer perspective focuses on:

A. Return on assets
B. Market share and satisfaction
C. Learning capacity
D. Employee training
Answer: B

---

28. Competitive rivalry is intense when:

A. Industry growth is high
B. Exit barriers are low
C. Many equal-sized competitors exist
D. Products are highly differentiated
Answer: C

---

29. A company that competes in niche markets using cost strategy follows:

A. Broad differentiation
B. Focused cost leadership
C. Cost leadership
D. Hybrid strategy
Answer: B

---

30. Strategy formulation includes:

A. Setting goals and selecting strategies
B. Monitoring employee performance
C. Daily scheduling
D. Customer complaints handling
Answer: A

---

31. Industry attractiveness is part of which analysis tool?

A. SWOT
B. BCG
C. Porter’s Five Forces
D. Balanced Scorecard
Answer: C

---

32. Which BSC perspective captures innovation and employee education?

A. Financial
B. Customer
C. Internal process
D. Learning & growth
Answer: D

---

33. Vision statements should be:

A. Quantified and measurable
B. Inspirational and future-oriented
C. Focused on internal operations only
D. Limited to financial goals
Answer: B

---

34. A “Question Mark” in BCG requires:

A. No further investment
B. Careful investment decisions
C. Immediate divestment
D. Cost-cutting
Answer: B

---

35. In SWOT analysis, “Threat” example is:

A. Strong brand
B. Skilled workforce
C. New competitors
D. New product launch
Answer: C

---

36. High buyer power occurs when:

A. Products are unique
B. Switching costs are low
C. Few buyers exist
D. Buyers are dependent on the firm
Answer: B

---

37. Organizational culture is best described as:

A. Corporate accounting rules
B. Shared beliefs and norms
C. Marketing strategy
D. Outsourcing plans
Answer: B

---

38. Cost leadership risk includes:

A. Becoming too expensive
B. Obsolescence
C. Losing margins due to price wars
D. Over-innovation
Answer: C

---

39. Differentiation strategy risk is:

A. Product too standardized
B. Imitation by competitors
C. Low brand loyalty
D. Lower margins
Answer: B

---

40. Stakeholder with high power and high interest should be:

A. Ignored
B. Monitored
C. Closely managed
D. Kept satisfied only
Answer: C

---

41. In PESTEL, tax policies belong to:

A. Political
B. Economic
C. Legal
D. Social
Answer: A

---

42. Learning and growth BSC includes:

A. Employee skills & motivation
B. Net profit margin
C. Quality control
D. Customer churn
Answer: A

---

43. Which is a strength in SWOT?

A. Declining industry
B. Poor customer service
C. Strong distribution network
D. New tax laws
Answer: C

---

44. Strategic planning begins with:

A. Implementation
B. Mission and vision
C. Budgeting
D. KPI measurement
Answer: B

---

45. Which is an external factor?

A. Employee turnover
B. New government regulations
C. Machinery efficiency
D. Company culture
Answer: B

---

46. High market share & low growth indicates:

A. Dog
B. Star
C. Cash Cow
D. Question Mark
Answer: C

---

47. Strategic control includes:

A. Monitoring environment changes
B. Selecting suppliers
C. Organizing staff schedules
D. Setting manufacturing plans
Answer: A

---

48. Core competency example:

A. Temporary price discount
B. Efficient supply chain
C. High turnover
D. Changing supplier contracts
Answer: B

---

49. Which force increases when customers can switch easily?

A. Threat of new entrants
B. Buyer bargaining power
C. Supplier power
D. Industry competition
Answer: B

---

50. Balanced Scorecard converts strategy into:

A. Financial statements
B. Operational metrics and performance measures
C. Legal compliance rules
D. HR policies
Answer B