2. IS Auditing - Overview

Question 0

What is the basic point made by snowflake theory?

Answer 0

That every information system is unique

Question 1

What theory do Juergens and Maberry apply to information systems?

Answer 1

Snowflake Theory

Question 2

List ten different decisions that will impact on what an information system looks like when in operation.

Answer 2

Centrally based or distributed
Managed in-house or externally
Size of the organisation
Choice of operating system
Choice of hardware
Choice of software
Customisation of system
Empowerment of users
Development budget
Degree of innovation

Question 3

The risks related to information technology and information systems are static/dynamic?

Answer 3

Dynamic

Question 4

A factor of information systems risk is that, while individual risks may be low, when combined…

Answer 4

Their sum may be much greater

Question 5

List six generic WCGWs for an information system

Answer 5

Availability
Security
Integrity
Confidentiality
Effectiveness
Efficiency

Question 6

The first step when assessing IS risks is to…

Answer 6

Identify what could go wrong

Question 7

The second step when assessing IS risk is to consider whether the risks…

Answer 7

Are specific to one system or process, or pervasive

Question 8

The third step in a risk assessment of IS is to…

Answer 8

Use an appropriate risk assessment technique to help develop the audit plan.