Chapter 1 Terms

Question 1

Administrative Audit

Answer 1

An audit oriented to assess issues related to the efficiency of operational productivity within an organization

Question 2

Attribute Sampling

Answer 2

Generally applied in Compliance Testing situations and deals with the presence or absence of the attribute and provides conclusions that are expressed in rates of incidence

Question 3

Audit Charter

Answer 3

An overarching document that covers the entire scope of audit activities in an entity

Question 4

Audit Documentation

Answer 4

The necessary evidence supporting the conclusions reached and should be clear, complete, easily retrievable and sufficiently comprehensible

Question 5

Audit Methodology

Answer 5

A set of documented audit procedures designed to achieve planned audit objectives

Question 6

Audit Program

Answer 6

A step-by-step set of audit procedures and instructions that should be performed to complete an audit

Question 7

Audit Report

Answer 7

The end product of the IS audit work, which are used by the IS auditor to report findings and recommendations to management

Question 8

Audit Risk

Answer 8

The risk that information may contain a material error that may go undetected during the course of the audit

Question 9

Audit Universe

Answer 9

Ideally lists all of the processes that may be considered for audit

Question 10

COBIT 5

Answer 10

Provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT

Question 11

Compliance Audit

Answer 11

An audit that includes specific tests of controls to demonstrate adherence to specific regulatory or industry standards

Question 12

Compliance Testing

Answer 12

Evidence gathering for the purpose of testing an organization’s compliance with control procedures

Question 13

Confidence Coefficient

Answer 13

A percentage expression of the probability that the characteristics of the sample are a true representation of the population

Question 14

Continuous Auditing

Answer 14

A method to automatically perform control and risk assessments on a more frequent basis that changes the audit paradigm from periodic reviews of a sample of transactions to ongoing audit testing of 100% of transactions and becomes an integral part of modern auditing at many levels

Question 15

Control Objectives

Answer 15

Statements of the desired result or purpose to be achieved by implementing control activities (procedures)

Question 16

Control Risk

Answer 16

The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls

Question 17

Control Self-Assessment (CSA)

Answer 17

An assessment of controls made by the staff and management of the unit or units involved

Question 18

CSA Approach

Answer 18

Emphasizes management and accountability over developing and monitoring internal controls of an organization’s sensitive and critical business processes

Question 19

Detection Risk

Answer 19

The risk that material errors or misstatements that have occurred will not be detected by the IS auditor

Question 20

Difference Estimation

Answer 20

A statistical model used to estimate the total difference between audited values and book values based on differences obtained from sample observations

Question 21

Discovery Sampling

Answer 21

A sampling model that can be used when the expected occurrence rate is extremely low

Question 22

Engagement Letter

Answer 22

Focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind

Question 23

Evidence

Answer 23

Any information used by the IS auditor to determine whether the entity or data being audited follows the established criteria or objectives and supports audit conclusions

Question 24

Executive Summary

Answer 24

An easy-to-read, concise report that presents findings to management in an understandable manner

Question 25

Expected Error Rate

Answer 25

An estimate stated as a percent of the errors that may exist

Question 26

Financial Audit

Answer 26

An audit to assess the accuracy of financial reporting

Question 27

Forensic Audit

Answer 27

An audit specialized in discovering, disclosing and following up on fraud and crimes

Question 28

Generalized Audit Software (GAS)

Answer 28

Standard software that has the capability to directly read and access data from the various database platforms, flat-file systems and ASCII formats

Question 29

Inherent Risk

Answer 29

The risk level or exposure of the process/entity to be audited without taking into account the controls that management has implemented

Question 30

Integrated Audit

Answer 30

An audit that combines financial and operational audit steps

Question 31

Integrated Auditing

Answer 31

The process whereby appropriate audit disciplines are combined to assess key internal controls over an operation, process or entity

Question 32

Internal Control(s)

Answer 32

Composed of policies, procedures, practices and organizational structures that are implemented to reduce risk to the organization

Question 33

IS Audit

Answer 33

The formal examination, interview and/or testing of information systems to determine whether:

(1) Information systems are in compliance with applicable laws, regulations, contracts and/or industry guidelines
(2) IS data and information have appropriate levels of confidentiality, integrity and availability
(3) IS operations are being accomplished efficiently and effectiveness targets are being met

Question 34

IS Control Objectives

Answer 34

Provide a complete set of high-level requirements to be considered by management for effective control of each IT process

Question 35

Level of Risk

Answer 35

Equal to one minus the Confidence Coefficient

Question 36

Long-Term Planning

Answer 36

Audit plans that will take into account risk- related issues regarding changes in the organization’s IT strategic direction that will affect the organization’s IT environment

Question 37

Operational Audit

Answer 37

An audit designed to evaluate the internal control structure in a given process or area

Question 38

Overall Audit Risk

Answer 38

The probably that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred

Question 39

Population Standard Deviation

Answer 39

Measures the relationship to the normal distribution

Question 40

Precision

Answer 40

Represents the acceptable range difference between the sample and the actual population

Question 41

Risk

Answer 41

The combination of the probability of an event and its consequence
AND
Adverse impact(s) that could occur to organizational operations, organizational assets, individuals, other organizations due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems

Question 42

Risk Acceptance

Answer 42

Knowingly and objectively not taking action, providing the risk clearly satisfies the organization’s policy and criteria

Question 43

Risk Analysis

Answer 43

Part of audit planning and helps identify risk and vulnerabilities so the IS auditor can determine the controls needed to mitigate risk

Question 44

Risk Assessment

Answer 44

An iterative life cycle that begins with identifying business objectives, information assets, and the underlying systems or information resources that generate, store, use or manipulate assets critical to achieving these objectives

Question 45

Risk Avoidance

Answer 45

Avoiding risk by not allowing actions that would cause the risk to occur

Question 46

Risk Mitigation

Answer 46

Applying appropriate controls to reduce the risk

Question 47

Risk Transfer/Sharing

Answer 47

Transferring the associated risk to other parties

Question 48

Sample

Answer 48

The subset of population members used to perform testing

Question 49

Sample Mean

Answer 49

The sum of all sample values, divided by the size of the sample. Measures the average value of the sample

Question 50

Sample Standard Deviation

Answer 50

Computes the variance of the sample values from the mean of the sample

Question 51

Short-Term Planning

Answer 51

Audit issues that will be covered during the year

Question 52

Specialized Audit

Answer 52

An audit that reviews areas such as services being performed by third parties

Question 53

Stop-or-go Sampling

Answer 53

A sampling model that helps prevent excessive sampling of an attribute by allowing an audit test to be stopped at the earliest possible moment

Question 54

Stratified Mean per Unit

Answer 54

A statistical model in which the population is divided into groups and samples are drawn from the various groups

Question 55

Substantive Testing

Answer 55

Evidence is gathered to evaluate the integrity of individual transactions, data or other information

Question 56

Tolerable Error Rate

Answer 56

The maximum misstatement or number of errors that can exist without an account being materially misstated

Question 57

Traditional Approach

Answer 57

Any approach in which the primary responsibility for analyzing and reporting on internal control and risk is assigned to auditors, and to a lesser extent, controller departments and outside consultants

Question 58

Unstratified Mean per Unit

Answer 58

A statistical model in which a sample mean is calculated and projected as an estimated total

Question 59

Utility Software

Answer 59

A subset of software that provides evidence to auditors about system control effectiveness

Question 60

Variable Sampling

Answer 60

Generally applied in Substantive Testing situations and deals with population characteristics that vary (such as monetary values and weights) and provides conclusions related to deviations from the norm