Domain 1 Flashcards

1
Q

Risk that an activity would pose if no controls were in place (Risk BEFORE controls)

A

Inherent Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Role of IS Auditor in CSA process

A

Facilitator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is hash totals a preventative or detective control

A

Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Role of IS audit function is established by?

A

audit charter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An audit charter is approved by

A

senior management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When is it appropriate for an audit charter to change?

A

only if it can be thoroughly justified; It is not meant to change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of testing requires gathering evidence to evaluate the integrity of data, transaction, or other information?

A

Substantive Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Compliance testing sampling method that is more effective (attribute vs variable)

A

Attribute sampling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

most important success factor for CSA

A

line management involvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Risk assessment is (subjective or objective)

A

subjective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Overarching document that covers the entire scope of activities in an entity

A

audit charter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

focused on a particular audit exercise that is sought to be initiated by an organization

A

engagement letter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

backup procedures are which type of control (preventative or corrective)

A

corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Probability of an event occurring
and
its consequences

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

describe the authority and responsibilities of the audit department

A

audit charter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Testing that checks for the presence of controls

A

Compliance Testing

17
Q

Testing that checks for the integrity of control contents

A

Substantive Testing

18
Q

first step of risk assessment

A

identify assets

19
Q

online audit technique that is most effective for the early detection of errors or irregularities

A

audit hook

20
Q

primary objective of IS Audit function

A

determine whether information systems safeguard assets and maintain data integrity

21
Q
  1. Identify Assets
  2. Identify Risk (Threat or Vulnerability)
  3. Impact Analysis (Qualitative or Quantitative)
  4. Prioritize risk (based on Impact)
  5. Evaluate/ choose the best controls
  6. Apply controls
A

6 Steps of Risk Assessment

22
Q

Risks that are not in our control.

i.e. Earthquake, Fire, Hackers, Malware, System Failure, Criminals

A

Threat

23
Q

Weakness that is in our control.

i.e. weak coding, missing anti-virus, weak access controls

A

Vulnerability

24
Q

Risk that remains after controls are implemented (Risk AFTER Controls) “Residue”

A

Residual Risk

25
Q

Risk that auditors will not detect material misstatement in financial statements

A

Detection Risk

26
Q

Risk that a material misstatement occurs but is not detected, corrected, or prevented by internal controls

A

Control Risk

27
Q

inherent risk * control risk * detection risk

A

Audit Risk

28
Q

What establishes the IS Audit function?

A

Audit Charter

29
Q

Who approves the Audit Charter?

A

Top Management/ Highest level of management

30
Q

What is included in the audit charter?

A

Authority, Scope, and Responsibilities of the Audit Function

31
Q

What influences the auditors decisions/responsibilities/ roles within the audit?

A

Audit Charter

32
Q

How often should the audit charter change?

A

It should NOT change. If it does, it has to be thoroughly justified.

33
Q

Are these included in the audit charter?
-audit calendar, audit planning, yearly resource allocation, routine audit activities (professional fees and travel expenses/ budgets

A

NO, they change too often and are not aligned with the “authority, scope, or responsibilities of the audit function”