Domain 1 - IS Audit Planning & Execution Flashcards

1
Q

What is the steps in IS Audit Process?

A

1) Planning
2) Perform risk assessment
3) Prepare audit program
4) Perform preliminary controls review of audit area or subject to assess initial control risk & materiality
5) Evaluate the audit area or subject
6) Gather evidence
7) Perform compliance testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Detection Risk?

A

The risk that material errors or misstatements will not be detected by the auditor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Control Risk?

A

The risk that material error exists that would not be prevented or detected on a timely basis by the system of internal controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Inherent Risk?

A

The risk that a material error could occur, assuming no related internal controls to prevent or detect the error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Audit Risk?

A

The risk that:
1) information or financial reports may contain material errors; or
2) IS auditor may not detect an error that has occurred; or
3) It is also the level of risk an auditor is prepared to accept during an audit engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Audit Program should include?

A

Scope, audit objectives, audit procedures, & administrative details such as planning & reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Definition of Internal Controls

A

Internal controls are developed to provide reasonable assurance that a company’s business objectives will be achieved & undesired risk events will be prevented, detected & corrected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Definition of Control Objectives

A

Control Objectives specify minimum set of controls necessary to ensure efficiency & effectiveness. It determines how an internal control should function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Definition of Control Procedures

A

Control Procedures are developed to provide reasonable assurance that specific objectives will be achieved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Audit Charter should be approved by?

A

Audit Committee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Primary purpose of IT Forensic Audit?

A

Systematic collection & analysis of evidence after a system irregularity. The evidence collected can then used in judicial proceedings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

First step in IS audit planning phase

A

Development of risk assessment. This is to determine how an internal audit resources should be allocated to ensure all material items are addressed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the steps in Risk Management Process?

A

1) Identify Business Objectives (BO)
2) Identify Information Assets supporting the BO
3) Perform Risk Assessment - Threats, Vulnerability & Impact
4) Risk Mitigation - map risk items with controls in place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is attribute sampling?

A

Attribute sampling attempts to estimate the rate of occurrence of a specific quality (attribute) in a population & is used in compliance testing to confirm whether the quality exists. It is appropriate for testing true or false, correct or incorrect function questions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Benefit of Control Self-Assessment (CSA)?

A

1) reinforce management’s ownership of internal controls
2) ensures that internal controls continue to enforce business objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Stratified Random Sampling?

A

Stratification is the process of dividing a population into subpopulations with similar characteristics explicitly defined, so that each sampling unit can belong to only 1 stratum. This ensures all sampling units in each subgroup have a known, nonzero chance of selection - in other words, gets picked for each subgroup!

It is most appropriate for testing automated invoice authorization.

17
Q

Difference between Corrective & Detective controls

A

Corrective controls are designed to correct errors, omissions & unauthorized uses & intrusions, when detected. This provides a mechanism to detect when malicious events have happened & correct the situation.

While Detective controls exist to detect & report when errors, omissions & unauthorized uses or entries occur.

18
Q

What is Functional Acknowledgement in EDI?

A

It is a type of message that contains information about status of received messages between 2 trading partners such as whether it was accepted, rejected or if there were any errors or exceptions.

It is one of the main controls used in data mapping. It act as an audit trail for EDI transactions.

19
Q

What is the greatest risk in EDI environment?

A

Lack of authorization is the greatest risk in EDI environment because the interaction between parties is electronic, there is no inherent authentication occurring.

20
Q

What is a Checksum?

A

It is also known as “hashes” & the way it identifies modification is through comparison of the original hash value & the received data’s hash value.

A checksum that is calculated on an amount field & included in EDI communication can be used to identify unauthorized modifications (INTEGRITY).

21
Q

What is Table Lookups?

A

It is a preventive controls; input data are checked against predefined tables, which prevent any undefined data to be entered

22
Q

What is Check Digit?

A

It is a numeric value that has been calculated mathematically & is added to data to ensure that original data have not been altered or that an incorrect but valid, match has occurred.

The check digit control is effective in detecting transposition & transcription errors.

23
Q

What is Walk-through Test?

A

Walk-through test usually include combination of inquiry, observation, inspection of relevant documentation & reperformance of controls.

It reviews the process from start to finish to gain thorough understanding of the overall process & identify potential control weaknesses.

24
Q

What is Regression Testing?

A

Regression tests are used to test new versions of software to ensure previous changes & functionality are not inadvertently overwritten or disabled by new changes.

25
Q

What is computer log files?

A

Computer logs record activities of individuals during their access to a computer system or data file & record any abnormal activities such as the modification or deletion of data.

26
Q

Primary benefit of Continuous Auditing

A

Enables a real-time feed of information to management through automated reporting processes so that management may implement corrective actions more quickly.

27
Q

When should Audit Scope be determine?

A

Audit scope is established at the client audit initiation meeting