Doshi Domain 1

Question 1

For compliance testing which sampling method is more useful ?

(a) Variable Sampling (b) Attribute Sampling

Answer 1

(b) Attribute Sampling

Question 2

A rerun procedure is an example of:

(a)Preventive controls Or (b) Corrective controls

Answer 2

(b) Corrective controls

Question 3

Purpose of CSA is to:

(a) enhance the audit responsibilities or (b) replace the audit function.

Answer 3

(a) enhance the audit responsibilities

Question 4

Internal Audit function should be __________ and report directly to Audit Committee or board of director.

Answer 4

Independent

Question 5

For higher confidence coefficient sample size should be (a) high or (b) low

Answer 5

(a) high

Question 6

__________ is a weakness or gap in our protection efforts. It can be in form of weak coding, missing anti-virus, weak access control and other related factors. It can be controlled by us.

(a)vulnerability or (b) threat

Answer 6

(a)vulnerability

Question 7

An IS auditor should use statistical sampling and not judgment (non-statistical) sampling, when:

Answer 7

the probability of error must be objectively quantified.

Question 8

What should be role of an IS auditor in a control self-assessment (CSA) process?

Answer 8

As a facilitator

Question 9

A contingency planning is an example of:

(a)Preventive controls Or (b) Corrective controls

Answer 9

(b) Corrective controls

Question 10

In __________ testing we gather evidence with the objective of testing an organization’s compliance with control procedures.

(a)Compliance testing Or (b) Substantive testing

Answer 10

(a)Compliance testing

Question 11

For substantive testing which sampling method is more useful ?

(a) Variable Samplingor (b)Attribute Sampling

Answer 11

(a) Variable Sampling

Question 12

Audit Charter should include detailed yearly audit calendar, audit planning, yearly resource allocation and other routine audit activities.

True or False

Answer 12

FALSE

Question 13

What are the objective of control self assessment?

Answer 13

THREAT

Question 14

Which of the following is an objective of a control self-assessment (CSA) program?

(a) Concentration on areas of high risk Or (b) Replacement of audit responsibilities

Answer 14

(a) Concentration on areas of high risk

Question 15

Which of the following online auditing techniques is most effective for the early detection of errors or irregularities?

(a) Embedded audit module Or (b) Audit hooks

Answer 15

(b) Audit hooks

Question 16

The PRIMARY purpose of an audit charter is to:
(a) describe the authority and responsibilities of the audit department. Or (b) formally document the audit department’s plan of action.

Answer 16

(a) describe the authority and responsibilities of the audit department.

Question 17

Risk is the combination of __________ of occurrence of an event and its __________.

Answer 17

Risk is the combination of probability of occurrence of an event and its consequences.

Question 18

Which testing involves checking the details of the transactions?

(a) Compliance testing or (b) Substantive testing

Answer 18

(b) Substantive testing

Question 19

The __________ ideally lists all of the processes that may be considered for the audit.

Answer 19

audit universe

Question 20

In __________ testing, we gather evidence to evaluate the integrity of data, a transaction or other information.

(a)Compliance testing Or (b) Substantive testing

Answer 20

(b) Substantive testing

Question 21

Risk that a misstatement could occur but may not be detected and corrected or prevented by entity’sinternal controlmechanism is called

Answer 21

Control Risk

Question 22

What are the objective of control self assessment?

(i)To concentrate on areas of high risk and (ii) To enhance control monitoring by functional staff.

Answer 22

.

Question 23

For compliance testing which sampling method is more useful ?

(a) Variable Sampling or (b) Attribute Sampling

Answer 23

(b) Attribute Sampling

Question 24

(i) Controls designed to correct the errors or irregularities that have been detected are known as __________.
(ii) Controls designed to prevent errors or irregularities from occurring are known as __________.
(iii) Controls designed to detect errors or irregularities that may have occurred are known as __________.
(iv) Controls that reduce the likelihood of a deliberate act to cause a loss or an error are known as __________.

Answer 24

(i) Controls designed to correct the errors or irregularities that have been detected are known as corrective controls.
(ii) Controls designed to prevent errors or irregularities from occurring are known as preventive controls.
(iii) Controls designed to detect errors or irregularities that may have occurred are known as detective controls.
(iv) Controls that reduce the likelihood of a deliberate act to cause a loss or an error are known as deterrent controls.

Question 25

First step of Risk Assessment is to (a) identify the risk or (b) identify the assets.

Answer 25

(a) Identify the Assets

Question 26

Sampling method to be used when the probability of error must be objectively quantified (i.e no subjectivity is involved).

Answer 26

Statistical sampling

Question 27

The risk that remainsafter controlsare taken into account (the net risk or risk after controls) is called:

Answer 27

Residual Risk

Question 28

A backup procedure is an example of:

(a)Preventive controls Or (b) Corrective controls

Answer 28

(b) Corrective controls

Question 29

The PRIMARY objective of an IS audit function is to:

(a) determine whether information systems safeguard assets and maintain data integrity Or (b) determine the ability of the organization to detect fraud.

Answer 29

(a) determine whether information systems safeguard assets and maintain data integrity

Question 30

The document used by the top management of organizations to delegate authority to the IS audit function is known as __________.

Answer 30

audit charter

Question 31

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

(a )A substantive test of program library controls
(b )A compliance test of program library controls
(c) A compliance test of the program compiler controls
(d) A substantive test of the program compiler controls

Answer 31

(b) A compliance test of program library controls

Question 32

__________ is a technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the organization’s risk management and control processes.

Answer 32

Control self-assessment (CSA)

Question 33

In any given scenario, compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents i.e. test of individual transactions.

True or False

Answer 33

TRUE

Question 34

An integrated test facility is considered a useful audit tool because it uses the programs to compare processing using independently calculated data.

True or False

Answer 34

TRUE

Question 35

(i) __________ sampling is used when an auditor is trying to determine whether a type of event has occurred, and therefore it is suited to assess the risk of fraud and to identify whether a single occurrence has taken place.
(ii) __________sampling is used when auditor believes that very few errors will be found. It prevents excessive sampling by allowing an audit test to be stopped at the earliest possible moment.

Answer 35

(i) Discovery sampling is used when an auditor is trying to determine whether a type of event has occurred, and therefore it is suited to assess the risk of fraud and to identify whether a single occurrence has taken place.
(ii) Stop-or-go-sampling is used when auditor believes that very few errors will be found. It prevents excessive sampling by allowing an audit test to be stopped at the earliest possible moment.

Question 36

Overall business risk for a particular threat can be expressed as:
(a) a product of the probability and impact. Or (b) probability of occurrence.

Answer 36

(a) a product of the probability and impact.

Question 37

An “Echo” message in telecommunications protocol is an example of

(a)Detective controls Or (b) Preventive controls

Answer 37

Detective controls

Question 38

It should be noted that __________ is an overarching document that covers the entire scope of audit activities in an entity while an __________ is more focused on a particular audit exercise that is sought to be initiated in an organisation.

Answer 38

It should be noted that an audit charter is an overarching document that covers the entire scope of audit activities in an entity while an engagement letter is more focused on a particular audit exercise that is sought to be initiated in an organisation.

Question 39

Use access control software that allows only authorized personnel to access sensitive files is an example of

(a) Preventive controls Or (b) Detective controls

Answer 39

(a) Preventive controls

Question 40

Risk assessment is:

(a) subjective or (b)objective.

Answer 40

(a) subjective.

Question 41

Audit Charter should be static in nature and should be changed only if change can be thoroughly justified.

True or False.

Answer 41

TRUE

Question 42

An audit charter should document the audit procedures designed to achieve the planned audit objectives.

True or False

Answer 42

FALSE

Question 43

__________ testing checks for the presence of controls whereas __________ testing checks the integrity of contents.

Answer 43

Compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents.

Question 44

What is the most important success factor for CSA?

Answer 44

Involvement of Line Management.

Question 45

An integrated test facility is considered a useful audit tool because it uses the sprograms to compare processing using independently calculated data.

True or False

Answer 45

TRUE

Question 46

Confidence coefficient is a probability that sample are true representation of the population.

(i) When internal controls are strong, confidence coefficient /sample size may be __________
(ii) When internal controls are weak, confidence coefficient /sample size need to be __________

Answer 46

(i) When internal controls are strong, confidence coefficient /sample size may be lowered.
(ii) When internal controls are weak, confidence coefficient /sample size need to be increased.