Doshi Domain 1 Flashcards
For compliance testing which sampling method is more useful ?
(a) Variable Sampling (b) Attribute Sampling
(b) Attribute Sampling
A rerun procedure is an example of:
(a)Preventive controls Or (b) Corrective controls
(b) Corrective controls
Purpose of CSA is to:
(a) enhance the audit responsibilities or (b) replace the audit function.
(a) enhance the audit responsibilities
Internal Audit function should be __________ and report directly to Audit Committee or board of director.
Independent
For higher confidence coefficient sample size should be (a) high or (b) low
(a) high
__________ is a weakness or gap in our protection efforts. It can be in form of weak coding, missing anti-virus, weak access control and other related factors. It can be controlled by us.
(a)vulnerability or (b) threat
(a)vulnerability
An IS auditor should use statistical sampling and not judgment (non-statistical) sampling, when:
the probability of error must be objectively quantified.
What should be role of an IS auditor in a control self-assessment (CSA) process?
As a facilitator
A contingency planning is an example of:
(a)Preventive controls Or (b) Corrective controls
(b) Corrective controls
In __________ testing we gather evidence with the objective of testing an organization’s compliance with control procedures.
(a)Compliance testing Or (b) Substantive testing
(a)Compliance testing
For substantive testing which sampling method is more useful ?
(a) Variable Samplingor (b)Attribute Sampling
(a) Variable Sampling
Audit Charter should include detailed yearly audit calendar, audit planning, yearly resource allocation and other routine audit activities.
True or False
FALSE
What are the objective of control self assessment?
THREAT
Which of the following is an objective of a control self-assessment (CSA) program?
(a) Concentration on areas of high risk Or (b) Replacement of audit responsibilities
(a) Concentration on areas of high risk
Which of the following online auditing techniques is most effective for the early detection of errors or irregularities?
(a) Embedded audit module Or (b) Audit hooks
(b) Audit hooks
The PRIMARY purpose of an audit charter is to:
(a) describe the authority and responsibilities of the audit department. Or (b) formally document the audit department’s plan of action.
(a) describe the authority and responsibilities of the audit department.
Risk is the combination of __________ of occurrence of an event and its __________.
Risk is the combination of probability of occurrence of an event and its consequences.
Which testing involves checking the details of the transactions?
(a) Compliance testing or (b) Substantive testing
(b) Substantive testing
The __________ ideally lists all of the processes that may be considered for the audit.
audit universe
In __________ testing, we gather evidence to evaluate the integrity of data, a transaction or other information.
(a)Compliance testing Or (b) Substantive testing
(b) Substantive testing
Risk that a misstatement could occur but may not be detected and corrected or prevented by entity’sinternal controlmechanism is called
Control Risk
What are the objective of control self assessment?
(i)To concentrate on areas of high risk and (ii) To enhance control monitoring by functional staff.
.
For compliance testing which sampling method is more useful ?
(a) Variable Sampling or (b) Attribute Sampling
(b) Attribute Sampling
(i) Controls designed to correct the errors or irregularities that have been detected are known as __________.
(ii) Controls designed to prevent errors or irregularities from occurring are known as __________.
(iii) Controls designed to detect errors or irregularities that may have occurred are known as __________.
(iv) Controls that reduce the likelihood of a deliberate act to cause a loss or an error are known as __________.
(i) Controls designed to correct the errors or irregularities that have been detected are known as corrective controls.
(ii) Controls designed to prevent errors or irregularities from occurring are known as preventive controls.
(iii) Controls designed to detect errors or irregularities that may have occurred are known as detective controls.
(iv) Controls that reduce the likelihood of a deliberate act to cause a loss or an error are known as deterrent controls.
First step of Risk Assessment is to (a) identify the risk or (b) identify the assets.
(a) Identify the Assets
Sampling method to be used when the probability of error must be objectively quantified (i.e no subjectivity is involved).
Statistical sampling
The risk that remainsafter controlsare taken into account (the net risk or risk after controls) is called:
Residual Risk
A backup procedure is an example of:
(a)Preventive controls Or (b) Corrective controls
(b) Corrective controls
The PRIMARY objective of an IS audit function is to:
(a) determine whether information systems safeguard assets and maintain data integrity Or (b) determine the ability of the organization to detect fraud.
(a) determine whether information systems safeguard assets and maintain data integrity
The document used by the top management of organizations to delegate authority to the IS audit function is known as __________.
audit charter
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
(a )A substantive test of program library controls
(b )A compliance test of program library controls
(c) A compliance test of the program compiler controls
(d) A substantive test of the program compiler controls
(b) A compliance test of program library controls
__________ is a technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the organization’s risk management and control processes.
Control self-assessment (CSA)
In any given scenario, compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents i.e. test of individual transactions.
True or False
TRUE
An integrated test facility is considered a useful audit tool because it uses the programs to compare processing using independently calculated data.
True or False
TRUE
(i) __________ sampling is used when an auditor is trying to determine whether a type of event has occurred, and therefore it is suited to assess the risk of fraud and to identify whether a single occurrence has taken place.
(ii) __________sampling is used when auditor believes that very few errors will be found. It prevents excessive sampling by allowing an audit test to be stopped at the earliest possible moment.
(i) Discovery sampling is used when an auditor is trying to determine whether a type of event has occurred, and therefore it is suited to assess the risk of fraud and to identify whether a single occurrence has taken place.
(ii) Stop-or-go-sampling is used when auditor believes that very few errors will be found. It prevents excessive sampling by allowing an audit test to be stopped at the earliest possible moment.
Overall business risk for a particular threat can be expressed as:
(a) a product of the probability and impact. Or (b) probability of occurrence.
(a) a product of the probability and impact.
An “Echo” message in telecommunications protocol is an example of
(a)Detective controls Or (b) Preventive controls
Detective controls
It should be noted that __________ is an overarching document that covers the entire scope of audit activities in an entity while an __________ is more focused on a particular audit exercise that is sought to be initiated in an organisation.
It should be noted that an audit charter is an overarching document that covers the entire scope of audit activities in an entity while an engagement letter is more focused on a particular audit exercise that is sought to be initiated in an organisation.
Use access control software that allows only authorized personnel to access sensitive files is an example of
(a) Preventive controls Or (b) Detective controls
(a) Preventive controls
Risk assessment is:
(a) subjective or (b)objective.
(a) subjective.
Audit Charter should be static in nature and should be changed only if change can be thoroughly justified.
True or False.
TRUE
An audit charter should document the audit procedures designed to achieve the planned audit objectives.
True or False
FALSE
__________ testing checks for the presence of controls whereas __________ testing checks the integrity of contents.
Compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents.
What is the most important success factor for CSA?
Involvement of Line Management.
An integrated test facility is considered a useful audit tool because it uses the sprograms to compare processing using independently calculated data.
True or False
TRUE
Confidence coefficient is a probability that sample are true representation of the population.
(i) When internal controls are strong, confidence coefficient /sample size may be __________
(ii) When internal controls are weak, confidence coefficient /sample size need to be __________
(i) When internal controls are strong, confidence coefficient /sample size may be lowered.
(ii) When internal controls are weak, confidence coefficient /sample size need to be increased.
