Information Systems - Execution Flashcards

1
Q

WHAT audit technique would best help to identify payroll overpayments for the previous year?

A

Generalized audit software

i.e. features include mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking and re-computations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

WHAT would be considered highly reliable source of evidence for an IS auditor?

A

A confirmation letter received from a third party verifying an account balance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or False.

An IS auditor should always be considered a more reliable source of evidence than a confirmation letter from a third party.

A

True

WHY? - Because the letter is the result of an analysis of the process and may not be based on authoritative audit techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HOW would an IS auditor use source code comparison software in evaluating program change controls?

A

To examine source program changes without information from IS personnel

i.e. This provides the IS auditor an objective, independent and relatively complete assurance of program changes, because the source code comparison identifies the changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WHAT is the MAIN purpose of meeting with auditees prior to formally closing a review?

A

To gain agreement on the findings AND responses from management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

WHAT would best help an IS auditor identify whether there have been any unauthorized program changes since the last authorized program update?

A

Automated code comparison

i.e. the process of comparing two versions of the same program to determine whether the two correspond

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WHAT should an IS auditor do if they have reason to suspect fraud after their initial investigation?

A

Report the matter to the audit committee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What auditing technique should an IS auditor use to detect duplicate invoice records within an invoice master file?

A

Computer-assisted audit techniques

They enable the IS auditor to review the entire invoice file to look for those items that meet the selection criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the MAIN requirement that a data mining and auditing software tool should meet?

A

That it accurately captures data from the organization’s systems without causing excessive performance problems

i.e. The most critical requirement is that the tool works effectively on the systems of the organization being audited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

WHAT would BEST help an IS auditor analyze audit trails on critical servers to discover potential anomalies in user or system behavior?

A

Trend/variance detection tools

WHY? - Because they look for anomalies in user or system behavior, such as invoices with increasing invoice numbers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WHAT IS auditing technique would successfully identify overlapping key controls in business application systems?

A

Replacing manual monitoring with an automated auditing solution

i.e. this would help analysts discover unnecessary or overlapping key controls in existing systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What auditing method would best assist an IS auditor (concerned with fraud) in auditing controls over sales returns?

A

Discovery

I.e. An IS auditor should use the following method in trying to determine whether a type of event has occurred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

WHAT should be the first action of an IS auditor during a dispute with management over audit findings?

A

Revalidate the supporting evidence for the finding

Note: If, after revalidating and retesting, there are unsettled disagreements, those issues should be included in the report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

WHAT would be considered a “MOST” reliable support for testing employee access to a large financial system?

A

A list of accounts with access levels generated by the system

i.e. This evidence is objective, because it was generated by the system rather than by an individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What would testing the controls that support management policies and procedures help the IS Auditor determine?

A

THAT the control is operating as designed

i.e. IS auditors want reasonable assurance that the controls they are relying on are effective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

WHAT evidence would best help an IS Auditor validate a control involving a system-generated exception report?

A

A sample system-generated exception report for the review period, with follow-up action items noted by the reviewer

WHY? - Because there is documented evidence that the reviewer reviewed the exception report and took actions based on the exception report (i.e. evidence of the effective operation of the control)

17
Q

True or False.

If an IS Auditor discovers that that access reviews were not being performed as required by a service provider contract, they should perform a risk assessment.

A

FALSE.

The IS Auditor should report the issue to IT Management.

WHY? -Because if there are material issues that are of concern, they need to be reported to management in the audit report

18
Q

WHAT should the IT Auditor do when the auditee disagrees with a finding?

A

Discuss the finding with the IT auditor’s manager

Discussing this disagreement with IT auditor manager is the best course of action because other actions (i.e. discussing issue with the auditees’ manager) can weaken relationships with the auditee and auditor

19
Q

True or False.

An IT Auditor should FIRST inform Senior Management after identifying a finding.

A

FALSE.

The IT Auditor should first gain agreement on the finding

i.e. When agreement is obtained with the auditee, it implies the finding is understood and a clear plan of action can be determined

20
Q

WHAT is an important skill that an IS auditor should develop to understand the constraints of conducting an audit?

A

Project Management

i.e. Audits often involve resource management, deliverables, scheduling and deadlines that are similar to project management good practices