IS AUDIT

Question 1

Enumerate the four Audit Process

Answer 1

PLANNING
COMPLIANCE TESTING
SUBSTANTIVE TESTING
REPORTING

Question 2

The IS auditor and the auditee must establish a reason why an audit is to be performed.

Answer 2

Purpose

Question 3

To know which areas require the greatest amount of attention,
the IS auditor needs to be familiar with the levels of risk associated with the domain being audited.

Answer 3

Risk Analysis

Question 4

It could be a given period, meaning records spanning a start date and end date may comprise the body of evidence, geography (systems in a particular region or locale), technology (systems using a specific operating system, database, application, or other aspect), business process (systems that support specific processes such as accounting, order entry, or customer support), or segment of the organization.

Answer 4

scope

Question 5

There may be specific rules on sample sizes and sampling techniques, or it may require the auditors with specific qualifications to perform the audit. A

Answer 5

Audit procedures

Question 6

The IS auditor needs to develop an audit schedule that will
give enough time for interviews, data collection and analysis, and report generation.

Answer 6

Schedule

Question 7

The IS auditor must determine what resources are needed and available for the audit.

Answer 7

Resources

Question 8

Refers to the specific goals for an audit

Answer 8

Audit objectives

Question 9

This type of audit is an examination of IS controls, security controls, or business controls to determine control existence and
effectiveness.

Answer 9

Operational Audit

Question 10

This type of audit is an examination of the organization’s accounting system, including accounting department processes and procedures.

Answer 10

Financial Audit

Question 11

This type of audit combines an operational audit and a
financial audit in order for the auditor to gain a complete understanding
of the entire environment’s integrity

Answer 11

Integrated Audit

Question 12

This type of audit is a detailed examination of most or all of an IS
department’s operations.

Answer 12

IS Audit

Question 13

This type of audit is an examination of operational efficiency within some segment of the organization

Answer 13

Administrative Audit

Question 14

This type of audit is performed to determine the level
and degree of compliance to a law, regulation, standard, or internal control.

Answer 14

Compliance Audit

Question 15

This type of audit is usually performed by an IS auditor or a forensic specialist in support of an anticipated or active legal proceeding.

Answer 15

Forensic audit

Question 16

An examination of
business processes, IS systems, and business records in anticipation of an upcoming external audit.

Answer 16

Pre-audit

Question 17

This type of testing is used to determine if control procedures have been properly designed and implemented, and that they are operating properly

Answer 17

Compliance testing

Question 18

This type of testing is used to determine the accuracy and integrity of transactions that flow through processes and information systems

Answer 18

Substantive testing

Question 19

The information collected by the auditor during the course of the audit project.

Answer 19

Evidence

Question 20

Enumerate Characteristics of an IS Auditor

Answer 20

Independence
Qualifications
Objectivity
Timing

Question 21

Refers to the technique that is used when it is not feasible to test an entire population of transactions.

Answer 21

Sampling

Question 22

A technique of random selection is used that
will statistically reflect the entire population

Answer 22

Statistical Sampling

Question 23

In this type of sampling the IS auditor judgmentally and subjectively selects samples based on established criteria such as risk or materiality.

Answer 23

Judgmental Sampling

Question 24

Used to calculate an average by group, similar to demographics, whereby the entire population is divided into smaller groups based on similar characteristics

Answer 24

Stratified Sampling

Question 25

The precision rate indicates the acceptable margin of error between audit samples and the total quantity of the subject population.

Answer 25

Precision or Expected Error Rate

Question 26

Used to determine the difference between audited and unaudited
claims of value.

Answer 26

Difference Estimation

Question 27

Used to indicate the maximum number of errors that can exist
without declaring a material misstatement.

Answer 27

Tolerable error rate

Question 28

Any act of deception used to gain an advantage. the intentional deception made for personal gain or damage to another party.

Answer 28

Fraud

Question 29

Established as a dollar amount threshold that is calculated in one of several possible ways

Answer 29

Materiality

Question 30

The term that
describes the action taken to address a risk.

Answer 30

Risk Treatment

Question 31

This involves making changes to processes, procedures, systems, or controls that will reduce either the probability of a threat or its impact.

Answer 31

Risk reduction

Question 32

This typically involves the use of insurance, which is used to
compensate the organization for the financial losses or damages that will
occur if the threat were realized

Answer 32

Risk Transfer

Question 33

The organization will cease the activity associated with
the risk.

Answer 33

Risk Avoidance

Question 34

In this case, the organization feels that the risk is acceptable
and that no measures need to be taken to reduce the risk further.

Answer 34

Risk Acceptance

Question 35

TRUE OR FALSE:
The audit must be based on meaningful evidence that is materially relevant.

Answer 35

True

Question 36

TRUE OR FALSE: The auditor should design every audit to adhere to standards.

Answer 36

True

Question 37

TRUE OR FALSE:
The interview process must be scheduled
and must implement predefined questions for the purpose of gathering data.

Answer 37

True

Question 38

TRUE OR FALSE:
Test results are usually reported as noteworthy for special achievement, conforming to
minimum requirements, opportunity for improvement, a concern that’s not a violation yet,
and nonconformity.

Answer 38

True

Question 39

TRUE OR FALSE:
Continuous audit methods such as audit hooks or SCARF with embedded audit modules (SCARF/EAM) are used in environments where it
is possible to interrupt production.

Answer 39

False

Question 40

TRUE OR FALSE:
The best evidence will tell its own story.

Answer 40

True

Question 41

TRUE OR FALSE:
Irrelevant evidence will not affect the final decision

Answer 41

True

Question 42

TRUE OR FALSE:
Test results are usually reported as noteworthy for special achievement, conforming to minimum requirements, opportunity for improvement, a concern that’s not a violation yet,
and nonconformity.

Answer 42

True

Question 43

TRUE OR FALSE:
An independent auditor can work on fixing problems.

Answer 43

False

Question 44

TRUE OR FALSE:
Issues of high significance should be communicated directly to the audit committee.

Answer 44

True

Question 45

TRUE OR FALSE:
Control self‐assessments are designed to empower the customer’s staff.

Answer 45

True

Question 46

TRUE OR FALSE:
The purpose of the controls is to prevent harm and
protect an asset.

Answer 46

True