ISACA QAE - Weird Terms Referenced (Not in ISACA Glossary) Flashcards

1
Q

“One-for-One Checking”

A

This validates that transactions are accurate and complete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

“Review of application controls”

A

“Review of application controls” means the auditor is “reviewing the effectiveness of controls” (not the suitability of the application to meet business needs).

The purpose of this is to evaluate any exposures resulting from control weaknesses identified from the review.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

“Gap Analysis”

A

Compares actual state to an expected or desirable state.

Mainly done at the beginning of a product/service implementation project to assess what is currently in place against the set of requirements that are going to be used for the implementation - helps you assess where there is more required for the process currently in place (ISO 9001).

Gap Analysis is usually done through a questionnaire/document review/similar tool.

Different from Internal Audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

“Professional Independence” vs. “Organizational Independence”

A

“Organization Independence” is considered at the time of accepting the engagement and has no relevance to the content of an audit report.

“Professional Independence” is the independence of the individual auditor (i.e. when an IS auditor recommends a specific vendor, the auditor’s professional independence is compromised).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Relationship between “Quality Assurance (QA)” function and “Project Management” function

A

To be effective, the quality assurance (QA) function should be independent of Project Management. If it is not, Project Management may put pressure on the QA function to approve an inadequate product.

The QA team does not release a product for implementation, as prepared by Project Management, until it meets QA requirements.

The Project Manager responds to issues raised by the QA team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

“Due Diligence Reviews”

A

Due diligence reviews are a type of audit generally related to mergers and acquisitions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

“Before and after image reporting”

A

This makes it possible to trace the impact that transactions have on computer records.

This is a DETECTIVE control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

“Directive Controls”

A

Examples: IT Policies and Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(1) “Embedded Data Collection Tools”
(2) “Trend/Variance Detection Tools”
(3) “Heuristic Scanning Tools”

A

(1) Embedded Data Collection Tools: Embedded (audit) data collection software, such as systems control audit review file or systems audit review file, is used to provide sampling and production statistics.
(2) Trend/Variance Detection Tools: They look for anomalies in user or system behavior, such as invoices with increasing invoice numbers.
(3) Heuristic Scanning Tools: These are a type of virus scanning used to indicate possible infected traffic. (“Heuristic” meaning to enable you to discover/learn something for yourself).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly