IT Chapter 3

Question 1

Where is the greatest information security risk?

Answer 1

Accidental employee error.

Question 2

What are the three control environment sub componenets?

Answer 2

Managerial philosophy
Org Structure
Steering committee

Question 3

What is logical security concerned with?

Answer 3

Safeguarding software to protect software and data.

Question 4

What is org security concerned with?

Answer 4

Segregating the functions of the IS department and the end user

Question 5

Restricting documentation, hardware and data follows into what control?

Answer 5

Access control

Question 6

What are output controls there for?

Answer 6

Procedures ensure the accuracy of output including reports, data updates.

Question 7

What is SOX? What is the policy in Canada?

Answer 7

Requirement to have external auditors examine the internal controls. In Canada, does not have to be external auditors.

Question 8

What is COBIT a governance model of?

Answer 8

IT Governance.

Question 9

What is a disaster recovery plan?

Answer 9

Set of policies and procedures to protect and recover IT infrastructure in the even of disaster.

Question 10

What is Infrastrcture-as-a-service?

Answer 10

Cloud-computing categary where an org oursoucres hardware, storage, servers and networking to a service prodiver.

Question 11

What is the most common computer crime?

Answer 11

Input manipulation

Question 12

What is program manipulation?

Answer 12

Involves changing or altering existing programs in the computer system or inserting new programs.

Question 13

What is the salami technique?

Answer 13

Nearly unnoticeable thin slices of financial transactions are repeatedly removed and transferred to another account.

Question 14

What is the focus of a financial audit?

Answer 14

Focused on providing reasonable assurance over financial records and documentattion of financial information.

Question 15

What is an IT audit?

Answer 15

Evaluates if information systems are safeguarding assets, and maintaining data integrity.

Question 16

What are the stages of a financial audit?

Answer 16

1. Client acceptance
2. Audit planning stage
3. Control testing stage
4. Substantive testing stage
5. Opinion formulation stage

Question 17

What are the auditing process for IT audits?

Answer 17

1. Physical and environment review
2. System admin review
3. Network security review
4. Business continuity review
5. Data integrity review

Question 18

What is substantive testing?

Answer 18

Focuses on finding direct evidence that certain activities are happening as they should.

Question 19

What does CAAT stand for?

Answer 19

Computer assisted audit techniques

Question 20

What are the functions of CAAT?

Answer 20

Can sift through records looking for patterns.
100% verification
Detect fraud.

Question 21

Which two control procedures are classified as access,input, processing, output, procedural and documentation control procedures?

Answer 21

Physical and logical

Question 22

What are three features of physical security?

Answer 22

Safeguarding hardware
Network authentication of users
Server room security

Question 23

What is the subset goal of data input controls?

Answer 23

To protect data integrity

Question 24

What are the two most common IT governance framework for SOX compliance?

Answer 24

COBIT and COSO

Question 25

What has resulted in simplifying disaster recovery plans?

Answer 25

Virtualization

Question 26

What is the formal term for the collected techniques of securing communications?

Answer 26

Cryptology

Question 27

Three types of data processing fraud?

Answer 27

Input, program, output

Question 28

What is the main focus of substantive testing?

Answer 28

Direct evidence that certain activities such as calculations are happening as they should.

Question 29

What is the most common BI method deployed using CAAT?

Answer 29

Pattern recognition.

Question 30

What is COSO

Answer 30

A model to ensure accurate financial reporting, efficient operations and law compliance.