Module 2: Audit Planning and Business Process

Question 1

A ________ is an interrelated set of __ ____ activities or events that result in the delivery of a specific product or service to a customer.

Answer 1

Business Process; Cross Functionals

Question 2

What are the responsibilities of business process owner?

Answer 2

1. Identify Requirements
2. Approval of Process Design
3. Should be of high level in the organization in order to be able to assign resources.
4. Managing Process Performance

Question 3

The role of the IS internal audit function should be established in?

Answer 3

The audit charter

Question 4

Who approves of the audit charter?

Answer 4

BOD and Audit Committee or Senior Management

Question 5

What is the difference between the audit charter and the engagement letter?

Answer 5

Audit Charter - whole scope of audit activities
Engagement Letter - specific audit exercise

Question 6

___ ___ ___ ___should be drawn up for the year based on the organization’s direction in terms of technology and related risk that needs to be addressed

Answer 6

a detailed staff training plan

Question 7

The Audit Charter should include these 4?

Answer 7

1. Purpose
2. Authority
3. Responsibility
4. Accountability

Question 8

What can the board approve?

Answer 8

1. Charter
2. Risk Based Plan
3. IS Budget and Resource Plan
4. Appointment and Removal of Chief Audit Executive
5. Wage of Chief Audit Executive

Question 9

Can IS auditors subordinate their judgement on audit matters to other?

Answer 9

No.

Question 10

the engagement can be completed in accordance with applicable IT audit and assurance standards and, where required, other industry standards or applicable laws and regulations that will result in a
professional opinion or conclusion

Answer 10

Reasonable Expectation

Question 11

maintain high standards of conduct and character, and they will refrain from engaging in acts that may discredit themselves or the profession

Answer 11

Due Professional Care

Question 12

a collective term that refers
to the knowledge, skills, and
other competencies required
of internal auditors to effectively carry out their professional responsibilities

Answer 12

Proficiency

Question 13

What should professionals do to maintain compentence in their line of work

Answer 13

through continuing professional education and training

Question 14

Considers audit Issues that will be covered during the year

Answer 14

Short Term Audit Planning

Question 15

Considers risk related issues that will incur change in the IT Environment

Answer 15

Long Term audit planning

Question 16

List of all processes that may be considered for Audit

Answer 16

Audit Universe

Question 17

Risks can be rated as?

Answer 17

High
Medium
Low

Question 18

The evaluation of risk should be ideally based on the inputs of?

Answer 18

The business process owners

Question 19

Analysis of short-term and long-term issues should occur

Answer 19

At least annually

Question 20

The review of the analysis results should be done by

Answer 20

Audit Senior Managment/ Audit Committe or BOD

Question 21

Steps of Perform Audit Planning

Answer 21

1. Understand organization
2. Understand Audit Objectives and Org Governance Structure
3. Understanding changes in the business environment of the auditee
4. Review prior work papers
5. Identify Contents
6. Risk Analysis
7. Set Audit Scope and Objectives
8. Develop Audit Approach
9. Assign personnel
10. Adress Engagement Logistics

Question 22

What are the two considerations regarding laws and regulations on IS audit planning?

Answer 22

1. Legal Requirements placed on Audit or IS Audit
2. Legal Requirements placed on the auditee (PICAA, GDPR)

Question 24

What are the differences between single, two, and three tier architecture of e-commerce?

Answer 24

Single Tier - Client Based application running on a single computer
Two Tier- Has a client and a server
Three Tier - Has a presentation layer (GUI), application layer (Functionality), and data layer (Database)

Question 25

play a key role in most ecommerce systems, maintaining data for website pages accumulating customer information and storing clickstream data for analyzing website usage

Answer 25

Databases

Question 26

Persistent customer data should not be stored in?

Answer 26

Web Servers or servers connected to the internet

Question 27

E-Commerce Risk: Potential consumers are concerned about providing unknown vendors with personal information for a number of reasons.

Answer 27

Confidentiality

Question 28

E-Commerce Risk: Data in transit and in storage could be susceptible to unauthorized alteration or deletaion

Answer 28

Integrity

Question 29

E-Commerce Risk: allows customers to have data 24/7 hence losses can be acquired when it is down

Answer 29

Availability

Question 30

E-Commerce Risk: requires that the parties prove their identities before executing the transaction

Answer 30

Authentication

Question 31

E-Commerce Risk: a manner of ensuring that the transacting parties cannot deny that the transaction was completed

Answer 31

Non-repudiation

Question 32

E-Commerce Risk: Organizations participating in e business need to make their offerings attractive and seamless in terms of service delivery

Answer 32

Power Shift to Customers

Question 33

What concept should a business case be built upon?

Answer 33

The 4 C's: Customers, Competitors, Capability, Costs

Question 34

E-Commerce Requirements: cannot succeed without a clear vision and strong commitment from the top of an oganization

Answer 34

Top-level Commitment

Question 35

E-Commerce Requirements: how technology can fundamentally reconfigure some of its basic business processes

Answer 35

Business Process Reconfiguration

Question 36

E-Commerce Requirements: accelerate response times, provide real interaction to customers and customize responses to individual customers

Answer 36

Links to Legacy System (Linking an e-commerce system to legacy system enables it to have more capabilities and improve response times)

Question 37

According to E-Commerce Requirements, what is the key needed to make e commerce work if its not techology

Answer 37

Ingenuity

Question 38

Electronic transmission of transactions between two oganizations

Answer 38

Electronic Data Interchange

Question 39

Moves data from one point to another and determines how acknowledgements are transmitted and reconciled

Answer 39

Communications Software

Question 40

What flags the start and end of an EDI Transmission?

Answer 40

Communications Software

Question 41

Helps build a map and shows how the data fields from the application correspond to the standard EDI format

Answer 41

Translation Software

Question 42

necessary in mapping the transaction, writing the partner’s profile and tells the system where to send each transaction and how to handle errors and exceptions

Answer 42

EDI Standard

Question 43

includes transmission, translation and storage of transactions initiated by or destined for application processing

Answer 43

EDI System Software

Question 44

What are the functions of a traditional EDI?

Answer 44

1. Communications Handler 2. EDI Interface 3. Application System

Question 45

Receives all the outbound transactions from an organization, sorts the, by destination and passes them to the receipients

Answer 45

Value Added Network

Question 46

Functions of EDI: includes transmission, translation and storage of transactions initiated by or destined for application processing

Answer 46

Communications Holder

Question 47

Functions of EDI: manipulates and routes data between the application system and the communications handler

Answer 47

EDI Interface

Question 48

moves electronic transactions to or from the application systems and performs data mapping. It Imay generate and send functional acknowledgments, verify the identity of partners and check the validity of transactions by checking transmission information against a trading partner master file

Answer 48

Application Interface

Question 49

Functions of EDI: processes the data sent to and from the trading partner

Answer 49

Application System

Question 50

Test of ______ of messages received should be based on trading partners' ____ ____ or ______ received that substantiates special situations

Answer 50

Reasonableness; transaction history; documents

Question 51

What should be in place between parties to reduce the risk of tapping into the transmission lines?

Answer 51

Direct or dedicated transmission channels

Question 52

What should be in the transmissions to identify the source and destination?

Answer 52

Electronic Signatures

Question 53

What should exist to ensure that what is sent is received?

Answer 53

Message Authentication Codes

Question 54

What is the control objective of inbound transactions?

Answer 54

All Inbound EDI transactions should be completely and accurately received, translated, passed on to the application, and processed only once.

Question 55

What is the control objective of outbound EDI transactions?

Answer 55

-Only properly authorized transactions are processed - Outbound EDI messages are initiated upon authorization - Contain only pre-approved transaction types -Sent only to valid trading partners

Question 56

The validity of the sender against trading partners detail by:

Answer 56

1. Use of Control Fields within an EDI message at either the transaction, function, group or interchange level 2. The use of VAN sequential control numbers or reports 3. The sending of an acknowledgement to the sender .

Question 57

______ count total built into the transaction set trailers _______ set count total built into the functional group headers _______ batch control totals built into the functional group headers

Answer 57

Segment; Transaction; Batch

Question 58

enable the capture of data at the time and place that sales transactions occur

Answer 58

Point of Sale Systems

Question 59

What should the IS auditor ensure when there are Personally Identifiable Information are stored within Point of Sale systems?

Answer 59

That they are encrypted

Question 60

What are the Risk Management Controls for E-Banking?

Answer 60

1. Board and Management Oversight 2. Security Controls 3. Legal and Reputational Risk Managment

Question 61

Replaces traditional check writing and cash collection procedures?

Answer 61

Electronic Fund transfer

Question 62

specialized form of the POS terminal that is designed for the unattended use by a customer of a financial institution

Answer 62

Automated Teller Machine

Question 63

Recommended Internal Control Guidelines for ATM: Regarding PINS

Answer 63

- Procedures for PIN issuance and protection during storage - Procedure for PIN security during delivery and locking after unsuccessful number of attempts

Question 64

Recommended Internal Control Guidelines for ATM: What is subject to the highest level of access?

Answer 64

Anything related to the generation of PINs

Question 65

Recommended Internal Control Guidelines for ATM: Audit trails for transactions that have been made in the ATM must be made in what form?

Answer 65

Internal Registration in Internal paper or digital media

Question 66

Technology that allows computer to detect voice and touch tones using a normal phone call

Answer 66

Interactive Voice Response

Question 67

Purchase Accounting System Components

Answer 67

1. Accounts Payable Processing 2. Goods Received Processing 3. Order Processing

Question 68

method of manipulating or altering an image to achieve a desired result, typically for improving its visual quality or extracting useful information from it.

Answer 68

Image Processing

Question 69

Image Processing: The integrity and reliability of the imaging system database are related directly to the ?

Answer 69

Quality of Controls over access to the system

Question 70

Image Processing: What problems can arise from scanning devices?

Answer 70

It may not be able to handle a large number of transactions.

Question 71

What are the ICS risk factors?

Answer 71

1. Delayed Flow of Information 2. Unauthorized changes to instructions 3. Inaccurate Information 4. Malware or Modification 5. Interference with the operation of safety systems

Question 72

Basic assumptions or formulas are given and then used to analyze repetitive situation. Conclusions are made using the analysis.

Answer 72

Expert Systems

Question 73

contains specific information or fact patterns associated with particular subject matter and the rules for interpreting these facts

Answer 73

Knowledge Base

Question 74

is linking the business processes between the related entities such as the buyer and the seller

Answer 74

Supply Chain Management

Question 75

is the combination of practices, strategies and technologies that companies use to manage and analyze customer interactions and data throughout the customer lifecycle

Answer 75

Customer Relationship Management

Question 76

Concerned with maximizing the utility of the customer's service experience while also capturing useful data about the customer interaction

Answer 76

Operational CRM

Question 77

seeks to analyze information captured by the organization about its customers and their interactions with the organization into information that allows greater value to be obtained from the customer base

Answer 77

Analytical CRM

Question 78

What are the components of Analytical CRM

Answer 78

1. OLAP 2. Data Mining 3. Data Warehousing

Question 79

Using the Work of Other experts: Factors to be considered

Answer 79

1. Restriction on Outsourcing of audit/Security Services provided by laws and regulations 2. Audit Charter or Contractual Stipulations 3. Impact on overall and specific IS audit objectives 4. Impact on IS audit risk and professional liability