Review 4 Flashcards

1
Q

Which type of sampling is best when dealing with population characteristics such as dollar amounts and weights?

A. Attribute sampling
B. Variable sampling
C. Stop-and-go sampling
D. Discovery sampling

A

B. Variable sampling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following sampling techniques is generally applied to compliance testing?

A. Attribute sampling
B. Variable sampling
C. Stop-and-go sampling
D. Discovery sampling

A

A. Attribute sampling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To guarantee the confidentiality of client information, an auditor should do which of the following when reviewing such information?

A. Contact the CEO or CFO and request what sensitive information
can and cannot be disclosed to authorities
B. Assume full responsibility for the audit archive and stored data
C. Leave all sensitive information at the owners’ facility
D. Not back up any of his or her work papers

A

C. Leave all sensitive information at the owners’ facility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following best describes materiality?

A. An audit technique used to evaluate the need to perform an audit
B. The principle that individuals, organizations, and the community are responsible for their actions and might be required to explain them
C. The auditor’s independence and freedom from conflict of interest
D. An auditing concept that examines the importance of an item of information in regard to the impact or effect on the entity being audited

A

D. An auditing concept that examines the importance of an item of information in regard to the impact or effect on the entity being audited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following sampling technique is best to use to prevent excessive sampling?

A. Attribute sampling
B. Variable sampling
C. Stop-and-go sampling
D. Discovery sampling

A

C. Stop-and-go sampling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following descriptions best defines auditor independence?

A. The auditor has high regard for the company and holds several hundred shares of the company’s stock
B. The auditor has a history of independence and even though the auditor has a niece that is employed by the company, he has stated that this is not a concern
C. The auditor has previously given advice to the organization’s design staff while employed as the auditor
D. The auditor is objective, not associated with the organization, and free of any connections to the client

A

D. The auditor is objective, not associated with the organization, and free of any connections to the client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following meets the description “the primary objective is to leverage the internal audit function by placing responsibility of control and monitoring onto the functional areas”?

A. Integrated auditing
B. Control self-assessment
C. Automated work papers
D. Continuous auditing

A

B. Control self-assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following sampling techniques would be best to use if the expected discovery rate is extremely low?

A. Attribute sampling
B. Variable sampling
C. Stop-and-go sampling
D. Discovery sampling

A

D. Discovery sampling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following offers how-to information?

A. Standards
B. Policy
C. Guidelines
D. Procedures

A

D. Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The type of risk that might not be detected by a system of internal controls is defined as which of the following?

A. Control risk
B. Audit risk
C. Detection risk
D. Inherent risk

A

A. Control risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following items makes computer-assisted audit techniques (CAAT) important to an auditor?

A. A large amount of information is obtained by using specific techniques to analyze systems.
B. An assistant or untrained professional with no specialized training can utilize CAAT tools, which frees up the auditor to participate in other activities.
C. CAAT requires more human involvement in the analysis than multifunction audit utilities.
D. CAAT requires the auditor to reduce the sampling rate and provides a more narrow audit coverage.

A

A. A large amount of information is obtained by using specific techniques to analyze systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The risk that a material error will occur because of weak controls or no controls is known as which of the following?

A. Control risk
B. Audit risk
C. Detection risk
D. Inherent risk

A

D. Inherent risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have been asked to audit a series of controls. Using Figure E.1 as your reference, what type of control have you been asked to examine?

A

?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is the best tool to extract data that is relevant to the audit?

A. Integrated auditing
B. Generalized audit software
C. Automated work papers
D. Continuous auditing

A

B. Generalized audit software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have been asked to perform an audit of the disaster-recovery procedures. As part of this process, you must use statistical sampling techniques to inventory all backup tapes. Which of the following descriptions best defines what you have been asked to do?

A. Continuous audit
B. Integrated audit
C. Compliance audit
D. Substantive audit

A

D. Substantive audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

According to ISACA, which of the following is the fourth step in the risk based audit approach?

A. Gather information and plan
B. Perform compliance tests
C. Perform substantive tests
D. Determine internal controls

A

C. Perform substantive tests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which general control procedure most closely maps to the information systems control procedure that specifies, “Operational controls that are focused on day-to-day activities”?

A. Business continuity and disaster-recovery procedures that provide reasonable assurance that the organization is secure against disasters
B. Procedures that provide reasonable assurance for the control of database administration
C. System-development methodologies and change-control procedures that have been implemented to protect the organization and maintain compliance
D. Procedures that provide reasonable assurance to control and manage data-processing operations

A

D. Procedures that provide reasonable assurance to control and manage data-processing operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following is the best example of a detective control?

A. Access-control software that uses passwords, tokens, and/or
biometrics
B. Intrusion-prevention systems
C. Backup procedures used to archive data
D. Variance reports

A

D. Variance reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is not one of the four common elements needed to determine whether fraud is present?

A. An error in judgment
B. Knowledge that the statement was false
C. Reliance on the false statement
D. Resulting damages or losses

A

A. An error in judgment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You have been asked to implement a continuous auditing program. With this in mind, which of the following should you first identify?

A. Applications with high payback potential
B. The format and location of input and output files
C. Areas of high risk within the organization
D. Targets with reasonable thresholds

A

C. Areas of high risk within the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following should be the first step for organizations wanting to develop an information security program?

A. Upgrade access-control software to a biometric or token system
B. Approve a corporate information security policy statement
C. Ask internal auditors to perform a comprehensive review
D. Develop a set of information security standards

A

B. Approve a corporate information security policy statement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following is primarily tasked with ensuring that the IT department is properly aligned with the goals of the business?

A. Chief executive officer
B. Board of directors
C. IT steering committee
D. Audit committee

A

C. IT steering committee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The balanced score card differs from historic measurement schemes, in that it looks at more than what?

A. Financial results
B. Customer satisfaction
C. Internal process efficiency
D. Innovation capacity

A

A. Financial results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following is the purpose of enterprise architecture (EA)?

A. Ensure that internal and external strategy are aligned
B. Map the IT infrastructure of the organization
C. Map the IT infrastructure of the organization and ensure that its
design maps to the organization’s strategy
D. Ensure that business strategy and IT investments are aligned

A

D. Ensure that business strategy and IT investments are aligned

25
Q

Which of the following types of planning entails an outlook of greater than three years?

A. Daily planning
B. Long-term planning
C. Operational planning
D. Strategic planning

A

D. Strategic planning

26
Q

A new IT auditor has been asked to examine some processing, editing, and validation controls. Can you help define the control shown in Figure E.2?

A. Validity check
B. Reasonableness check
C. Existence check
D. Range check

A

C. Existence check

27
Q

Senior management needs to select a strategy to determine who will pay for the information system’s services. Which of the following payment methods is known as a “pay as you go” system?

A. Single cost
B. Shared cost
C. Chargeback
D. Sponsor pays

A

C. Chargeback

28
Q

Which of the following is the best method to identify problems between procedure and activity?

A. Policy review
B. Direct observation
C. Procedure review
D. Interview

A

B. Direct observation

29
Q

You are working with a risk-assessment team that is having a hard time calculating the potential financial loss to the company’s brand name that could result from a risk. What should the team do next?

A. Calculate the return on investment (ROI)
B. Determine the single loss expectancy (SLE)
C. Use a qualitative approach
D. Review actuary tables

A

C. Use a qualitative approach

30
Q

What operation-migration strategy has the highest possible level of risk?

A. Parallel
B. Hard
C. Phased
D. Intermittent

A

B. Hard

31
Q

Many organizations require employees to rotate to different positions. Why?

A. Help deliver effective and efficient services
B. Provide effective cross-training
C. Reduce the opportunity for fraud or improper or illegal acts
D. Increase employee satisfaction

A

C. Reduce the opportunity for fraud or improper or illegal acts

32
Q

The balanced score card looks at four metrics. Which of the following is not one of those metrics?

A. External operations
B. The customer
C. Innovation and learning
D. Financial data

A

A. External operations

33
Q

You have been assigned to a software-development project that has 80 linked modules and is being developed for a system that handles several million transactions per year. The primary screen of the application has data items that carry up to 20 data attributes. You have been asked to work with the audit staff to determine a true estimate of the development effort.
Which of the following is the best technique to determine the size of the project?

A. White-boxing
B. Black-boxing
C. Function point analysis
D. Source lines of code

A

C. Function point analysis

34
Q

Which of the following is the preferred tool for estimating project time when a degree of uncertainty exists?

A. Program Evaluation and Review Technique (PERT)
B. Source lines of code (SLOC)
C. Gantt
D. Constructive Cost Model (COCOMO)

A

A. Program Evaluation and Review Technique (PERT)

35
Q

Which of the following techniques is used to determine what activities are critical and what the dependencies are among the various tasks?

A. Compiling a list of each task required to complete the project
B. COCOMO
C. Critical path methodology (CPM)
D. Program Evaluation and Review Technique (PERT)

A

C. Critical path methodology (CPM)

36
Q

Which of the following is considered a traditional system development lifecycle model?

A. The waterfall model
B. The spiral development model
C. The prototyping model
D. Incremental development

A

A. The waterfall model

37
Q

You have been assigned as an auditor to a new software project. The team members are currently defining user needs and then mapping how the proposed solution meets the need. At what phase of the SDLC are they?

A. Feasibility
B. Requirements
C. Design
D. Development

A

B. Requirements

38
Q

Which of the following is not a valid output control?

A. Logging
B. Batch controls
C. Security signatures
D. Report distribution

A

B. Batch controls

39
Q

The following question references Figure E.3. Item A refers to which of the following?

A. Foreign key
B. Tuple
C. Attribute
D. Primary key
Figure E.3.
A

D. Primary key

40
Q

You have been asked to suggest a control that could be used to determine whether a credit card transaction is legitimate or potentially from a stolen credit card. Which of the following would be the best tool for this need?

A. Decision support systems
B. Expert systems
C. Intrusion-prevention systems
D. Data-mining techniques

A

D. Data-mining techniques

41
Q

You have been asked to suggest a control that can be used to verify that batch data is complete and was transferred accurately between two applications. What should you suggest?

A. A control total
B. Check digit
C. Completeness check
D. Limit check

A

A. A control total

42
Q

Which of the following types of programming language is used to develop decision support systems?

A. 2GL
B. 3GL
C. 4GL
D. 5GL

A

C. 4GL

43
Q

You have been asked to work with a new project manager. The project team has just started work on the payback analysis. Which of the following is the best answer to identify the phase of the system development lifecycle of the project?

A. Feasibility
B. Requirements
C. Design
D. Development

A

A. Feasibility

44
Q

In many ways, IS operations is a service organization because it provides services to its users. As such, how should an auditor recommend that the percentage of help-desk or response calls answered within a given time be measured?

A. Uptime agreements
B. Time service factor
C. Abandon rate
D. First call resolution

A

B. Time service factor

45
Q

What is the correct term for items that can occur without human interaction?

A. Lights out
B. Automated processing
C. “Follow the sun” operations
D. Autopilot operations

A

A. Lights out

46
Q

Which of the following is an example of a 2GL language?

A. SQL
B. Assembly
C. FORTRAN
D. Prolog

A

B. Assembly

47
Q

When discussing web services, which of the following best describes a proxy server?

A. Reduces load for the client system
B. Improves direct access to the Internet
C. Provides an interface to access the private domain
D. Provides high-level security services

A

C. Provides an interface to access the private domain

48
Q

Regarding cohesion and coupling, which is best?

A. High cohesion, high coupling
B. High cohesion, low coupling
C. Low cohesion, low coupling
D. Low cohesion, high coupling

A

B. High cohesion, low coupling

49
Q

Bluetooth class 1 meets which of the following specifications?

A. Up to 5 m of range and .5 mW of power
B. Up to 10 m of range and 1 mW of power
C. Up to 20 m of range and 2.5 mW of power
D. Up to 100 m of range and 100 mW of power

A

D. Up to 100 m of range and 100 mW of power

50
Q

When discussing electronic data interface (EDI), which of the following terms best describes the device that transmits and receives electronic documents between trading partners?

A. Value Added Network (VAN)
B. X12
C. Communications handler
D. Electronic Data Interchange For Administration Commerce And Transport (EDIFACT)

A

C. Communications handler

51
Q

What type of network is used to connect multiple servers to a centralized pool of disk storage?

A. PAN
B. LAN
C. SAN
D. MAN

A

C. SAN

52
Q

Which following question references Figure E.4. Item C refers to which of the following?

A. Foreign Key
B. Tuple
C. Attribute
D. Primary Key

A

C. Attribute

53
Q

Which layer in the CSI model is responsible for packet routing?

A. Application
B. Transport
C. Session
D. Network

A

D. Network

54
Q

Which of the following types of testing is usually performed at the implementation phase, when the project staff is satisfied with all other tests and the application is ready to be deployed?

A. Final acceptance testing
B. System testing
C. Interface testing
D. Unit testing

A

A. Final acceptance testing

55
Q

Which of the following devices can be on the edge of networks for basic packet filtering?

A. Bridge
B. Switch
C. Router
D. VLAN

A

C. Router

56
Q

MAC addresses are most closely associated with which layer of the OSI model?

A. Data Link
B. Network
C. Session
D. Physical

A

A. Data Link

57
Q

The IP address of 128.12.3.15 is considered to be which of the following?

A. Class A
B. Class B
C. Class C
D. Class D

A

B. Class B

58
Q

Which of the following statements is MOST correct? RIP is considered…

A. A routing protocol
B. A routable protocol
C. A distance-vector routing protocol
D. A link-state routing protocol.

A

C. A distance-vector routing protocol

59
Q

Which of the following test types used after a change to verify that inputs and outputs are correct?

A. Regression testing
B. System testing
C. Interface testing
D. Pilot testing

A

A. Regression testing