Review 4 Flashcards
Which type of sampling is best when dealing with population characteristics such as dollar amounts and weights?
A. Attribute sampling
B. Variable sampling
C. Stop-and-go sampling
D. Discovery sampling
B. Variable sampling
Which of the following sampling techniques is generally applied to compliance testing?
A. Attribute sampling
B. Variable sampling
C. Stop-and-go sampling
D. Discovery sampling
A. Attribute sampling
To guarantee the confidentiality of client information, an auditor should do which of the following when reviewing such information?
A. Contact the CEO or CFO and request what sensitive information
can and cannot be disclosed to authorities
B. Assume full responsibility for the audit archive and stored data
C. Leave all sensitive information at the owners’ facility
D. Not back up any of his or her work papers
C. Leave all sensitive information at the owners’ facility
Which of the following best describes materiality?
A. An audit technique used to evaluate the need to perform an audit
B. The principle that individuals, organizations, and the community are responsible for their actions and might be required to explain them
C. The auditor’s independence and freedom from conflict of interest
D. An auditing concept that examines the importance of an item of information in regard to the impact or effect on the entity being audited
D. An auditing concept that examines the importance of an item of information in regard to the impact or effect on the entity being audited
Which of the following sampling technique is best to use to prevent excessive sampling?
A. Attribute sampling
B. Variable sampling
C. Stop-and-go sampling
D. Discovery sampling
C. Stop-and-go sampling
Which of the following descriptions best defines auditor independence?
A. The auditor has high regard for the company and holds several hundred shares of the company’s stock
B. The auditor has a history of independence and even though the auditor has a niece that is employed by the company, he has stated that this is not a concern
C. The auditor has previously given advice to the organization’s design staff while employed as the auditor
D. The auditor is objective, not associated with the organization, and free of any connections to the client
D. The auditor is objective, not associated with the organization, and free of any connections to the client
Which of the following meets the description “the primary objective is to leverage the internal audit function by placing responsibility of control and monitoring onto the functional areas”?
A. Integrated auditing
B. Control self-assessment
C. Automated work papers
D. Continuous auditing
B. Control self-assessment
Which of the following sampling techniques would be best to use if the expected discovery rate is extremely low?
A. Attribute sampling
B. Variable sampling
C. Stop-and-go sampling
D. Discovery sampling
D. Discovery sampling
Which of the following offers how-to information?
A. Standards
B. Policy
C. Guidelines
D. Procedures
D. Procedures
The type of risk that might not be detected by a system of internal controls is defined as which of the following?
A. Control risk
B. Audit risk
C. Detection risk
D. Inherent risk
A. Control risk
Which of the following items makes computer-assisted audit techniques (CAAT) important to an auditor?
A. A large amount of information is obtained by using specific techniques to analyze systems.
B. An assistant or untrained professional with no specialized training can utilize CAAT tools, which frees up the auditor to participate in other activities.
C. CAAT requires more human involvement in the analysis than multifunction audit utilities.
D. CAAT requires the auditor to reduce the sampling rate and provides a more narrow audit coverage.
A. A large amount of information is obtained by using specific techniques to analyze systems.
The risk that a material error will occur because of weak controls or no controls is known as which of the following?
A. Control risk
B. Audit risk
C. Detection risk
D. Inherent risk
D. Inherent risk
You have been asked to audit a series of controls. Using Figure E.1 as your reference, what type of control have you been asked to examine?
?
Which of the following is the best tool to extract data that is relevant to the audit?
A. Integrated auditing
B. Generalized audit software
C. Automated work papers
D. Continuous auditing
B. Generalized audit software
You have been asked to perform an audit of the disaster-recovery procedures. As part of this process, you must use statistical sampling techniques to inventory all backup tapes. Which of the following descriptions best defines what you have been asked to do?
A. Continuous audit
B. Integrated audit
C. Compliance audit
D. Substantive audit
D. Substantive audit
According to ISACA, which of the following is the fourth step in the risk based audit approach?
A. Gather information and plan
B. Perform compliance tests
C. Perform substantive tests
D. Determine internal controls
C. Perform substantive tests
Which general control procedure most closely maps to the information systems control procedure that specifies, “Operational controls that are focused on day-to-day activities”?
A. Business continuity and disaster-recovery procedures that provide reasonable assurance that the organization is secure against disasters
B. Procedures that provide reasonable assurance for the control of database administration
C. System-development methodologies and change-control procedures that have been implemented to protect the organization and maintain compliance
D. Procedures that provide reasonable assurance to control and manage data-processing operations
D. Procedures that provide reasonable assurance to control and manage data-processing operations
Which of the following is the best example of a detective control?
A. Access-control software that uses passwords, tokens, and/or
biometrics
B. Intrusion-prevention systems
C. Backup procedures used to archive data
D. Variance reports
D. Variance reports
Which of the following is not one of the four common elements needed to determine whether fraud is present?
A. An error in judgment
B. Knowledge that the statement was false
C. Reliance on the false statement
D. Resulting damages or losses
A. An error in judgment
You have been asked to implement a continuous auditing program. With this in mind, which of the following should you first identify?
A. Applications with high payback potential
B. The format and location of input and output files
C. Areas of high risk within the organization
D. Targets with reasonable thresholds
C. Areas of high risk within the organization
Which of the following should be the first step for organizations wanting to develop an information security program?
A. Upgrade access-control software to a biometric or token system
B. Approve a corporate information security policy statement
C. Ask internal auditors to perform a comprehensive review
D. Develop a set of information security standards
B. Approve a corporate information security policy statement
Which of the following is primarily tasked with ensuring that the IT department is properly aligned with the goals of the business?
A. Chief executive officer
B. Board of directors
C. IT steering committee
D. Audit committee
C. IT steering committee
The balanced score card differs from historic measurement schemes, in that it looks at more than what?
A. Financial results
B. Customer satisfaction
C. Internal process efficiency
D. Innovation capacity
A. Financial results