Review 5 Flashcards
An IS auditor, performing a review of an application’s controls discovers a weakness in system software, which could materially impact the application. The IS auditor should:
A) Disregard these control weaknesses as a system software review is beyond the scope of this review.
B) Conduct a detailed system software review and report the control weaknesses.
C) Include in the report a statement that the audit was limited to a review of the application’s controls.
D) Review the system software controls as relevant and recommend a detailed system software review.
D) Review the system software controls as relevant and recommend a detailed system software review.
The reason for having controls in an IS environment:
A) remains unchanged from a manual environment, but the implemented control features may be different.
B) changes from a manual environment, therefore the implemented control features may be different.
C) changes from a manual environment, but the implemented control features will be the same.
D) remains unchanged from a manual environment and the implemented control features will also be the same.
A) remains unchanged from a manual environment, but the implemented control features may be different.
Which of the following types of risks assumes an absence of compensating controls in the area being reviewed?
A) Control risk
B) Detection risk
C) Inherent risk
D) Sampling risk
C) Inherent risk
An IS auditor is conducting substantive audit tests of a new accounts receivable module. The IS auditor has a tight schedule and limited computer expertise. Which would be the BEST audit technique to use in this situation?
A) Test data
B) Parallel simulation
C) Integrated test facility
D) Embedded audit module
A) Test data
The PRIMARY purpose of compliance tests is to verify whether:
A) controls are implemented as prescribed.
B) documentation is accurate and current.
C) access to users is provided as specified.
D) data validation procedures are provided.
A) controls are implemented as prescribed.
Which of the following BEST describes the early stages of an IS audit?
A) Observing key organizational facilities.
B) Assessing the IS environment.
C) Understanding business process and environment applicable to the review.
D) Reviewing prior IS audit reports.
C) Understanding business process and environment applicable to the review.
The document used by the top management of organizations to delegate authority to the IS audit function is the:
A) long-term audit plan.
B) audit charter.
C) audit planning methodology.
D) steering committee minutes.
B) audit charter.
Before reporting results of an audit to senior management, an IS auditor should:
A) Confirm the findings with auditees.
B) Prepare an executive summary and send it to audit management.
C) Define recommendations and present the findings to the audit committee.
D) Obtain agreement from the auditee on findings and actions to be taken.
D) Obtain agreement from the auditee on findings and actions to be taken.
While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on?
A) Business processes
B) Critical IT applications
C) Corporate objectives
D) Business strategies
A) Business processes
Which of the following is a substantive audit test?
A) Verifying that a management check has been performed regularly
B) Observing that user IDs and passwords are required to sign on the computer
C) Reviewing reports listing short shipments of goods received
D) Reviewing an aged trial balance of accounts receivable
D) Reviewing an aged trial balance of accounts receivable
Which of the following tasks is performed by the same person in a well controlled information processing facility/computer center?
A) Security administration and management
B) Computer operations and system development
C) System development and change management
D) System development and systems maintenance
D) System development and systems maintenance
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for:
A) compensating controls.
B) administrative controls.
C) corrective controls.
D) access controls.
A) compensating controls.
Which of the following would be included in an IS strategic plan?
A) Specifications for planned hardware purchases
B) Analysis of future business objectives
C) Target dates for development projects
D) Annual budgetary targets for the IS department
B) Analysis of future business objectives
The MOST important responsibility of a data security officer in an organization is:
A) recommending and monitoring data security policies. B) promoting security awareness within the organization. C) establishing procedures for IT security policies.
D) administering physical and logical access controls.
A) recommending and monitoring data security policies.
Which of the following BEST describes an IT department’s strategic planning process?
A) The IT department will have either short-range or long-range plans depending on the organization?s broader plans and objectives.
B) The IT department?s strategic plan must be time and project oriented, but not so detailed as to address and help determine priorities to meet business needs
C) Long-range planning for the IT department should recognize organizational goals, technological advances and regulatory requirements.
D) Short-range planning for the IT department does not need to be integrated into the short-range plans of the organization since technological advances will drive the IT department plans much quicker than organizational plans.
C) Long-range planning for the IT department should recognize organizational goals, technological advances and regulatory requirements.
