AIS Chapter 7
75X. These tests of the security controls involve various methods of entering the company's system to determine whether controls are working as intended. A. Authenticity tests B. Penetration tests C. Vulnerability assessments D. IT systems documentation
B. Penetration tests
26X. This type of audit is completed in order to determine whether a company has adhered to the regulations and policies established by contractual agreements, governmental agencies, or some other high authority. A. Compliance Audit B. Operational Audit C. Information Audit D. Financial Statement Audit
A. Compliance Audit
42. The generally accepted auditing standards are divided into three groups. Which of the following is not one of those groups? A. General Standards B. Basic Standards C. Standards of Fieldwork D. Standards of Reporting
B. Basic Standards
2. Financial statement audits are required to be performed by: A. Governmental Auditors B. CPAs C. Internal Auditors D. IT Auditors
B. CPAs
1. Which of the following types of audits is most likely to be conducted for the purpose of identifying areas for cost savings? A. Financial Statement Audits B. Operational Audits C. Regulatory Audits D. Compliance Audits
B. Operational Audits
12. Which of the following is the most significant disadvantage of auditing around the computer rather than through the computer? A. The time involved in testing processing controls is significant. B. The cost involved in testing processing controls is significant. C. A portion of the audit trail is not tested. D. The technical expertise required to test processing controls is extensive.
C. A portion of the audit trail is not tested.
4. Which of the following is not a part of general accepted auditing standards? A. General Standards B. Standards of Fieldwork C. Standards of Information Systems D. Standards of Reporting
C. Standards of Information Systems
48. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor. This is one of the generally accepted auditing standards that is part of the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards
A. General Standards
49. Independence in mental attitude is to be maintained in all matters related to the audit engagement. This is one of the generally accepted auditing standards that is part of the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards
A. General Standards
16. Which of the following is a general control to test for external access to a client's computerized systems? A. Penetration tests B. Hash totals C. Field checks D. Program tracing
A. Penetration tests
8. Which of the following audit objectives relates to the management assertion of existence? A. A transaction is recorded in the proper period. B. A transaction actually occurred (i.e., it is real) C. A transaction is properly presented in the financial statements. D. A transaction is supported by detailed evidence.
B. A transaction actually occurred (i.e., it is real)
22. Accounting services that improve the quality of information provided to the decision maker, an audit being the most common type of this service, is called: A. Compliance Services B. Assurance Services C. Substantive Services D. Operational Services
B. Assurance Services
34. The IT environment plays a key role in how auditors conduct their work in all but which of the following areas: A. Consideration of Risk B. Consideration of Information Fairness C. Design and Performance of Audit Tests D. Audit Procedures Used
B. Consideration of Information Fairness
43X. GAAS, generally accepted auditing standards, provide a general framework for conducting quality audits, but the specific standards - or detailed guidance - are provided by all of the following groups, except: A. Public Company Accounting Oversight Board B. Auditing Standards Board C. Certified Fraud Examiners D. International Auditing and Assurance Standards Board
C. Certified Fraud Examiners
7X. Auditors should develop a written audit program so that: A. All material transactions will be included in substantive testing. B. Substantive testing performed prior to year end will be minimized. C. The procedures will achieve specific audit objectives related to specific management assertions. D. Each account balance will be tested under either a substantive test or a test of controls.
C. The procedures will achieve specific audit objectives related to specific management assertions.
21X. Which of the following terms in not associated with a financial statement auditor's requirement to maintain independence? A. Objectivity B. Neutrality C. Professional Skepticism D. Competence
D. Competence
90X. When companies rely on external, independent computer service centers to handle all or part of their IT needs it is referred to as: A. External Processing B. WAN Processing C. Database Management System D. IT Outsourcing
D. IT Outsourcing
35. The chance that information used by decision makers may be inaccurate is referred to as: A. Sample Risk B. Data Risk C. Audit Trail Risk D. Information Risk
D. Information Risk
29. This type of auditor is an employee of the company he / she audits. A. IT Auditor B. Government Auditor C. Certified Public Accountant D. Internal Auditor
D. Internal Auditor
81A2. Frank Benford found that the number one is likely to be the leading digit, the first digit, approximately: A. One-third of the time B. One-fourth of the time C. One-fifth of the time D. One-sixth of the time
D. One-sixth of the time
14. Which of the following computer assisted auditing techniques processes actual client input data (or a copy of the real data) on a controlled program under the auditor's control to periodically test controls in the client's computer system? A. Test data method B. Embedded audit module C. Integrated test facility D. Parallel simulation
D. Parallel simulation
23. A type of assurance services that involves accumulating and analyzing support for the information provided by management is called an: A. Audit B. Investigation C. Financial Statement Examination D. Control Test
A. Audit
54. Audit tests developed for an audit client are documented in a(n): A. Audit Program B. Audit Objective C. Management Assertion D. General Objectives
A. Audit Program
36. Which of the following is not one of the identified causes of information risk? A. Audited information B. Remote information C. Complexity of data D. Preparer motive
A. Audited information
45. This organization is part of the AICPA and was the group responsible for issuing Statements on Auditing Standards which were historically widely used in practice. A. Auditing Standards Board B. Public Company Accounting Oversight Board C. International Audit Practices Committee D. Information Systems Audit and Control Association
A. Auditing Standards Board
67. This approach, referred to as the whitebox approach, requires auditors to evaluate IT controls and processing so that they can determine whether the information generated from the system is reliable. A. Auditing through the system B. Auditing around the system C. Computer assisted audit techniques D. Auditing with the computer
A. Auditing through the system
74X. Auditors should perform this type of test to determine the valid use of the company's computer system, according to the authority tables. A. Authenticity tests B. Penetration tests C. Vulnerability assessments D. IT systems documentation
A. Authenticity tests
70. The automated controls that affect all computer applications are referred to as: A. General Controls B. Specific Controls C. Input Controls D. Application Controls
A. General Controls
66. Many companies design their IT system so that all documents and reports can be retrieved from the system in readable form. Auditors can then compare the documents used to input the data into the system with reports generated from the system, without gaining any extensive knowledge of the computer system and does not require the evaluation fo computer controls. This process is referred to as: A. Auditing through the system B. Auditing around the system C. Computer assisted audit techniques D. Auditing with the computer
B. Auditing around the system
78X. One of the most effective ways a client can protect its computer system is to place environmental controls in the computer center. Environmental controls include: A. Card keys B. Emergency power supply C. Alarms D. Security guards
B. Emergency power supply
56. There are four primary phases of the IT audit. Which of the following is not one of those phases. A. Planning B. Evidence Audit C. Tests of Controls D. Substantive Tests
B. Evidence Audit
31. This type of auditor conducts audits of government agencies or income tax returns. A. IT Auditor B. Government Auditor C. Certified Public Accountant D. Internal Auditor
B. Government Auditor
71. The two broad categories of general controls that relate to IT systems include which of the following: A. IT systems documentation B. IT administration and the related operating systems development and maintenance processes C. Authenticity table D. Computer security and virus protection
B. IT administration and the related operating systems development and maintenance processes
38. The existence of IT-based business processes often result in details of transactions being entered directly into the computer system, results in a lack of physical evidence to visibly view. This situation is referred to as: A. Physical Evidence Risk B. Loss of Audit Trail Visibility C. Transaction Summary Chart D. Lack of Evidence View
B. Loss of Audit Trail Visibility
53X. Claims regarding the condition of the business organization and in terms of its operations, financial results, and compliance with laws and regulations, are referred to as: A. Financial Statements B. Management Assertions C. External Audit D. Presentation and Disclosure
B. Management Assertions
59. During this phase of the audit, the auditor must gain a thorough understanding of the client's business and financial reporting systems. When completing this phase, the auditors review and assess the risks and controls related to the business. A. Tests of Controls B. Substantive Tests C. Audit Completion / Reporting D. Audit Planning
D. Audit Planning
81. This type of processing control test involves a comparison of different items that are expected to have the same values, such s comparing two batches or comparing actual data against a predetermined control total. A. Validation Checks B. Batch Totals C. Run-to-Run Totals D. Balancing Tests
D. Balancing Tests
85X. A process of constant evidence gathering and analysis to provide assurance on the information as soon as it occurs, or shortly thereafter, is referred to as: A. Real-time auditing B. Virtual auditing C. E-auditing D. Continuous auditing
D. Continuous auditing
32. This type of audit is performed by independent auditors who are objective and neutral with respect to the company and the information being audited. A. Compliance Audit B. Operational Audit C. Internal Audit D. External Audit
D. External Audit
90A1. When a company uses cloud computing, the auditor needs to thoroughly understand the underlying technologies and related risks and controls. When evaluating the security risk in a cloud computing environment, the auditor needs to consider all of the following, except: A. What damage would result if an unauthorized user accessed the company's data? B. How does the cloud service provider segregate information between clients? C. How and when are data encrypted? D. How does the cloud service provider handle internal security?
D. How does the cloud service provider handle internal security?
90A2. When a company uses cloud computing, the auditor needs to thoroughly understand the underlying technologies and related risks and controls. When evaluating the availability risk is a cloud computing environment, the auditor needs to consider all which of the following? A. How and when are data encrypted? B. How does the cloud service provider handle internal security? C. What disaster recovery and business continuity plans are in place? D. What damage would result if an unauthorized user accessed the company's data?
D. What damage would result if an unauthorized user accessed the company's data?
40. The advantages of using IT-based accounting systems, where the details of transactions are entered directly into the computer include: A. Computer controls can compensate for the lack of manual controls B. Loss of audit trail view C. Increased internal controls risks D. Fewer opportunities to authorize and review transactions
A. Computer controls can compensate for the lack of manual controls
6X. In an audit of financial statement in accordance with generally accepted auditing standards, an auditor is required to: A. Document the auditor's understanding of the client company's internal controls. B. Search for weaknesses in the operation of the client company's internal controls. C. Perform tests of controls to evaluate the effectiveness of the client company's internal controls. D. Determine wether controls are appropriately operating to prevent or detect material misstatements.
A. Document the auditor's understanding of the client company's internal controls.
18. Generalized audit software can be used to: A. Examine the consistency of data maintained on computer files. B. Perform audit tests of multiple computer files concurrently. C. Verify the processing logic of operating system software. D. Process test data against master files that contain both real and
A. Examine the consistency of data maintained on computer files.
30X. This type of auditor specializes in the information systems assurance, control, and security. They may work for CPA firms, government agencies, or with the internal audit group. A. IT Auditor B. Government Auditor C. Certified Public Accountant D. Internal Auditor
A. IT Auditor
10X. Risk assessment is a process designed to: A. Identify possible circumstances and events that may effect the business. B. Establish policies and procedures to carry out internal controls. C. Identify and capture information in a timely manner. D. Review the quality of internal controls throughout the year.
A. Identify possible circumstances and events that may effect the business.
52X. Although there are a number of organizations that provide detailed guidance, it is still necessary for auditors to rely on other direction regarding the types of audit tests to use and the manner in which the conclusions are drawn. These sources of information include: A. Industry Guidelines B. PCAOB C. ASB D. ASACA
A. Industry Guidelines
83. Regardless of whether the results are printed or retained electronically, auditors may perform all of the following procedures to test application outputs, except: A. Integrated Tests B. Reasonableness Tests C. Audit Trail Tests D. Rounding Errors Tests
A. Integrated Tests
83A1. A detailed report assessing the correctness of an account balance or transaction record that is consistent with supporting documentation and the company's policies and procedures, is termed a(n): A. Integrated test B. Compliance test C. Simulation D. Reconciliation
A. Integrated test
87. This piece of audit evidence is often considered to be the most important because it is a signed acknowledgment of management's responsibility for the fair presentation of the financial statements and a declaration that they have provided complete and accurate information to the auditors during all phases of the audit. A. Letter of Representation B. Audit Report C. Encounter Statement D. Auditors Contract
A. Letter of Representation
Which of the following audit procedures is most likely to be performed during the planning phase of the audit? A. Obtain an understanding of the client's risk assessment process. B. Identify specific internal control activities that are designed to prevent fraud. C. Evaluate the reasonableness of the client's accounting estimates. D. Test the timely cutoff of cash payments and collections.
A. Obtain an understanding of the client's risk assessment process.
19. Independent auditors are generally actively involved in each of the following tasks except: A. Preparation of a client's financial statements and accompanying notes. B. Advising client management as to the applicability of a new accounting standard. C. Proposing adjustments to a client's financial statements. D. Advising client management about the presentation of the financial statements.
A. Preparation of a client's financial statements and accompanying notes.
77. One of the most effective ways a client can protect its computer system is to place physical controls in the computer center. Physical controls include all of the following, except: A. Proper temperature control B. Locks C. Security guards D. Cameras
A. Proper temperature control
61. The likelihood that errors or fraud may occur is referred to as: A. Risk B. Materiality C. Control Tests D. Sampling
A. Risk
91. Because it is not possible to test all transactions and balances, auditors rely on this to choose and test a limited number of items and transactions and then make conclusions about the balance as a whole. A. Sampling B. Materiality C. Compliance D. Substance
A. Sampling
88. Which of the following is a proper description of an auditor report? A. Unqualified opinion - identifies certain exceptions to the clean opinion. B. Adverse opinion - notes that there are material misstatements presented. C. Qualified opinion - states that the auditors believe the financial statements are fairly and consistently presented in accordance with GAAP. D. Unqualified opinion - states that the auditors were not able to reach a conclusion.
B. Adverse opinion - notes that there are material misstatements presented.
28X. This type of audit is completed to determine whether or not the client has prepared and presented its financial statements fairly, in accordance with established financial accounting criteria. A. GAAP Audit B. Financial Statement Audit C. Compliance Audit D. Fair Application Audit
B. Financial Statement Audit
64X. Auditing standards address the importance of understanding both the automated and manual procedures that make up an organization's internal controls and consider how misstatements may occur, including all of the following, except: A. How transactions are entered into the computer B. How financial statement are printed from the computer C. How nonstandard journal entries and adjusting entries are initiated, recorded, and processed. D. How standard journal entries are initiated, recorded, and processed.
B. How financial statement are printed from the computer
60. During the planning phase of the audit, auditors estimate the monetary amounts that are large enough to make a difference in decision making. This amount is referred to as: A. Risk B. Materiality C. Substantive D. Sampling
B. Materiality
5X. Which of the following best describes what is meant by the term "generally accepted auditing standards"? A. Procedures used to gather evidence to support the accuracy of a client's financial statements. B. Measures of the quality of an auditor's conduct carrying out professional responsibilities. C. Professional pronouncements issued by the Auditing Standards Board. D. Rules acknowledged by the accounting profession because of their widespread application.
B. Measures of the quality of an auditor's conduct carrying out professional responsibilities.
92X. All types of auditors must follow guidelines promoting ethical conduct. For financial statement auditors, the PCAOB/AICPA has established a Code of Professional Conduct, commonly called the Code of Ethics, which consists of two sections. Which of the following correctly states the two sections? A. Integrity and responsibility B. Principles and rules C. Objectivity and independence D. Scope and nature
B. Principles and rules
80. IT audit procedures typically include a combination of data accuracy tests where the data processed by computer applications are reviewed for correct dollar amounts or other numerical values. These procedures are referred to as: A. Security controls B. Processing controls C. Input controls D. Output controls
B. Processing controls
44. This organization, established by the Sarbanes-Oxley Act, was organized in 2003 for the purpose of establishing auditing standards for public companies. A. Auditing Standards Board B. Public Company Accounting Oversight Board C. International Audit Practices Committee D. Information Systems Audit and Control Association
B. Public Company Accounting Oversight Board
84. The auditor's test of the accuracy of monetary amounts of transactions and account balances is known as: A. Testing of controls B. Substantive tests C. Compliance tests D. Application tests
B. Substantive tests
58X. Techniques used for gathering evidence include all of the following, except: A. Physical examination of assets or supporting documentation B. Observing activities C. Adequate planning and supervision D. Analyzing financial relationships
C. Adequate planning and supervision
86. This phase of auditing occurs when the auditors evaluate all the evidence that has been accumulated and makes a conclusion based on that evidence. A. Tests of Controls B. Audit Planning C. Audit Completion / Reporting D. Substantive Testing
C. Audit Completion / Reporting
37. The main reasons that it is necessary to study information-based processing and the related audit function include: A. Information users often do not have the time or ability to verify information themselves. B. It may be difficult for decision makers to verify information contained in a computerized accounting system. C. Both of the above. D. Neither of the above.
C. Both of the above.
65X. IT auditors may need to be called in to: A. Consider the effects of computer processing on the audit. B. To assist in testing the automated processes. C. Both of the above. D. None of the above.
C. Both of the above.
50. The general guidelines, known as the generally accepted auditing standards, which include the concepts of adequate planning and supervision, internal control, and evidence relate to the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards
C. Fieldwork Standards
33. The independence of a CPA could be impaired by: A. Having no knowledge of the company or the company management B. By owning stock of a similar company C. Having the ability to influence the client's decisions D. Being married to a stockbroker
C. Having the ability to influence the client's decisions
25. Which of the following is not one of the three primary types of audits? A. Compliance Audits B. Financial Statement Audits C. IT Audits D. Operational Audits
C. IT Audits
93X. The rule in thePCAOB/AICPA Code of Professional Conduct that is referred to as Responsibilities, can be stated as: A. CPAs should act in a way that will serve the public interest, honor the public trust, and demonstrate commitment to professionalism. B. To maintain and broaden public confidence, CPAs should perform their professional duties with the highest sense of integrity. C. In carrying out their professional duties, CPAs should exercise sensitive professional and moral judgments in all their activities. D. CPAs in public practice should observe the principles of the Code of Professional Conduct in determining the scope and nature of services to be provided
C. In carrying out their professional duties, CPAs should exercise sensitive professional and moral
20X. Which of the following is most likely to be an attribute unique to the financial statement audit work of CPAs, compared with work performed by attorneys or practitioners of other business professions? A. Due professional care B. Competence C. Independence D. A complex underlying body of professional knowledge
C. Independence
79X. This type of application control is performed to verify the correctness of information entered into software programs. Auditors are concerned about whether errors are being prevented and detected during this stage of data processing. A. Security controls B. Processing controls C. Input controls D. Output controls
C. Input controls
15. Which of the following computer assisted auditing techniques allows fictitious and real transactions to be processed together without client personnel being aware of the testing process? A. Test data method B. Embedded audit module C. Integrated test facility D. Parallel simulation
C. Integrated test facility
13. The primary objective of compliance testing in a financial statement audit is to determine whether: A. Procedures have been updated regularly. B. Financial statement amounts are accurately stated. C. Internal controls are functioning as designed. D. Collusion is taking place.
C. Internal controls are functioning as designed.
89. When PCs are used for accounting instead of mainframes or client-server system, they face a greater risk of loss due to which of the following: A. Authorized access B. Segregation of duties C. Lack of backup control D. All of the above
C. Lack of backup control
82X. This is one of the computer-assisted audit techniques, related to processing controls, that involves processing company data through a controlled program designed to resemble the company's application. This test is run to find out whether the same results are achieved under different systems. A. Integrated Test Facility B. Embedded Audit Module C. Parallel Simulation D. Test Data Method
C. Parallel Simulation
72. Related audit tests to review the existence and communication of company policies regarding important aspects of IT administrative control include all of the following, except: A. Personal accountability and segregation of incompatible responsibilities B. Job description and clear lines of authority C. Prevention of unauthorized access D. IT systems documentation
C. Prevention of unauthorized access
39. The existence of IT-based business processes, that result in the details of the transactions being entered directly into the computer system, increases the likelihood of the loss or alternation of data due to all of the following, except: A. System Failure B. Database Destruction C. Programmer Incompetence D. Environmental Damage
C. Programmer Incompetence
55X. The management assertion related to valuation of transactions and account balances would include all of the following, except: A. Accurate in terms of dollar amounts and quantities B. Supported by detailed evidence C. Real D. Correctly summarized
C. Real
63. The Accounting Standards Board issued the following SAS in recognition of the fact that accounting records and files often exist in electronic form. The statement was issued in 2001 to expand the historical concept of audit evidence to include electronic evidence. A. SAS 82 B. SAS 86 C. SAS 94 D. SAS 101
C. SAS 94
17. Suppose that during the planning phase of an audit, the auditor determines that weaknesses exist in the client's computerized systems. These weaknesses make the client company susceptible to the risk of an unauthorized break-in. Which type of audit procedures should be emphasized in the remaining phases of this audit? A. Tests of controls B. Penetration tests C. Substantive tests D. Rounding errors tests
C. Substantive tests
68X. The IT auditing approach referred to as "Auditing through the system" is necessary under which of the following conditions? A. Supporting documents are available in both electronic and paper form. B. The auditor does not require evaluation of computer controls. C. The auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of substantive audit testing required. D. The use of the IT system has a low impact on the conduct of the audit.
C. The auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of substantive audit testing required.
24. The main purpose of an audit is to assure users of the financial information about the: A. Effectiveness of the internal controls of the company. B. Selection of the proper GAAP when preparing financial statements. C. Proper application of GAAS during the examination. D. Accuracy and completeness of the information.
D. Accuracy and completeness of the information.
73A2. Destruction of information may occur as a result of: A. Natural disasters B. Accidents C. Environmental conditions D. All of the above
D. All of the above
9X. Which of the following statements regarding an audit program is true? A. An audit program should be standardized so that it may be used on any client engagement. B. The audit program should be completed by the client company before the aud planning stage begins. C. An audit program should be developed by the internal auditor during the audit's completion/reporting phase. D. An audit program establishes responsibility for each audit test by requiring the signature or initials of the auditor who performed the test
D. An audit program establishes responsibility for each audit test by requiring the signature or initials of the auditor who performed the test
57X. The proof of the fairness of the financial information is: A. Tests of Controls B. Substantive Tests C. Audit Completion D. Audit Evidence
D. Audit Evidence
41. The ten standards that provide broad guidelines for an auditor's professional responsibilities are referred to as: A. Generally accepted accounting standards B. General accounting and auditing practices C. Generally accepted auditing practices D. Generally accepted auditing standards
D. Generally accepted auditing standards
47. This organization issues guidelines for conducting the IT audit. The standards issued address practices related to control and security of the IT system. A. Auditing Standards Board B. Public Company Accounting Oversight Board C. International Audit Practices Committee D. Information Systems Audit and Control Association
D. Information Systems Audit and Control Association
46X. This organization was established by the IFAC to set International Standards on Auditing (ISAs) that contribute to the uniform application of auditing practices on a worldwide basis. A. International Systems Audit and Control Association B. Auditing Standards Board C. Public Company Accounting Oversight Board D. International Auditing and Assurance Standards Board (IAASB)
D. International Auditing and Assurance Standards Board (IAASB)
81A1. This law, also known as the first-digit law, was named after a physicist who discovered a specific, but non-uniform pattern in the frequency of digits occurring as the first number in a list of numbers: A. Number-up Law B. Benford's Law C. Adams' Digit Law D. Jackson First Digit Law
D. Jackson First Digit Law
27. This type of audit is completed to assess the operating policies and procedures of a client for efficiency and effectiveness. A. Efficiency Audit B. Effectiveness Audit C. Compliance Audit D. Operational Audit
D. Operational Audit
62. A large part of the work performed by an auditor in the audit planning process is the gathering of evidence about the company's internal controls. This can be completed in any of the following ways, except: A. Interviewing key members of the accounting and IT staff. B. Observing policies and procedures C. Review IT user manuals and systems D. Preparing memos to summarize their findings
D. Preparing memos to summarize their findings
94. This concept means that the auditors should not automatically assume that their clients are honest, but that they (the auditors) must have a questioning mind and a persistent approach to evaluating evidence for possible misstatements. A. Independence B. Integrity C. Due Care D. Professional Skepticism
D. Professional Skepticism
51X. The general guidelines, known as the generally accepted auditing standards, which include the concepts of presentation in accordance with the established criteria, the consistent application of established principles, adequate disclosure, and the expression of an opinion, relate to the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards
D. Reporting Standards
90A3. Which of the following properly describes the listed SOC Report? A. SOC 1 Type 1 Report - Considers controls over compliance and operations B. SOC 1 Type II Report - Contains management's assessment on the operating design of internal controls C. SOC 2 Report - Includes an evaluation of the operating effectiveness of internal controls D. SOC 1 Report - Addresses internal controls over financial reporting.
D. SOC 1 Report - Addresses internal controls over financial reporting.
73A1. These risks tend to escalate as companies embrace newer technologies and allow sensitive data to be shared via smar devices, web and mobile applications, and social networks. A. Input Risks B. Authenticity Risks C. Access Risks D. Security Risks
D. Security Risks
73. Controls meant to prevent the destruction of information as the result of unauthorized access to the IT system are referred to as: A. IT administration B. System controls C. Information administration D. Security controls
D. Security controls
69. Audit procedures designed to evaluate both general controls and application controls are referred to as: A. Substantive Tests B. Audit Planning C. IT Auditing D. Test of Controls
D. Test of Controls
3. Which of the following is not considered a cause for information risk? A. Management's geographic location is far from the source of the information needed to make effective decisions. B. The information is collected and prepared by persons who use the information for very different purposes. C. The information relates to business activities that are not well understood by those who collect and summarize the information for decision makers. D. The information has been tested by internal auditors and a CPA firm.
D. The information has been tested by internal auditors and a CPA firm.
