Chapter 15-Monitoring & Auditing AIS
True or false: A local area network is a group of computers, printers, and other devices connected to the same network and covers a large geographic range such as a city, a county, or a state.
F
True or false: Wide area networks devices include hubs and routers.
FALSE-Wide area networks devices include firewalls and routers.
Select the benefits of using wireless technology. Multiple select question. Secured data transmission using a wireless network Freely setting up or removing wireless networks at different locations Convenient online access without a physical network using cables for connections
Freely setting up or removing wireless networks at different locations Convenient online access without a physical network using cables for connections
One widely used tool in auditing a system is generalized audit software (GAS). GAS is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis. Select the best statement in describing GAS. Multiple choice question. Popular software packages of GAS include Oracle and SAP. GAS provides auditors with an independent means to gain access to various types of data for analysis. GAS refers to software that has the capability to directly read and access data from a couple of specific operating systems such as UNIX and Windows.
GAS provides auditors with an independent means to gain access to various types of data for analysis.
Which of the following frameworks/regulations is most relevant to data governance? Multiple choice question. GDPR COBIT ISO 27001 COSO
GDPR-General Data Protection Regulation is a global standard that provides a strategic vision of how organizations need to ensure data privacy. Wrong: COBIT is a framework for IT governance and controls ISO 27001 ISO 27001 is a set of best practices with a narrow focus on information security; it provides practical advice on how to protect information and reduce cyber threats. COSO COSO is a general framework for internal controls
Select the correct statement regarding the black-box approach in auditing systems. Multiple choice question. It is also called auditing around the computer. Auditors must have detailed knowledge of the systems' internal logic. The systems are often interrupted for auditing purposes.
It is also called auditing around the computer.
What is the black-box approach in auditing systems? Select all statements that apply. Multiple select question. It is to audit around the computer. Auditors must gain detailed knowledge of the systems' internal logic. It is adequate when automated systems applications are relatively simple. The advantage of this approach is that the systems will not be interrupted for auditing purposes.
It is to audit around the computer. It is adequate when automated systems applications are relatively simple. The advantage of this approach is that the systems will not be interrupted for auditing purposes.
What is the white-box approach in auditing systems? Select all statements that apply. Multiple select question. It requires auditors to understand the internal logic of the system/application being tested. Auditors need to create test cases to verify specific logic and controls in a system. The white-box approach is also called auditing around the computer.
It requires auditors to understand the internal logic of the system/application being tested. Auditors need to create test cases to verify specific logic and controls in a system.
A _______ __________ __________ (LAN) is a group of computers, printers, and other devices connected to the same network and covers a limited geographic range such as a home, small office, or a campus building.
Local Area Network
Compare and contrast data warehouses and operational databases. Multiple choice question. Operational databases are updated as transactions are processed and data warehouses are not. The data in a data warehouse are updated when transactions are processed. The data in a data warehouse are volatile because it includes big data.
Operational databases are updated as transactions are processed and data warehouses are not.
True or false: Common benefits of using wireless technology include mobility, rapid deployment, and flexibility and scalability of a network.
T
The operating system (OS) must achieve fundamental control objectives to consistently and reliably perform its functions. Which of the following are the control objectives of the OS? The OS must be user friendly for end users. The OS must protect users from each other. The OS must protect users from themselves. The OS must be protected from itself. The OS must protect itself from users.
The OS must protect users from each other. The OS must protect users from themselves. The OS must be protected from itself. The OS must protect itself from users.
Regarding data transmission security of wireless networks, all access points should be configured with encryption to maintain confidentiality and data integrity. Select correct statements on data transmission security. Multiple select question. The wired equivalent privacy (WEP) algorithm should be used for maintaining confidentiality. The wi-fi protected access (WPA) algorithm can provide effective authentication and encryption for data transmission. All access points should be configured with encryption to maintain confidentiality. A firm should take time to carefully evaluate necessary changes over the default configuration of all access points that have been deployed.
The wi-fi protected access (WPA) algorithm can provide effective authentication and encryption for data transmission. All access points should be configured with encryption to maintain confidentiality.
Identify the main purposes for a wide area network (WAN). (Check all that apply). Multiple select question. To provide remote access to employees or customers To provide corporate access to the Internet To ensure secured access from each office in different cities To link various sites within the firm
To provide remote access to employees or customers To provide corporate access to the Internet To link various sites within the firm
How can a business make a wide area network secure? (Check all that apply). Multiple select question. Use a local area network Use dedicated leased lines Use a virtual private network
Use dedicated leased lines Use a virtual private network
A ______ _______ ______ (VPN) securely connects a firm's WANs by sending/receiving encrypted packets via virtual connections over the public Internet to distant offices, salespeople, and business partners.
Virtual Private Network
In our electronic world, all or most accounting records are stored in a database. A database is: Multiple choice question. a file with big data collected from various sources inside and outside a company a shared collection of logically related data that meets the information needs of a firm a centralized repository that collects data from the beginning of a company's operation until today
a shared collection of logically related data that meets the information needs of a firm
According to the Institute of Internal Auditors' (IIA) professional practice standard, internal auditors must consider the use of computer-________ , technology-based audit tools and other data analysis techniques when conducting internal audits.
assisted
The term "computer-assisted audit techniques (CAATs)" refers to any ________ audit techniques that can be used by an auditor to perform audits or achieve audit objectives.
automated
With _________ auditing, theoretically, an audit report/opinion can be issued simultaneously with, or shortly after, the occurrence of the events under review.
continuous
A ________ __________ occurs when audit-related activities are performed on a continuous basis.
continuous audit
The operating system performs the tasks that enable a computer to operate. It is comprised of system utilities and programs that: Multiple select question. control the flow of multiprogramming. allocate computer resources to users and applications. it is the main function in managing a database. ensure the integrity of the system.
control the flow of multiprogramming. allocate computer resources to users and applications. ensure the integrity of the system.
Online analytical processing (OLAP) is a tool for ______ ________. The typical approaches in OLAP include time series analysis, exception reports, what-if simulations, etc.
data mining
In today's electronic world, most accounting records are stored in a _______________
database
A type of attack called _______ could be described as the attacker passively monitors wireless networks for data, including authentication credentials.
eavesdropping
Computer-assisted audit techniques enable auditors to gather and analyze audit ________ , to test the adequacy and reliability of financial information and internal controls in a computerized environment.
evidence
Management controls are security controls that focus on ______ of risk and information system security.
management
Data _________ is the process of searching for patterns in the data and analyzing these patterns for decision making.
mining
A common security threat, _______ , is that the attacker steals or makes unauthorized use of a service.
misappropriation
The ________ system is the most important system software because it performs the tasks that enable a computer to operate.
operating
Security controls for wireless networks can be categorized into three groups: management, ________, and technical controls.
operational
________________ controls in wireless networks typically include protecting a firm's premises and facilities; preventing and detecting physical security breaches; and providing security training to employees, contractors, or third-party users.
operational
Under the __________ simulation approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results to audit the system.
parallel
In a continuous auditing environment, the focus to evaluate internal controls ranges from control-based financial controls to _________-based operational controls.
risk
In auditing information systems, auditors use parallel __________ to verify the firm's key features or processes. Under this approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results.
simulation
Local area network (LAN) devices include hubs and switches. From a security perspective, _______ provide a significant improvement over _________.
switches hubs
The __________ ___________ technique uses a set of input data to validate system integrity in auditing a system. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.
test data
One important operating system control is to protect the OS from _______ applications, which must not be able to gain control of or damage the operating system.
user
To audit a system, auditors use the test data technique to __________ system integrity. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.
validate
A data ________ is a centralized collection of firm-wide data for a relatively long period of time.
warehouse
The data in a data __________ are pulled periodically from each of the operational databases (ranging from a couple of times a day to once a year) and often maintained for 5 to 10 years.
warehouse
To use the _________-box approach to audit systems, auditors need to understand the internal logic of the system/application being tested.
white
A _______ ________ network (WAN) links different sites together; transmits information across geographically dispersed networks; and covers a broad geographic area such as a city, region, nation, or an international link.
wide area
hich of the statements below best defines an embedded audit module? Multiple choice question. A module in which the auditors create fictitious situations and perform a wide variety of tests over the system. A parallel simulation module that uses a set of input data to validate system integrity. A test data technique that enables test data to be continually evaluated during the normal operation of a system. A programmed module added to the system so that the auditors can monitor and collect data over online transactions.
A programmed module added to the system so that the auditors can monitor and collect data over online transactions.
A wireless network is comprised of two fundamental architectural components: _______ points and _________.
Access & Stations
Management controls are security controls that focus on management of risk and information system security. Give examples of management controls in wireless networks. Multiple select question. Assigning roles and responsibilities of end users Creating policies and procedures regarding security issues Preventing and detecting physical security breaches Conducting risk assessment regarding security issues
Assigning roles and responsibilities of end users Creating policies and procedures regarding security issues Conducting risk assessment regarding security issues
Technical controls of wireless networks are security controls which that are primarily implemented and executed through mechanisms contained in computing-related equipment such as ________ ________(AP) management and encryption setup.
Blank 1: access Blank 2: point or points
Auditors often use CAATs for tests of details of transactions and balances, _________ ________ procedures, compliance tests of IT general and application controls, operation system and network vulnerability assessments, etc.
Blank 1: analytical Blank 2: review
When a firm considers whether or not to implement continuous auditing, it should first evaluate the overall _______ and _________of having continuous auditing as part of the firm's overall governance, risk, and compliance (GRC) effort.
Blank 1: benefit or benefits Blank 2: cost or costs
General security objectives for both wired LANs and wireless LANs include: ____ , ______ , ______ , and access control.
Blank 1: confidentiality Blank 2: integrity Blank 3: availability
The audit activities related to continuous auditing range from continuous ________ assessment to continuous assessment ________ .
Blank 1: control or controls Blank 2: risk
The ___________ ____________ module is a programmed audit module that is added to the system under review. Hence, the auditors can monitor and collect data over online transactions. The collected data are analyzed by auditors in evaluating control risks and effectiveness.
Blank 1: embedded Blank 2: audit
During the course of an audit, the IS auditor should obtain sufficient, reliable, and relevant ___________ to achieve the audit objectives. The audit findings and conclusions are to be supported by appropriate analysis and interpretation of this ___________.
Blank 1: evidence Blank 2: evidence
Data governance is the convergence of which of the following items? Multiple select question. Risk management on data Data accuracy of financial statements Data quality, data management, and data policies Business process management on data
Business process management on data Data quality, data management, and data policies Risk management on data
Select relevant technologies in performing continuous auditing. Multiple select question. CAATs XML and XBRL Data analytics and/or data mining OS, LANs, and WANs
CAATs XML and XBRL Data analytics and/or data mining
