Internal Controls Midterm (Ch. 1 & 3)
Which of the following was created to respond to the increasing global business environment and address the need to compare financial statements prepared in different countries? A) International Financial Reporting Standards (IFRS) B) International Accounting Standards Board (IASB) C) Generally Accepted Auditing Standards (GAAS) D) Financial Accounting Standards Board (FASB)
A
Which of the items below are a part of TSPC's (Trust Services Principles and Criteria) Framework? A) Security, Availability, Privacy B) Security, Accuracy, Confidentiality C) Accuracy, Confidentiality, Privacy D) Accuracy, Observation, Privacy
A
Which one of the following is NOT describing IT Auditing? A) It is composed of people, process, and IS B) Formal and independent C) Objective examination of an organization's IT infrastructure D) Assessment of information security, confidentiality, privacy, and availability issues which can put the organization at risk
A
While cloud computing enabled on demand network access to large amount of data , it also: A) Exposed sensitive information to risk of unauthorized access B) It is not an attractive model because it is not a flexible service C) It is too expensive and hard to implement
A
Why is having an IT audit function so important today? A) Human errors are too common and that technology will be a better replacement B) IT provides a better help with financial statement audit C) People depend more on technology and the informationD) The use of IT helps with achieving the organization's goals and objectives easier
A
Which statement(s) below about audit scope are incorrect? a. Example of areas the scope of an audit reviews are relevant financial applications, databases, and networks. b. It is not necessary to state general control are BUT should further state the control objectives and control activities. c. Includes the critical business process to justify the relevance of the application. d. Names of the financial applications and databases should be described along with their hosting information.
B
IT Audit became an integral part of the audit function because: A) Auditors need to ensure that adequate internal controls are in place B) It supports the auditor's judgment on quality and integrity of the financial statements C) Required by the SEC for all companies D) Auditors need to know what employees are able to modify financial records
B
Still assuming the above scenario (You found an ineffective control on a financial application, and now you need to find out the materiality of the issue. What type of tests would be most beneficial? A. Compliance testing B. Substantive testing C. Test of Controls D. Risk Testing
B
The Ultimate responsibility for internal control lies with: A: The finance department B. Senior management C. The IS Auditor D. The risk management department.
B
The results or findings from an IT audit typically determine: A) The inventory of all potential audit areas within an organization. B) The amount of substantive tests that will be performed by the financial auditors. C) The audit schedule D) Impact analysis
B
This integrated software is used throughout the organization and provides standard business functionality for things such as human resources or financial resource management: A) Cloud Computing B) ERP C) Mobile Device Management D) AI E) Information Systems
B
What choice below best describes the relationship between IS (Information Systems) and IT (Information Technology)? A) IS is a component of IT B) IT is a component of IS C) IT and IS are unrelated D) IT is just a synonym for IS
B
What is the corresponding entity of AICPA in the case of IT governance and audit? A) COBIT B) ISACA C) CISA D) IFAC
B
What is the framework for IT governance and management called? A) ISACA B) COBIT C) GAAP D) GAAS
B
Which of the following activities is most likely a daily routine for an internal auditor in a private enterprise? A) Travels to a client's site and evaluates the effectiveness of its internal control for a paid engagement B) Meets with the Chief Audit Executive (CAE) to discuss the application of a recent authorized control D) Prepares for a presentation addressing potential acquisition targets D) Works in the IT department and answers inquiries from customers
B
Which of the following is true about IT audits to support financial statement audits? a. If IT controls are found to be in place and operating properly, the financial auditor's work would most likely to be less on the entire part of the audit b. If IT audit finds that IT controls are not operating effectively, the financial auditor should perform a higher amount of substantive testing c. Results of an IT audit over financial applications have an indirect bearing on the substantive testing performed by the financial auditor d. The common objective for IT audits is to support the internal control valuation of a firm
B
Which of the following statement about IT Audit is NOT TRUE? A) IT auditors need to assess the organization's exposures. B) IS (Information Systems) is a subset of IT. C) IT auditors examine overall business and financial controls that involve information technology systems. D) IT audit has changed the auditing profession.
B
Which of the following statements about IT Audit is WRONG? A) IS management is a contributing components to IT Audit, providing necessary methodologies to achieve successful design and implementation of systems. B) Auditors primary role is to ensure adequate internal controls are in place. C) IT Audit supports auditor's judgement on the quality of information processed by computer systems. D) To address the new risks associated with rapidly changing technology is one of the reasons for having an IT Audit.
B
Which of the following statements about elements of AIS (Accounting Information Systems): inputs and outputs, are true? A) Inputs should be paper-based; outputs should be electronic. B) If inputs are electronic, outputs could be either paper-based or electronic. C) Outputs should be paper-based; inputs should be electronic. D) If inputs are paper-based, outputs should also be paper-based.
B
Which of these are reasons to have an IT audit. Please select all that are applicable. A) To replace the cost and time of doing financial statement audits. B) To audit large amounts of data. C) To have absolute assurance that the information generated by applications within the organization is accurate and complete. D) To control and monitor the rise of corporate hackers. E) To control the access of the organization's networks from office and remote computers.
B
Which of these is not a strong information security policy for businesses? A- effective password policy B- verbal communications only for violations C- specifying required security features D- specific guidelines for external communications and networks
B
Which one of the following is an application control? A) When company equipment has a system failure, there will be error messages on monitor. B) When an employee inputs data into the system for a transaction, the program will automatically check the validity of the input. C) Managers and programmers have separation of duties. D) The company keeps a log of the system operation in order to detect abnormalities.
B
Which one of the following is not true regarding internal and external auditors? A) Internal auditors mainly work for the management, while external auditors mainly work for the shareholders B) Both internal auditors and external auditors work independently of the company. C) Internal auditors do not have to be CPAs, while external auditors do. D) Internal auditors conduct audit throughout the year, while external auditors do a single annual audit.
B
Which role of an IT auditor can verify that all alternatives for a given project have been considered, all risks have been accurately assessed, solutions on the technical hardware and software are correct, business needs will be met/satisfied, and costs are reasonable? A) Counselor B) Partner of Senior Management C) Investigator D) None of the above
B
How do Application Controls rely on General Controls? A) Application Controls have nothing to do with General Controls. B) A company can rely on Application Controls in absence of General Controls. C) A company can rely on Application Controls if General Controls are good. D) A company can rely on Application Controls if General Controls are weak.
C
Which of the following statements about internal and external audits is not true? A) Internal audit departments are typically led by a Chief Audit Executive. B) External auditors are provided by public accounting firms such as the "Big Four." C) Internal auditors usually provide an opinion on the financial statements. D) External audit reports are used by stakeholders such as the investors.
C
Which of the following statements is false about the relationship between technologies and business? a. The current business environment gives new opportunities to auditors. b. People who do fraud activities might have new opportunities due to the technology expanding. c. Technology can help businesses do things in a more accurate way but not in a more efficient way. d. Usually, a business that has a good technology system can gain a competitive advantage over its competitors.
C
Which of the following is the most important aspect of planning an audit? A. Identify high-risk processes B. Identifying the experience and capabilities of audit staff C. Identifying control testing procedure of the audit D. Determining the audit schedule
A
2. Which of the following will improve a company's processing integrity? A) The company approves an update to their computers' OS, allowing for faster data transfers B) The company agrees to let its systems go under routine maintenance every other Sunday at 3:00am EST. C) A new database has been entered into the company's cloud storage, which is only accessible by five members of the company. D) A and B E) A and C
A
According to ISACA which list of people is COBIT 5 the most helpful for? A) Managers, executives and auditors B) Investors and shareholders C) Lower level employees with their duties D) Board of directors
A
According to Otero's Information Technology Control and Audit, which of the following is NOT a characteristic of the IT audit profession? A: Educational curricula - specifically a focus on business law B: Certification - specifically CISA C: Continuing education D: Common body of knowledge - including management concepts and practice
A
An entrepreneur cares about risks because, A. The concept of availability B. Access and security C. Effectiveness of intelligent management system D. Liability and responsibility
A
Assume that you are performing an IT audit, and want to understand the general controls. Which of the following is most likely a control that the company would have over the IS operations? A. Job monitoring and track exceptions to completion B. check the mathematical accuracy records C. Network infrastructure monitoring D. Validity check
A
Assume you found an ineffective control on a financial application, and now you need to find out the materiality of the issue. What would be the most likely goal as the IT auditor? A. Determine if information is accurate and complete B. Determine if organization is utilizing applicable internal policies C. Determine if organization is adhering to industry guidelines and best practices D. Determine if organization is following federal regulations
A
GAAS rules were established to provide auditors with guidelines and procedures for their audit examination. Why were SAS series then publicized subsequently? A) To provide supplemental procedural guidance. B) To respond to the increasing global business environment and address the need to compare financial statements prepared in different countries. C) To create standards of auditing field work such as planning and evaluations of internal controls D) To create standards of reporting, such as having adequate disclosures.
A
The issue of "due professional care" has come to the forefront of audit community because of: A) Poor management B) The fast growth of cloud computing C) White-collar crime D) The fast growth of Mobile device management
A
What is not one of the effects that IT has had on the business environment over the years? a. Cloud computing has made barriers to entry higher b. Businesses are placing greater focus on IT governance c. Information theft and computer fraud are becoming more prevalent d. Organizations are relying more heavily on technology in order to be competitive
A
Which of the following is NOT the purpose of IT Governance framework? A) Business Management B) Strategic Alignment C) Risk Management D) Value Delivery
A
Which of the following is NOT true for a General Computer Controls Audit? (a) It is often referred to as "automated controls" since it is concerned with general computer functions (b) Covers controls over the IT infrastructure and support services including all systems and applications (c) Commonly include controls over IS operations, information security and change control management (d) Can relate to policies and procedures in addition to computer controls.
A
Which of the following is a advantage that could most likely accrue to an entity that institutes an IT governance program a. ensuring that business investment in IT is maximized b. requiring that all employees have a role in understanding the impacts of IT on business operations c. eliminating a wide spectrum of threats completely and at a lowest cost d. ensuring that a system delivers only the most reliable and secure information
A
Which of the following is an incorrect reason for implementing an IT governance program? A. Decreasing dependence on information and the systems that deliver the information. B. Increasing vulnerabilities and a wide spectrum of threats. C. Scale and cost of current and future investments in information and IS. D. Potential for technologies to dramatically change organizations and business practices to create new opportunities and reduce costs.
A
Which of the following is not the role of an internal auditor? A) the internal auditor is responsible for testing the reliability of client IT systems B) The internal auditor must remain independent and objective C) the internal auditor is responsible for assuring that management-authorized controls are being applied effectively D) The head of the internal audit department reports directly to the Audit Committee
A
Which of the following is the best explanation for the direct impact that the IT audit has on the financial statement audit? A. An IT audit is performed and has identified that the controls are in place and operate effectively, thus the financial auditor will be able to do less work (substantive tests) for that particular part of the audit. B. An IT audit is performed and has identified that the controls are in place and operate effectively, thus the financial auditor will be able to do more work for that particular part of the audit. C. An IT audit is performed and has identified that the controls are in place and are not operating effectively, thus the financial auditor will be able to do less work (substantive tests) for that particular part of the audit. D. An IT audit is performed and has identified that no controls are in place in order to protect the financial application, thus the financial auditor will need to perform less substantive tests
A
1. Which of the following is not one of the goals of IT auditing? a. Determine whether an organization's IT infrastructure operates effectively and efficiently to achieve the organization's objectives b. Provide absolute assurance that the information generated by applications within an organization are complete and accurate c. Determine whether IT activities comply with relevant guidelines d. Conduct an independent examination of an organization's IT infrastructure
B
According to Otero's Information Technology Control and Audit, which of the following is a way to identify the risks surrounding financial applications? a. Inquiries of low level employees b. Completion of insurance policy checklists c. Review of corporate governance structure d. Consider the costs associated with implementing controls and the impact on users
B
All of the following are examples of general controls EXCEPT: A) Offsite storage B) Validating data input C) Application and database upgrades D) Access requests
B
An accounts receivables clerk recording a $15,000 check from customer XYZ into Quickbooks is an example of which IT component? A) Storing data B) Inputting data C) Transmitting data D) Processing data
B
ERP (Enterprise Resource Planning) improves functionality in an integrated IT system. What are two functionality processes are improved by the rise of ERPs? (Ch. 1, pg 4) a. accounting and consistency b. consistency and accuracy c. storage and control processes d. accuracy and security
B
ERPs allow multiple functions to access a common database, as a result A) Storage cost increase B) Enormous amount of programing might be needed to retrofit all the organization-specific code. C) Consistency will be low D) Accuracy of date will be low
B
Given the choices below, choose all the ones that are included in the audit universe? i. Organization objectives ii. Key business processes that support an organization's objectives iii. Deciding adequate levels of security and controls iv. Specific audit objectives v. Monitors overall management's performance vi. Controls that mitigate the risks a. i, ii, iii, and vi b. i, ii, iii, iv, v, and vi c. i, ii, iv, and vi d. ii, v, and vi
B
According to Otero's Information Technology Control and Audit, which of the following is NOT a key reason for initiating an IT audit? A: Increased dependence on the information output of an organization B: Increased changes, and thereby increased risk, associated with technological advancements C: Increased need for verification of appropriate IT security standards given the heightened threats to information security D: Increased need for support of financial statement audits
C
Brittney recorded journal entries using a box of sales invoices. She used those entries and others to prepare an income statement that was later reviewed by her supervisor. The supervisor's review could best be described as which element of AIS (Accounting Information Systems)? A) Process B) Output C) Control D) Input
C
In assessing an entity's computer system controls relevant to an audit, an IT auditor should consider an organization's operation as a business because a. management might implement controls whose compliance with them is not enforced b. the entity's controls might operate effectively, but have high costs c. risks of alternative projects might exceed benefits d. the design of the technical software and hardware solutions may need to be verified for efficiency
C
In the financial statement audit, what should the IT auditors most focus on? A. The security of operating system B. Testing whether access of programmers is adequate C. Checking whether controls are implemented to detect, prevent or correct a material misstatement D. Observing, interviewing and inspecting existing documentation and flow charting, among others
C
The Lamicall company is looking to hire an IT Auditor. What benefit will Lamicall have by hiring an IT Auditor? A) The IT Auditor will work independently with his personal computer to reduce need of communication with other auditors. B) The role of an IT Auditor will replace the need for internal and external auditors, which will help company to save money. C) The IT Auditor will formally gather information to determine if the company operates effectively and efficiently while maintaining data integrity to achieve the organization's goals. D) The IT Auditor will informally gather information to determine if the company operates effectively and efficiently while maintaining data integrity to achieve the organization's goals.
C
The advantages of an Enterprise Resource Planning (ERP) systems include all of the following, except A) Integrates and automates many business processes and systems B) Can provide vital information quickly to managers across an organization C) Increases customer satisfaction and revenue D) Reduces storage costs and increases consistency and accuracy of data
C
The basic rules governing financial audit opinions indicate the scope of an audit covers: A) All accounting records D) All accounting records and internal control C) All equipment and procedures used in processing significant data D) All procedures used in processing accounting record
C
There are two broad groupings of IT audits: General Controls and Application Controls. General Controls include: A. Controls designed to secure that all input data have been properly authorized. B. Controls designed to ensure that only authorized users get output from processing. C. Controls for acquiring, developing, and maintaining computer programs. D. Controls for correcting and resubmitting inaccurate data.
C
What procedures IT auditors perform in order to test controls, processes, and exposures? I) Examining documentary evidence II) Corroborating interview III) Determining the accuracy and completeness of the information IV) Inspection of documentation V) Personal observation A. I, II, III B. I, II, IV C. I, II, IV, V D. III, IV, V E. All of the above
C
What would a business not decide to have IT audits? A. To mitigate IT risks through testing controls B. To increase dependence on information C. support internal audit functions D. To audit more than just 'around the computer'
C
Which of the following descriptions about the role of IT auditors is FALSE? A) To make sure that the information is reliable B) Safeguarding the information C) Preparing and reviewing working papers of audit testing D) Reviewing the system to ensure efficiency and effectiveness
C
Which of the following does relates to Principle 4 in COBIT 5? i. Recognizes that people, skills, and competencies are required for successful completion of all activities ii. Promotes good culture, ethics, and behavior in the organization iii. Evaluates the needs of their stakeholders to identify objectives iv. Implements processes to achieve overall IT-related goals and objectives A) i., iii. B) ii., iv. C) i., ii., iv. D) i., ii., iii., iv.
C
Which of the following is NOT an example of General Computer Controls Audit? A. Examining the company's data backups and offsite storage plan B. Reviewing the procedures for data access requests and access terminations C. Checking the mathematical accuracy of records D. Reviewing application and database upgrades approvals
C
Which of the following is NOT an example of good information policy? A) Define access rights and privileges by providing acceptable use guidelines for each user B) Require that violations be recorded C) Limit communication with external networks D) Establish a safe and effective password policy for all users
C
Which of the following is NOT the role of IT auditor? a. To convince uses and IT personnel of the need for a controlled IT environment b. To assess the effect of IT decisions on the business independently c. To audit the firm's system with the traditional auditing guideline d. To capture and document computer-generated information related to criminal activity
C
Which of the following is NOT true regarding the Internal Audit Function? A) Internal Auditing is known as an independent, objective assurance and consulting activity to add value and improve an organization's operations. B) Internal Audit departments are typically led by a Chief Audit Executive (CAE) who directly reports to the Audit Committee of the Board of Directors C) Internal Auditors are provided by public accounting firms and is responsible for testing the reliability of client IT systems. D) The IA Function's primary purpose is to assure management-authorized controls are being applied effectively.
C
Which of the following is Not a characteristic of an information security policy? A. To establish trust through an effective password policy B. To provide guidelines for external communications, to provide users with support information, and to require violations to be recorded C. To support business goals, maximize business investment, and manage IT-related risks. D. To define "reasonable expectations" of privacy and access rights and privileges and protecting assets from losses or damage
C
Which of the following is the least likely reason for a company implementing an IT governance program? A) There are increasing susceptibilities and a diverse range of threats B) Supports business goals and maximizes business investments in IT C) To support financial statements audit D) Potential for technologies to change organizations and business practices to create new opportunities and reduce costs.
C
Which of the following is NOT an example of general controls? a. Job monitoring and tracking of exceptions to completion b. Use account administration, and access terminations c. Application and database upgrades d. Performing numerical sequence checks
D
Which of the following would least likely be a difference between an audit program and internal control questionnaire (ICQ)? A. The internal control questionnaire contains questions in order to evaluate the design of the internal control system. B. The audit program is a formal plan to review and test the significant audit subject areas that are disclosed during the fact gathering process. C. The internal control questionnaire includes specific procedures to test the responses received from questions to substantiate the controls identified to be in place and working as anticipated by management. D. The internal control questionnaire checks if controls have been implemented and are able to detect, prevent, or correct a material misstatement.
C
Which of these poses an IT Risk? I. Data is archived in back-ups outside the main company's computers II. A user has access to databases outside their normal job function III. A developer for the latest version of the database program is being cut loose by the end of the month due to budget cuts. a. I b. III only c. II and III d. I and III e. All of the above
C
Which one of the following technologies in today's IT Environment may need a software release? A) Internet of Things (IoT) B) Cloud Computing C) Enterprise Resource Planning (ERP) D) Mobile Device Management (MDM)
C
Which of the following is NOT part of the risk assessment process? a. Likelihood determination b. Impact analysis c. Control recommendations d. Comprehensive understanding
D
According to Otero's Information Technology Control and Audit, for application systems that process significant financial data, which of the following is not an item of evidential matter the IT auditor would seek to collect? a. Narratives or overview flowcharts of the financial application b. Controls in place supporting the areas of information systems operations c. Controls in place supporting the area of change control management d. None of the above.
D
Company X is considering the implementation of cloud computing. Which of the following are most likely characteristics of cloud computing that would positively influence your decision to use this technology in your business model? I. Implementing cloud computing will enable company X to make better decisions. Not only will company X be able to gain a more accurate understanding of assets, due to the communication of information on location, but also in maximizing its productivity. II. Even though internet connectivity in unstable for company X and some employees at remote locations, the access to the Cloud would be more readily available. III. A security threat enters the shared infrastructure that contains sensitive information. IV. By utilizing cloud computing, your business will be able to cut cost in the initial investment, because no physical hardware would need to be purchased. A. Only I B. I,II, IV C.I,II,III, IV D. Only IV
D
In a financial statement audit, what do IT auditors mostly focus on? A) The correctness of data entered B) The type of software used C) The number of inputs D) The materiality of configuration
D
The EQUA company is hiring a new internal auditor. EQUA company should reasonably expect from a new internal auditor all of the following except: A) The auditor will monitor the company's systems B) The auditor will report findings to management C) The auditor will complete test work through the year D) The auditor will offer an opinion on the Financial Statements
D
There are two groupings of IT audits, General computer controls and application controls. Which of the following about general controls and application controls is Not correct? A. The general controls include controls over information system operation, information security, and change control management B. The application control is referred to as "automated controls", which focus on the accuracy, validity, and authorization of the data captured, processed, transmitted, and reported. C. The general controls provide a "protective shield" against the risks. D. The application controls address activities such as data backups, application and databases upgrades, and network infrastructure monitoring.
D
What aspect(s) do IT Auditors need to focus on? a. Whether a company system is safe and secure and operating in an efficient way. b. Whether a company data is complete and following the standards. c. Whether each entry on the Financial Statements correctly follows the standards. d. a&b.
D
What does it mean to have IT auditor as "counselor" ? A) Specifying required security features B) Requiring violations to be recorded C) Establishing trust through an effective password policy D) Providing technical support to senior managements
D
What is the most reasonable explanation for having an IT audit? A. SOX requires the assessment of internal controls and makes it mandatory for SEC registrants. B. To support financial statement audits. C. To control the easy access to organization networks from office and remote personal computers. D. To address the rapidly changing technology and new risks associated with such technology.
D
What is unique about the job description of an IT auditor as an investigator that isn't seen in other IT auditor roles? (i.e., Counselor, Partner of Senior Management, etc.) [Ch. 1, pg 19-21] a. communicates with computer personnel on how to create an effective system to meet the company's business needs b. research through user groups how to improve the computer and security systems c. using technical skills to understand information processing d. collaborates with forensics to create more stable and robust software to assist in computer-related crime
D
What would NOT be an example of IT auditing? A) Finding and alerting management to a financial data leak B) Confirming that an automated system process is working correctly for a reliable financial data for both management and outside investors C) Checking that supplied personal mobile devices are protected by adequate cyber security controls D) Checking that the physical key to the physical safe with cash inside is safeguarded by an adequate physical control. For example, the physical key must be maintained and logged by a designated person at all times
D
Which of the following can be a role of IT auditors? A) Counselor B) Partner of Senior Management C) Investigator D) All of the above
D
Which of the following is a reasonable statement about the relationship between IT and audit nowadays? A) The improvement of computer science and the general adoption of advanced IT systems in the business have significantly increased the efficiency of an auditor's work in all circumstances B) Auditors have no incentives to understand how the IT function of a company works as long as their accounting and audit skills are solid C) Since the IT system is free from human errors and runs itself by a fixed algorithm, the influence of auditors has been minimized when it comes to internal control D) IT auditors who provide technical assistance to audit staff has been playing a more and more important role
D
Which of the following is an example of the Preliminary Review phase in an audit? A) Perform an Internal Control Questionnaire (ICQ) B) Perform corroborating interviews C) Delineate the overall approach of the audit and what will be accomplished, the budget, and the time it will take to perform the audit D) The auditor interviews key personnel to understand the client's policies and practices and gains a general level understanding of the company
D
Which of the following is an incorrect reason for using a Mobile Device Management (MDM)? A. to manage and administer mobile devices provided to employees as part of their work responsibilities. B. to integrate well within the organization and are implemented to comply with organization policies and procedures. C. to protect corporate information and configuration settings for all mobile devices within the organization. D. to reduce information asymmetries within the organization.
D
Which of the following is incorrect about the Enterprise Resource Planning (ERP)? A. ERP is a software that provides standard business functionality in an integrated IT environment system. B. ERPs allow multiple functions to access a common database - reducing storage costs and increasing consistency and accuracy of data from a single source. C. ERPs have standard methods in place for automating processes. D. ERPs cannot be modified once the license is purchased from suppliers.
D
Which of the following is incorrect about the role of the IT Auditor? A. IT auditors evaluating today's complex systems must have highly developed technical skills to understand the evolving methods of information processing. B. IT auditors assess the organization's exposure to IT-related risks and design controls associated with the use of technology. C. IT auditors must be able to evaluate the relevance of a particular computerized system to the enterprise as a whole. D. IT auditors serve as a counselor for controlling computer systems and information security policy, but not as an investigator performing forensic support work.
D
Which of the following is not an example of Application Controls Audit? A. Performing numerical sequence checks B. General and specific authorization of transactions C. Monthly reconciliation of subsidiary records D. Application system acquisition, development and maintenance
D
Which of the following is not likely to be included in an IT audit plan to support a financial statement audit? A. List the audit objectives and describe the context B. Schedules of the work the auditor performed C. Create the audit budget and define scope D. Assessing the risk associated with IT auditors' engagement
D
Which of the following statement is incorrect about IT Auditing? A. IT auditors should be familiar with the company's IT policies ad operations before their IT audits and examinations. B. Auditors sometimes have limited access to audit relevant Big Data. C. Conventional and manual techniques may not be adequate for auditors when computer applications are involved. D. IT auditing provides absolute assurance that the information generated by the applications within the company is accurate and complete.
D
Which of the following statement(s) correctly describe the principles outlined by the "Trust Services Principles and Criteria" for use by practitioners when assessing controls? i. Confidentiality: Information designated as confidential is protected as committed or agreed ii. Availability: The system is available for operating and use as committed or agreed iii. Professional Competence: Possess knowledge and technical expertise to understand the information provided iv. Objectivity: Information provided if free of biases, compromises and conflict of interest v. Processing Integrity: System processing is complete, accurate, timely and authorized A) i and ii B) i, iv and v C) i, ii, iv and v D) i, ii and v
D
Which of the following statements about IT auditing is correct? A) There are two groups of IT auditing, which are general controls and application controls. General controls apply to all processing transactions. B) IT auditing provides absolute assurance that the information generated by applications within the organization is accurate. C) The ISACA is responsible for updating and maintaining the Trust Services Principles Criteria (TSPC). D) The Control Objectives for Information and Related Technology (COBIT) is not only a national but an international set of generally accepted IT practices.
D
Which of the following step is NOT included in the Audit Plan: A. List the audit objectives and describe the context B. Create the audit budget and defines the scope C. Develop the audit schedule D. Review and test each significant audit subject are disclosed during fact gathering E. All of the above
D
Which of the following would NOT be a top reason for implementing an IT governance program? (a) Increasing dependence on information and systems that deliver information (b) Growing number of vulnerabilities and threats (c) Potential for technology to dramatically change organizations and business practices (d) Complimenting financial statement audits
D
Which of these is NOT a step in the COBIT 5 framework? a. Covering the enterprise end-to-end b. Meeting the stakeholder needs c. Separating governance from management d. None of the above
D
StarkX is a highly innovative technology company. Due to the nature of its core business, it values the security of its information and invests heavily into its IT control. Employees can only gain access to the information that is classified at their corresponding level unless receiving authorization from a supervisor. Backups of the system are performed on a weekly basis. What key business process(es) is mentioned above? A) Access Control Management B) Change Control Management C) Management of Data Center, Network, and Support D) Both A and B E) Both A and C
E
Which option below is NOT an example of the theories and methodologies IT auditing is integrated from? A) Contribute knowledge about control theory and models that underlie hardware and software designs as a basis for maintaining data integrity. B) Sharing reasons as to why IT will/could fail because of people and not technology itself. C) Organizations understanding all aspects of a business because it is key to the audit process. D) Provide knowledge on internal control practices and overall control theories in an organization. E) Focus on strategic alignment between IT and enterprise objectives
E
An IT auditor never crosses into a financial auditor's area of responsibility, that of which is related to financial materiality True or False
False
