The internal audit department wrote some scripts that are used for continuous auditing of some information systems. The IT department asked for copies of the scripts so that they can use them for setting up a continuous monitoring process on key systems. Does sharing these scripts with IT affect the
ability of the IS auditors to independently and objectively audit the IT function? A. Sharing the scripts is not permitted because it gives IT the ability to pre-audit systems and avoid an accurate, comprehensive audit. C. Sharing the scripts is permissible if IT recognizes that audits may still be conducted in areas not covered in the scripts. Which of the following is the BEST factor for determining the required extent of data collection during the planning phase of an IS compliance audit? A. Complexity of the organization's operation C. Purpose, objective and scope of the audit An IS auditor is developing an audit plan for an environment that includes new systems. The organization's management wants the IS auditor to focus on recently implemented systems. How should the IS auditor respond? A. Audit the new systems as requested by management C. Determine the highest-risk systems and plan accordingly. An IS auditor is reviewing security controls for a
critical web-based system prior to implementation. The results of the penetration test are inconclusive, and the results will not be finalized prior to implementation. Which of the following is the BEST option for the IS auditor? A. Publish a report based on the available information, highlighting the potential security weaknesses and the requirement for follow-up audit testing. A. Publish a report based on the available information, highlighting the potential security weaknesses and
the requirement for follow-up audit testing. Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated? A. Overlapping controls Which of the following is the key benefit of a control self-assessment? A. Management ownership of the internal controls supporting business objectives is reinforced. A. Management ownership of the internal controls supporting business objectives is reinforced. What is the PRIMARY requirement that a data mining and auditing software tool should meet? The software tool should: A. interface with various types of enterprise resource planning software and databases B. accurately capture data from the organization's system without causing excessive performance problems. A long-term IT employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be PRIMARILY based on the individual's experience and: A. length of service, because this will help ensure technical competence D. ability, as an IS auditor, to be independent of existing IT relationships. For a retail business with a large volume of transactions, which of the following audit techniques is the MOST appropriate for addressing emerging risk? A. Use of computer-assisted audit techniques An IS auditor is reviewing access to an application to determine whether recently added accounts were appropriately authorized. This is an example of: A. variable sampling The decisions and actions of an IS auditor are MOST likely to affect which of the following types of risk? A. Inherent Which of the following is the MOST critical step when planning an IS audit? A. Review findings from prior audits D. Perform a risk assessment An IS auditor is reviewing a software application that is built on the principles of service-oriented architecture. What is the INITIAL step? A. Understanding services and their allocation to business processes by reviewing the service repository documentation A. Understanding services and their allocation to business processes by reviewing the service repository documentation An IS auditor conducting s review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take? A. Delete all copies of the unauthorized software. C. Report the use of the unauthorized software and the need to prevent recurrence. An audit charter should: A. be dynamic and change to coincide with the changing nature of technology and the audit profession. D. outline the overall authority, scope and responsibilities of the audit function. An IS auditor finds a small number of user access requests that were not authorized by managers through normal predefined workflow steps and escalation rules, The IS auditor should: A. perform an additional analysis. A. perform an additional analysis. Which of the following sampling methods is MOST useful when testing for compliance? A. Attribute sampling When testing program change requests for a remote system, an IS auditor finds that the number of changes available for sampling does not provide a reasonable level of assurance. What is the MOST appropriate action for the IS auditor to take? A. Develop an alternative testing procedure. A. Develop an alternative testing procedure. Which of the following situations could impair the independence of an IS auditor? The IS auditor: A. implemented specific functionality during the development of an application. A. implemented specific functionality during the development of an application. The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. allows the IS auditor to review and follow up on audit issues in a timely manner. Which of the following would impair the independence of a quality assurance team? A. Ensuring compliance with development methods C. Correcting coding errors during the testing process. In planning an IS audit, the MOST critical step is the identification of the: A. areas of significant risk A. areas of significant risk The MOST effective audit practices to determine whether the operational effectiveness of controls is properly applied to transaction processing is: A. control design testing. The extent to which data will be collected during an IS audit should be determined based on the: A. Availability of critical and required information. D. Purpose and scope of the audit being done. While planning an IS audit, an assessment of risk should be made to provide: A. reasonable assurance that the audit will cover material items. A. reasonable assurance that the audit will cover material items. What is the primary requirement that a data mining and auditing software?An IS auditor is evaluating data mining and auditing software to be used in future IS audits. What is the PRIMARY requirement that the software tool should meet? The software tool should: accurately capture data from the organization's systems without causing excessive performance problems.
How can data mining be used in audit?Data mining can help narrow the population to a manageable size, enabling the application of fraud audit procedures. By using data interpretation, you can develop reports or documentation and interpret the data.
Which of the following is the best factor for determining the required data during audit planning phase?What is the best factor for determining the required extent of data collection during the planning phase of an IS compliance audit? Purpose, Objective, and Scope of the audit. The extent to which data will be collected during an IS audit is related directly to the purpose, objective, and scope of the audit.
When reviewing the desktop software compliance of an organization the IS auditor should be most concerned if the installed software?When reviewing the desktop software compliance of an organization, the IS auditor should be MOST concerned if the installed software: is not listed in the approved software standards document.
|