Professional Documents
Culture Documents
1
1 The primary purpose and existence of an audit charter is to:
A. Document the audit process used by the enterprise
B. Formally document the audit department’s plan of action
C. Document a code of professional conduct for the auditor
D. Describe the authority and responsibilities of the audit department
2 Which of the following control classifications identify the cause of a problem and minimize the impact of threat?
A. Administrative Controls
B. Detective Controls
C. Preventive Controls
D. Corrective Controls
3. To conduct a system audit, the IS auditor should
A. Be technically at par with client’s technical staff
B. Be able to understand the system that is being audited
C. Possess knowledge in the area of current technology
D. Only possess a knowledge of auditing.
4 Which of the following are most commonly used to mitigate risks discovered by organizations?
A. Controls
B. Personnel
C. Resources
D. Threats
5 The rate of change in technology increases the importance of:
A. Outsourcing the IS function
B. Implementing and enforcing good processes
C. Hiring personnel willing to make a career within the organisation
D. Meeting user requirements
6 What means the rate at which opinion of the IS Auditor would change if he selects a larger sample size?
9 When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:
A. A confirmation letter received from a third party for the verification of an account balance.
B. Assurance via a control self-assessment received from the management that an application is working as designed.
C. Trend data obtained from World Wide Web (Internet) sources.
D. Ratio analysis developed by an IS Auditor from reports supplied by line management
2. During a review of the controls over the process of defining IT service levels, an IS auditor would most likely interview the:
A. Systems programmer
B. Legal staff
C. Business Unit Manager
D. Programmer
3. Which of the following procedures would an IS Auditor not perform during pre-audit planning to gain an understanding of the overall
environment under review?
A. Meet with the audit committee members to discuss the IS audit plan for the upcoming year.
B. Ensure that the IS audit staff is competent in areas that are likely to appear on the plan and provide training as necessary.
C. Perform a risk ranking of the current and proposed application systems to prioritize the IS audits to be conducted.
D. Begin with the prior year's IS audit plan and carry over any IS audits that had not been accomplished.
5. The purpose of compliance tests is to provide reasonable assurance that:
A. Establishing relationship between two or more areas & identify duplicate transactions
B. Carry out market surveys for a new product launch
C. Projections on future trends for specific parameters
D. Estimation of competitor activity Key
7. Which is one of the most effective tools and techniques to combat fraud?
A. Computer Assisted Audit Techniques (CAAT)
B. Threats of severe punishment
C. Validation by the I.T. dept. of the police
D. Use of authenticated hard copies Key
8. An IS Auditor, concerned that application controls are not adequate to prevent duplicate payment of invoices, decided to review the data
processing files for possible duplicate payments. Which of the following techniques/tools would be useful to the IS Auditor?
A. Data availability
B. Data completeness
C. Data redundancy
D. Data accuracy
5 The cashier of a company has rights to create bank master in TALLY. This error is a reflection of poor definition for which type of control:
A. User Controls
B. Application Control
C. Input Control
D. Output Control
6 An employee has left the company. The first thing to do is to:
A. Hire a replacement employee.
B. Disable his/her access rights.
C. Ask the employee to clear all dues/advances.
D. Escort employee out of company premises
7 As part of auditing Information Security of a multinational bank, an auditor wants to assess the security of information in ATM facilities.
Under which privacy policy should he look for details pertaining to security guards and CCTV surveillance of ATM’s?