Professional Documents
Culture Documents
<variant>4
<variant>6
<variantright>8
<variant>10
<variantright>Report it to the Learner Help Center (if the problem is technical) or use the
<variant>"Report an Issue" button.
<question>What types of assessments can be found in this course? You can select more
than one.
<variant>Reading summaries
<variant>True
<variantright>False
<variantright>True
<variant>False
<variantright>True
<variant>False
<question>According to the PCAOB, AICPA, and the IAASB, an auditor has a responsibility
to obtain absolute assurance that the financial statements are free of material misstatement.
<variant>True
<variantright>False
<variant>To conclude whether the financial statements are free of all misstatements.
<variant>To present the financial statements in conformity with GAAP, in all material
respects.
<question>All of the following are mentioned in the video as audit standard setters, except
for:
<variant>AICPA
<variant>IAASB
<variantright>FASB
<variant>PCAOB
<question>According to PCAOB standards, the auditor is required to (check all that apply):
<variant>A. Establish and maintain internal control that will initiate, record, process, and
report transactions consistent with management’s assertions embodied in the financial
statements
<variantright>B. Identify those circumstances in which GAAP has not been consistently
observed in the preparation of the financial statements.
<variantright>C. Plan and perform the audit to obtain reasonable assurance about whether
the financial statements are free of material misstatement.
<variantright>D. State whether, in his or her opinion, the financial statements are presented
in conformity with GAAP
<question>According to the PCAOB, AICPA, and the IAASB, an auditor has a responsibility
to obtain reasonable assurance that the financial statements are free of material
misstatement.
<variantright>A. True
<variant>B. False
<question>The PCAOB is the audit standard setter responsible for setting high-quality
international standards for auditing and assurance.
<variant>A. True
<variantright>B. False
<variant>D.To present the financial statements in conformity with GAAP, in all material
respects.
<question>The trust relationship between the promiser and truster is unique to financial
reporting.
<variant>A. True
<variantright>B. False
<variantright>B. Helps bridge the gap between the promiser and truster
<question>Auditors are in the ‘comfort production business,’ as they give comfort to decision
makers who are vulnerable to erroneous, self-interested, and possibly fraudulent financial
statements from corporate management.
<variantright>A. True
<variant>B. False
<question>According to PCAOB standards, the auditor is required to (check all that apply):
<variant>A. Establish and maintain internal control that will initiate, record, process, and
report transactions consistent with management’s assertions embodied in the financial
statements
<variantright>B. Identify those circumstances in which GAAP has not been consistently
observed in the preparation of the financial statements.
<variantright>C. Plan and perform the audit to obtain reasonable assurance about whether
the financial statements are free of material misstatement.
<variantright>D. State whether, in his or her opinion, the financial statements are presented
in conformity with GAAP
<question>According to the PCAOB, AICPA, and the IAASB, an auditor has a responsibility
to obtain reasonable assurance that the financial statements are free of material
misstatement.
<variantright>A. True
<variant>B. False
<question>The PCAOB is the audit standard setter responsible for setting high-quality
international standards for auditing and assurance.
<variant>A. True
<variantright>B. False
<variant>B. To conclude whether the financial statements are free of all misstatements.
<variant>D.To present the financial statements in conformity with GAAP, in all material
respects.
<question>Which of the following is true about Phase 2 of the market game step-by-step
illustration?
<variantright>Grade quality is available to the market only after trading has been completed
<variant>New sellers will enter the market
<question>In which phase of the market game step-by-step illustration shown in the lesson
videos does the verifier (i.e. the auditor) come into play?
<variant>Phase 1
<variant>Phase 2
<variantright>Phase 3
<variant>Phase 4
<question>The market game step-by-step illustration shown in the lesson videos shows that
Seller 1 benefits by hiring the auditor and being able to signal their quality grade to buyers in
conjunction with their asking price.
<variant>True
<variantright>False
<question>The market game step-by-step illustration showed that production of the highest
quality grade always resulted in the largest consumer surplus.
<variant>True
<variantright>False
<question>According to the video lesson, ‘The Market Game: Implications for Auditing,’ who
typically pays the auditor for verifying financial statements in the real world?
<variant>The Knower
<variantright>The Promisor
<variant>The Trustor
<variant>The Verifier
<question>Trustors will be willing to pay a higher price than they otherwise would pay for the
promisor’s stock after financial statement verification from an auditor.
<variantright>True
<variant>False
<question>According to the 1994 study by Kinney and Martin discussed in the lesson
videos, which of the following is true?
<question>According to the 2011 study by Minnis discussed in the lesson videos, which of
the following is true?
<variantright>Audited firms have a significantly lower cost of debt (i.e. are charged a lower
interest rate when they get a loan), compared to unaudited firms.
<variant>Audited firms enjoy a roughly 100 basis point lower interest rate, on average,
compared to unaudited firms.
<variant>Lenders do not place any weight on audited financial information in setting the
interest rate.
<variant>The risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated
<variant>The risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated
<question>According to the videos, ‘audit risk’ is best defined as the risk that the audit firm
will be exposed to loss from events arising in connection with the financial statements (e.g.
litigation, penalties, reputational loss, lack of profitability).
<variant>True
<variantright>False
<question>Which of the following interact to influence the nature, extent, and timing of the
planned audit work (check all that apply):
<variantright>Audit risk
<variantright>Evidence
<variant>Liquidity
<variantright>Materiality
<question>Of the options below, which evidence would you say is most persuasive to the
balance sheet account "cash" for a calendar-year audit client?
<variant>Confirmation with the bank regarding the balance as of the end of October of the
calendar year being audited, and the corroboration of this amount that management
provides with a sample of three months of deposits traced from deposit slips to cash ledger
(specifically, Feb, March, and April of the year being audited).
<variantright>Confirmation with the bank regarding the balance as of the end of December,
and the corroboration of this amount that management provides with a sample of three
months of deposits traced from deposit slips to cash ledger (specifically Oct, Nov, Dec of the
year being audited).
<variant>The risk that the client will experience adverse outcomes as a result of economic
conditions, events, circumstances, or management action/inaction
<variant>The risk that the magnitude of a misstatement that makes it probable that the
judgement of a reasonable person relying on the information would have been changed or
influenced by the misstatement
<variantright>The risk that the auditor expresses an incorrect audit opinion when the
financial statements are materially misstated
<variant>The risk that the audit firm will be exposed to loss from events arising in connection
with the financial statements (e.g. litigation, penalties, reputational loss, lack of profitability)
<variant>The risk of issuing an incorrect audit opinion (i.e. unqualified/clean) when the
financial statements are materially misstated
<variantright>The risk that the audit firm will be exposed to loss from events arising in
connection with the financial statements (e.g. litigation, penalties, reputational loss, lack of
profitability)
<variant>The risk that the client will experience adverse outcomes as a result of economic
conditions, events, circumstances, or management action/inaction
<variant>The risk that the audit procedures performed by an auditor will fail to detect a
material misstatement
<question>The Risk of Material Misstatement (RMM) is largely outside of the control of the
auditor.
<variantright>True
<variant>False
<question>Which of the following describes the correct equation for the ‘Risk of Material
Misstatement (RMM)?’
<variant>RMM = IR*CR*DR
<variant>RMM = DR*IR
<variantright>RMM = IR*CR
<variant>RMM = DR*IR/CR
<question>Which of the following describes the correct equation for the ‘Audit Risk model?’
<variantright>The risk that the audit procedures performed by an auditor will fail to detect a
material misstatement
<variant>The risk that a material misstatement could occur, before the consideration of any
internal controls
<variant>The risk that controls present will not prevail, or detect or correct, a material
misstatement
<variant>The risk of issuing an incorrect audit opinion (i.e. unqualified/clean) when the
financial statements are materially misstated
<question>Information asymmetry can result in market failure.
<variantright>True
<variant>False
<question>Suppose Martha is a risk neutral person who wants to buy a used Toyota Prius.
It’s known that 70% of Priuses are good and worth $20,000. The other 30% of Priuses are
considered ‘lemons’ and are worth $7,000. What is the expected value (EV) of this car?
<variant>$7,000
<variantright>$16,100
<variant>$20,000
<variant>$27,000
<question>Suppose Frank is risk neutral and he wants to buy a used Maserati. It’s known
that 85% of Maserati’s are good and worth $60,000. The expected value of a Maserati is
$50,000. What is the maximum amount Frank would be willing to spend on a used Maserati?
<variantright>$50,000
<variant>$58,500
<variant>$60,000
<question>One way to make the market for used cars function again after a market failure
due to information asymmetry, would be to get an audit about the car’s quality from a
mechanic.
<variantright>True
<variant>False
<question>Suppose Harry is a risk neutral investor that wants to buy a used Toyota Prius.
It’s known that 70% of Priuses are good and worth $20,000. The other 30% of Priuses are
considered ‘lemons’ and are worth $7,000. If Harry gets assurance from a mechanic, the
probability that the car is ‘good’ moves from 70% to 90%. What is the expected value of the
Toyota Prius with assurance?
<variant>$7,000
<variant>$16,100
<variantright>$18,700
<variant>$20,000
<question>Suppose Harry is a risk neutral investor that wants to buy a used Toyota Prius.
It’s known that 70% of Priuses are good and worth $20,000. The other 30% of Priuses are
considered ‘lemons’ and are worth $7,000. If Harry gets assurance from a mechanic, the
probability that the car is ‘good’ moves from 70% to 90%. What is the most Harry would be
willing to pay for this assurance?
<variant>$0
<variantright>$2,600
<variant>$7,000
<variant>True
<variantright>False
<variantright>True
<variant>False
<question>Suppose Paul wants to buy a used Toyota Prius. It’s known that 85% of Priuses
are good and worth $18,000. The other 15% of Priuses are considered ‘lemons’ and are
worth $2,000. What is the expected value (EV) of this car?
<variant>$2,000
<variant>$4,400
<variantright>$15,600
<variant>$18,000
<question>Suppose Donna wants to buy a used Maserati. It’s known that 75% of Maserati’s
are good and worth $80,000. The expected value of a Maserati is $70,000. What is the value
of a ‘lemon’ Maserati?
<variant>$10,000
<variantright>$40,000
<variant>$70,000
<variant>$80,000
<question>Assume that the expected value of a Honda Odyssey minivan is $6,000 and a
‘good’ Honda Odyssey is worth $11,000. Which of the following is true?
<variant>A risk neutral buyer would be willing to pay at least $11,000 to buy the minivan
<variantright>A risk neutral buyer would be indifferent between buying the car and paying
$6,000 or paying $0 and not buying the car
<variant>A seller who is certain they have a ‘good’ minivan would be willing to sell for less
than $6,000
<variant>A seller who is certain they have a ‘good’ minivan would be willing to sell at a
discounted price of $9,000
<question>Suppose Clara is a risk neutral investor that wants to buy a used Lamborghini
Aventador. It’s known that 80% of Aventador’s are ‘good’ and worth $400,000. The other
20% of Aventador’s are considered ‘lemons’ and are worth $50,000. If Clara gets assurance
from a mechanic, the probability that the car is ‘good’ moves from 80% to 95%. What is the
expected value of the Aventador with assurance?
<variant>$330,000
<variantright>$382,500
<variant>$390,250
<variant>$400,000
<variantright>True
<variant>False
<question>The probability of a transaction decreases as the bid-ask price narrows.
<variant>True
<variantright>False
<variant>True
<variantright>False
<question>Which of the following best describes the purpose of a financial statement audit?
<variantright>To form an opinion on whether the financial statements are free of material
misstatement
<variant>To provide financial statement users with absolute assurance that the financial
statements prepared by management are fairly presented
<variantright>The risk that the auditor expresses an inappropriate audit opinion when the
company’s financial statements are materially misstated.
<variant>The risk that a material misstatement could occur, before the consideration of any
internal controls
<variant>The risk that controls present will not prevail, or detect or correct, a material
misstatement
<variant>The risk that the audit procedures performed by an auditor will fail to detect a
material misstatement
<variantright>Business risk
<variant>Control risk
<variant>Detection risk
<variant>Inherent risk
<question>An effective audit plan relies on the audit team’s ability to identify and assess the
risk that the financial statements contain a material misstatement, whether caused by error
or fraud.
<variantright>True
<variant>False
<variant>Compilation
<variantright>Examination
<variant>Review
<variant>B. Determine an amount that should be used as a basis for designing audit tests
<variantright>A. Materiality used to establish a scope for the audit procedures for the
individual account balance or footnote disclosures
<question>In the study by Eilifsen and Messier, one main idea the authors discuss is how
firms determine multiple levels of quantitative materiality.
<variantright>A. True
<variant>B. False
<question>All of the following are mentioned in the video as quantitative benchmarks used
to determine overall materiality, EXCEPT:
<question>In the study by Eilifsen and Messier, the majority of the firms in the study used
what percentage range of overall materiality for determining tolerable misstatement?
<variant>A. 3% to 5%
<variantright>True
<variant>False
<question>Which of the following best describes the purpose of a financial statement audit?
<variant>To examine every transaction, control and event that may affect the company’s
financial statements
<variantright>To form an opinion on whether the financial statements are free of material
misstatement
<variant>To provide financial statement users with absolute assurance that the financial
statements prepared by management are fairly presented
<question>Two important factors that guide the audit are reasonable assurance and
materiality.
<variantright>True
<variant>False
<variantright>The risk that the auditor expresses an inappropriate audit opinion when the
company’s financial statements are materially misstated.
<variant>The risk that a material misstatement could occur, before the consideration of any
internal controls
<variant>The risk that controls present will not prevail, or detect or correct, a material
misstatement
<variant>The risk that the audit procedures performed by an auditor will fail to detect a
material misstatement
<question>Tolerable misstatement is best defined as:
<variantright>Materiality used to establish a scope for the audit procedures for the individual
account balance or footnote disclosures
<question>In the study by Eilifsen and Messier, one main idea the authors discuss is the
firms’ guidance on the incorporation of qualitative factors in determining and evaluating
materiality.
<variantright>True
<variant>False
<question>All of the following are mentioned in the video as quantitative benchmarks used
to determine overall materiality, EXCEPT:
<variant>Total assets
<variantright>Total expenses
<variant>Total equity
<question>In the study by Eilifsen and Messier, the majority of the firms in the study used
what percentage range of overall materiality for determining tolerable misstatement?
<variant>3% to 5%
<variant>25% to 50%
<variantright>50% to 75%
<variant>70% to 90%
<variant>True
<variantright>False
<variant>Conclusions by the auditor that the financial statements are free of misstatement
<variant>Statements by the shareholders that financial statements were used in the decision
making process
<variantright>True
<variant>False
<variant>True
<variantright>False
<question>The ‘completeness’ assertion refers to ensuring that transactions and events that
should have been recorded have actually been recorded.
<variantright>True
<variant>False
<question>Which assertion refers to amounts and other data that have been properly
recorded, within the appropriate accounting period, and in proper accounts?
<variant>Completeness
<variant>Existence
<variant>Valuation
<question>Tracing is used primarily to test which of the following assertions about classes of
transactions and events?
<variant>Existence
<variantright>Completeness
<variant>Cutoff
<question>Deferred Revenue, such as from the sale of a Starbucks gift card, should be
recorded by the firm as revenue on the income statement.
<variant>True
<variantright>False
<question>A proper audit procedure that might be used to verify that all gift card liabilities
are real would be to vouch from the gift card subledger to sales invoices.
<variantright>True
<variant>False
<question>Assume you are an auditor and your objective is to verify that unredeemed gift
cards that are recognized in the financial statements are classified as deferred revenue, not
revenue. Which financial statement assertion does this most likely pertain to?
<variant>Existence
<variant>Completeness
<variantright>Valuation
<question>Assume you are an auditor and your objective is to verify that all gift card
balances are recorded. Which financial statement assertion does this most likely pertain to?
<variant>Existence
<variantright>Completeness
<variant>Valuation
<question>Which of the following would be the best audit procedure to verify that
unredeemed gift cards are recognized as deferred revenue and not revenue?
<variant>Select a sample of sales invoices and match to the gift card subledger or general
ledger to ensure the sale was recorded.
<variantright>Select a sample of sales invoices and match to the gift card subledger or
general ledger to ensure the sale was recorded in the proper account.
<question>Testing a sample of gift card balances for unclaimed property compliance is the
best audit procedure for verifying that all gift card balances are recorded.
<variant>True
<variantright>False
<variant>False
<variant>Conclusions by the auditor that the financial statements are free of misstatement
<variant>Statements by the shareholders that financial statements were used in the decision
making process
<variant>True
<variantright>False
<question>Which assertion refers to all transactions and events that need to be included in
the financial statement have been recorded?
<variantright>Completeness
<variant>Existence
<variant>Valuation
<question>The ‘valuation’ assertion refers to assets, liabilities, and equities that are included
at the appropriate carrying values per an acceptable accounting framework, such as GAAP.
<variantright>True
<variant>False
<question>All of the following are steps for assessing risk of material misstatement (RMM)
and verifying assertions, EXCEPT:
<variant>Assess and justify the assertion’s risk of material misstatement
<question>Deferred Revenue, such as from the sale of a Starbucks gift card, should be
recorded by the firm as a(n):
<variant>Asset
<variantright>Liability
<variant>Revenue
<variant>Expense
<question>Assume you are an auditor and your objective is to verify that unredeemed gift
cards are classified as deferred revenue not revenue. Which financial statement assertion
does this most likely pertain to?
<variant>Completeness
<variant>Existence
<variantright>Valuation
<variant>Existence
<variantright>Completeness
<variant>Valuation
<question>Which of the following would be the best audit procedure to verify that all gift card
balances are recorded?
<variantright>Select a sample of sales invoices and match to the gift card subledger or
general ledger to ensure the sale was recorded.
<variant>Select a sample of sales invoices and match to the gift card subledger or general
ledger to ensure the sale was recorded in the proper account.
<question>What is risk?
<variant>refers to natural disasters, while human impact is not part of the risk
<question>In the lecture video 1.2, Prof. Dias mentioned that internal man-made threat is
more serious than an external man-made threat. Why is it so?
<question>When determine the risk level of an event, which two elements of such event
should be assessed?
<variant>The more controls you put in, the more risk can be mitigated
<variant>The more controls you put in, the higher the cost of controls
<question>After the remaining risk is being transferred to third party after the completion of
risk mitigation exercise, which of the following statement is correct?
<variantright>The same risk level remains, however the impact posses by the relevant event
will be compensated by the third party
<variant>Risk level is lowered since the probability of having the relevant event to happen is
reduced
<variant>Risk is eliminated
<variant>Risk level is lowered since the impact posses by the relevant event is reduced
<variant>Granting network access to the system from designated MAC and IP address of a
network device
<variant>Using username and password to authenticate legitimate users to access a system
<variantright>No – none of the preventive, detective and corrective controls could solely help
to mitigate risk effectively, and not everything risk can be prevented or detected so
implementing a combination of these types of controls would provide the best protection to
the organisation
<variant>No – cost of implementing preventive controls is higher than the other types of
controls
<variant>Yes – preventive controls and the other types of controls are mutually exclusive,
we only need to implement the best type
<variant>Yes – cost of implementing preventive controls is lower than the other types of
controls
<variant>Preventive control
<variant>Corrective control
<variant>Detective control
<question>Your company is looking into the feasibility of building the data center near the
coast and your supervisor would like you to conduct a risk assessment exercise. How would
you get started?
<variantright>Use the risk matrix to calculate the impact and probability of the risk
<variant>List all the ways possible to mitigate the risk and apply them into the company
immediately
<question>Which of the following is NOT a major phase of the general audit procedure
<variant>Planning
<question>Which of the following areas would likely be audited when you are auditing a
financial reporting system (i.e., the system that generates financial statements)?
i. User list and corresponding access rights of such system
ii. The time required to generate the financial statement
iii. Approval flow and approval matrix for posting an accounting journal
iv. System change controls
<variant>(i) only
<variant>(ii) only
<question>During the “Fieldwork and Documentation” phase, if the audit client asks the IS
auditors to share the observations they have obtained, can the IS auditors provide such
information to the audit client?
<variant>Yes – auditor should always share their observations, as the information obtained
belongs to the client
<variant>It depends – observations can only be shared to C-Suite client personnel (e.g.,
CEO, CFO, COO, CIO, etc.) of the audit client, but not other personnel
<variant>No – IS auditors should not share any observations as they have no responsibility
to make any advice verbally, other than issuing an audit report
<question>Which of the following is the best way to review whether the system users have
changed their password in accordance to the password policy in the past 12 months during
the relevant compliance testing?
<variantright>Review the global security setting of the system and check whether it is
configured in accordance to the company password policy
<variant>Randomly extract and review the password change audit trail from the system, say
3 of 12 months of audit trail
<variant>Interview the IT administrator of the system and ask for the usual practice
<variantright>Audit procedure to collect evidence and evaluate the integrity of detail data,
programming code and/or change requests
<variant>Audit procedure to understand and review whether the internal controls are well
designed and being effectively followed
<variant>Audit procedure to check whether there is proposal internal policy and procedure
are implemented
<variant>Proper programme change policy is in place, with good internal controls design, but
it is not followed properly by the company
<variant>Proper program change policy is in place, with good internal controls design
<variant>Proper programme change policy is in place, but with bad internal controls design
<question>When IS auditors collect evidence, which of the following is the most trustworthy
source?
<variant>Interview notes documented during the interview with the system administrator
<variant>When reviewing a control of a system module that the IS auditor is not familiar with
<question>An IS auditor needs to obtain samples of documents from the audit client, such
as program change request forms, to review the internal control of the audit client over the
past 12 months. What would be the most appropriate action that the IS auditor should do in
terms of sampling?
<variantright>IS auditor to determine the number of samples required, randomly pick the
required samples based on the full set of documents from the last 12 months, and request
the audit client to provide accordingly
<variant>IS auditor to determine the number of samples required, audit client to pick the
required number of documents from the last 12 months randomly
<variant>IS auditor to determine the number of samples required, audit client to pick the
required documents from the last 3 months randomly
<variant>IS auditor to determine the number of samples required, randomly pick the required
samples from the available document provided by the audit client
<variant>Include sufficient and proper liability clause in the contract for the development
work
<variant>Obtain insurance policy to transfer the risk of not having the system being
developed as expected to support the business operations
<question>Which of the following is the most important phase of the System Development
Life Cycle (SDLC) in the perspective of having the system to support the business
operations effectively?
<variantright>Requirement Phase
<variant>Feasibility Phase
<question>When an IS Auditor audits the SDLC of a decision support system, of which the
development work is outsourced to the third-party, which of the following activity in relation to
the system would most concern the IS Auditor?
<question>Which of the following control activity is required before a newly built system can
be launched to support business operations?
<variant>Passing the stress test and security test which are done by IT colleagues
<question>There are various types of system changeover approach. Which of the following
is the major advantage for performing Parallel Changeover approach?
<variant>To provide double processing power since users can use both old and new system
at the same time
<variant>To allow users to perform the same business operations on both old and new
system to compare results
<variant>To provide opportunities training the users to use the new system
<variantright>To minimize the impact to the business due to risk of system change over
failure
<variant>To control company’s expense since the company has just paid a lot to develop the
system
<variant>3-6 months is the typical time required for IT developers to learn how to perform
post-implementation review
<variantright>To allow system bugs are fixed and sufficient business transactions are being
performed in the system to support the review
<question>Which of the following can be considered as risk in relation to system
development?
iv. The market competition among the outsource system development vendors
<variant>Independent IS auditors are the only group of people who have the relevant
professional knowledge to perform the review
<variant>Additional advice can be obtained from the independent IS auditor based on their
system review experience gained from their other clients
<variant>Enlarge the description textboxes in the journal entries page for better visibility
<variant>Upgrade to the latest version of budgeting module with a refined budget approval
workflow incorporated
<variantright>Enlarge the description textboxes in the journal entries page for better visibility
<variant>Upgrade to the latest version of budgeting module with a refined budget approval
workflow incorporated
<question>When auditing the change requests of a point of sale system, you notice 70% of
the change requests are related to adaptive maintenance, developers reflect that the effort
of implementing the change is huge. As an auditor, what would be your best
recommendation to the Management?
<variantright>Look for the feasibility of implementing a brand new point of sale system to
address the requests
<variant>Implement a better control to avoid the system users from submitting to many
change requests
<variant>Increase the budget of hiring developers to address all the change requests by the
system users
<question>Prof. Dias discussed about different system environments used in the change
management process in this module. Which of the following is true about the system
environments?
<variant>Developers should apply the code changes directly to the production environment
for quicker turnaround
<variant>Program library stores ONLY the latest copy of the production environment, which
can be restored in case the production environment crashes
<question>A user submitted a change request, which has been approved and well-
documented. The developer also followed the change management procedure to make
modification in the appropriate system environment and has passed the testing. However,
the change does not take place in the production environment of the system eventually. The
reason is likely to be ___________________________
<variant>IS auditor is in the progress of checking the system, no changes can be applied
<variant>The emergency environment has been in place for half a year which the system
changes from the production environment cannot be reflected
<question>The developer has implemented the change request of enhancing the fund
transfer functionality in the production environment of an e-Banking system. After an hour,
the bank received complaints from customers as they cannot transfer funds, while other
modules of the e-Banking system work fine. What would be the immediate step to resolve
this issue from the perspective of having good IS controls and governance?
<variant>Re-submit a change request to decrease the fund transfer limit and run through the
change request procedure again
<variantright>Reverse only the fund transfer module back to the previous version, following
the IT change procedure of the bank
<variant>Terminate the audit practice and report to the supervisor, and wait for further
instructions
<variant>Review all the program changes under any circumstances
<variant>preventive
<variant>perfective
<variantright>adaptive
<variant>corrective
<question>“Installing a patch to resolve the file attachment failure in the job application
system” is a kind of __________ maintenance.
<variantright>corrective
<variant>adaptive
<variant>perfective
<variant>preventive
<variant>adaptive; corrective
<variantright>corrective; adaptive
<variant>detective; adaptive
<variant>preventive; perfective
<question>Risk Assessment-
<variant>authoritative, international set of generally accepted IT practices or control
objectives that help employees, managers, executives, and auditors in: understanding IT
systems, discharging fiduciary responsibilities, and deciding adequate levels of security
and controls.
<variant>plan, build, run, and monitor the activities and processes used by the
organization to pursue the objectives established by the board.
<variant>inventory of all the potential audit areas within an organization.
<variantright>considered the foundation of the audit function as they assist in developing
the process for planning individual audits.
<question>Ransomware
<variantright>form of malware targeting both human and technical weaknesses in an
effort to deny the availability of critical data and/or systems
<variant>occurs when the subject claims to be associated with a computer software or
security company, or even a cable or Internet company, offering technical support to the
victim.
<variant>sophisticated scam targeting businesses working with foreign suppliers and/or
businesses who regularly perform wire transfer payments
<variant>This type of Internet crime involves posing as government, law enforcement
officials, or simply someone pretending to have certain level of authority in order to
persuade unaware victims to provide their personal information.
<question>Intimidation/Extortion Scam
<variant>form of malware targeting both human and technical weaknesses in an effort to
deny the availability of critical data and/or systems
<variant>occurs when the subject claims to be associated with a computer software or
security company, or even a cable or Internet company, offering technical support to the
victim.
<variant>sophisticated scam targeting businesses working with foreign suppliers and/or
businesses who regularly perform wire transfer payments
<variantright>This type of Internet crime involves posing as government, law
enforcement officials, or simply someone pretending to have certain level of authority in
order to persuade unaware victims to provide their personal information.
<question> The term that defined as service availability, and the level of trust and confidence
that can be placed on the information
<variant>Information integrity
<variantright>Information assurance
<variant>Processing integrity
<variant>IT strategy
<question> What is big data as defined by TechAmerica Foundation’s Federal Big Data
Commission?
<variantright>describes large volumes of high velocity, complex and variable data
that require advanced techniques and technologies to enable the capture, storage,
distribution, management, and analysis of the information
<variant>includes policies and procedures that apply to many applications and
support the effective functioning of application controls.
<variant>describes configuration management with big data and action examples
carried out as part of the configuration management plan
<variant>defines solutions and technologies that provide the best return on the
management of the organization.
<question> What type of audit function evaluates the reliability and the validity of
systems controls in all forms?
<variant> Internal Audit Function
<variant>Analytical Audit Function
<variant>Expert Audit Function
<variantright> External Audit Function
<variant>Audit Schedule
<variantright>COBIT
<variant>Audit Plan
<variant>Access Control Management
<question>Choose the correct phases of an audit.
<variantright> Risk assessment->Audit plan->Preliminary review->Design audit
procedures
<variant>Preliminary review->Risk assessment->Audit plan-> Design audit procedures
<variant>Design audit procedures-> Risk assessment-> Preliminary review->Audit plan
<variant>Risk assessment-> Audit plan -> Design audit procedures-> Preliminary review
<variantright>plan, build, run, and monitor the activities and processes used by the
organization topursue the objectives established by the board.
<question>What helps ensure that IT supports business goals, maximizes business investment
in IT, and appropriately manages IT-related risks?
<variant>IT auditioning
<variant>IT operating
<variantright>Effective IT governance
<question>Human resource and payroll includes new employee form and existing employee
change form.
<variantright>True
<variant>False
<question>The sample is randomly selected and evaluated through the application of the
probability theory
<variant>Mathematical sampling
<variant>Evaluation sampling
<variant>Random sampling
<variantright>Statistical sampling
<question>A method of random sampling that separates the population into similar groups,
and then selects a random sample from the group
<variant>Difference Estimation
<variant>Systematic Sampling (Interval Sampling)
<variant>Mean Per Unit
<variantright>Cluster Sampling (Block Sampling)
<question>The basics of the CIO function as described by the Society for Human Resource
Management include:
-Formal communication of new or revised information systems policies and procedures to all
users in the organization.
<variantright>True
<variant>False
<question>Projects need to be reviewed early in their life cycle to ensure they have a sound
_________.
<variantright>Business case
<variant>Plan
<variant> Roadmap
<variant>Developers
<question>What is information?
<variant>The data we get from interacting with the environment
<variantright>Data is organized and processed to give meaning and thus improve decision
making.
<variant>Data that is correct
<variant>Data that consist information about everything
<question>Relevance: the information is relevant and applicable to the decision (for example,
for a decision to extend a loan, the client will need relevant information about the client's
balance from the receivables maturities report, etc.).
<variantright>True
<variant>False
<question>Two or more independent people can produce the same conclusion. In the item
information and communication, what type is this?
<variant>Relevant
<variant>Complete
<variant>Understandable
<variantright>Verifiable
<question>The work of the IT department, headed by the chief technology officer (CTO)?
<variantright>would be evaluating, managing, and accepting
the risks associated with this type of enterprise-wide technology.
<variant>create optimal value from IT by maintaining a balance between
realizing benefits and optimizing risk levels and resource use.
<variant>of standards includes techniques that help organizations secure their
information assets
<variant>compelling federal government requirements for IT standards related to security
and
interoperability, and there are no acceptable industry standards or solutions.
<question>NIST.gov. has provided a number of audit, control, and security resources as well
as identification of best practices in managing and reviewing IT risk in many areas.
<variant>True
<variantright>False
<question>Statements on Auditing Standards (SAS) are issued by the Auditing Standards
Board of the AICPA and are recognized as interpretations of the 10 generally accepted
auditing standards.
<variantright>True
<variant>False
<question>The basics of the CIO function as described by the Society for Human Resource
Management include:
-Formal communication of new or revised information systems policies and procedures to all
users in the organization.
<variantright>True
<variant>False
<question>Projects need to be reviewed early in their life cycle to ensure they have a sound
_________.
<variantright>Business case
<variant>Plan
<variant> Roadmap
<variant>Developers
<question>Minor - possible losses will not lead to bankruptcy, but will require the company
to
<variant>True
<variantright>False
<question>What is information?
<variant>The data we get from interacting with the environment
<variantright>Data is organized and processed to give meaning and thus improve decision
making.
<variant>Data that is correct
<variant>Data that consist information about everything
<question>Relevance: the information is relevant and applicable to the decision (for example,
for a decision to extend a loan, the client will need relevant information about the client's
balance from the receivables maturities report, etc.).
<variantright>True
<variant>False
<question>Two or more independent people can produce the same conclusion. In the item
information and communication, what type is this?
<variant>Relevant
<variant>Complete
<variant>Understandable
<variantright>Verifiable
<question>The work of the IT department, headed by the chief technology officer (CTO)?
<variantright>would be evaluating, managing, and accepting
the risks associated with this type of enterprise-wide technology.
<variant>create optimal value from IT by maintaining a balance between
realizing benefits and optimizing risk levels and resource use.
<variant>of standards includes techniques that help organizations secure their
information assets
<variant>compelling federal government requirements for IT standards related to security
and
interoperability, and there are no acceptable industry standards or solutions.
<question>NIST.gov. has provided a number of audit, control, and security resources as well
as identification of best practices in managing and reviewing IT risk in many areas.
<variant>True
<variantright>False
<question>Statements on Auditing Standards (SAS) are issued by the Auditing Standards
Board of the AICPA and are recognized as interpretations of the 10 generally accepted
auditing standards.
<variantright>True
<variant>False
<question>Where does the task of the auditor to determine the level of participation
begin?
<variantright>risk assessment
<variant>workload
<variant>distribution of tasks
<variant>audit plan
<question>During which phase the auditor can facilitate communication between functions
and raise issues that may impact the quality of the project?
<variant>initiating
<variant>closing
<variant>executing
<variantright>planning
<variantright>The deliverables of the implementation stage are created e.g. the code
<variant> Evaluation
<variant> Documentation
<variant> Design
<question>User Manuals and Technical guides are created in which stage of the System
Analysis and Design?
<variant> Design
<variant> Analysis
<variantright>Documentation
<variant> Evaluation
<variant> 1
<variant> 2
<variant> 3
<variantright>4
<variant> Direct
<variantright>Parallel
<variant> Pilot
<variant> Phased
<variantright> Testing
<variant> Designing
<variant> Backing up
<variant> Evaluating
<variantright>True
<variant> False
<question>A rudimentary prototype can be redesigned and enhanced many times before
the final form is accepted.
<variantright>True
<variant> False
<question>Define SDLC
<variant>Set of activities / phases used to build a multimedia
<question>ERP is:
<variantright>Modular
<variant>by discrete
<variant>by context
<variant>by production
<variantright> Read-only
<variantright>End-user development
<variant>Checks that the size of the data entered fits into the specific field
<variant>None of them
<question>Based on the McAfee Labs report, 650 million virus attacks are approaching in
December
<variantright>True
<variant>.False
<variant>False
<variantright>True
<variantright>Database administrators
<variant>Marketing team
<variant>Clients
<variant>Cloud administrators
<question>What is ERP?
<variant>Evaluation
<variant>Documentation
<variant>Design
<variantright> 4
<variant>3
<variant> 9
<variant>6
<variantright> IoT
<variant>MDM
<variant>BPM
<variant>ERP
<question>The goal of this strategy is to ensure that systems to be integrate well and are
compatible with existing software and technology infrastructure
<variantright>True
<variant>False
<question> Select one of the processes of Systems Acquisition Process
<variant>Observing related business processes.
<variantright> Carrying out the selection process
<variant>Researching other companies in a related industry
<variant> Meeting with IT management and support staf
<question> What is the final process of Systems Acquisition Process?
<variant>Performing a feasibility analysis
<variant> Procuring selected software
<variantright>Completing final acceptance
<variant> Identifying alternatives
<question>Which option describes the economic category of performing a feasibility
analysis?
<variant>Reviews any related legal or contractual obligations associated with the
proposed system.
<variant> Examines how well the proposed system solves business problems or provides
opportunities to the business
<variant>It evaluates the consistency of the proposed system with the company’s
technical strategy, infrastructure, and resources
<variantright>The expenses of a system include procurement, start-up, project-specific
issues, and impact to operations.
<question>A Request for Proposal (RFP) offers flexibility to respondents to further define or
explore the requested requirements
<variantright>True
<variant>False
<question> Choose the option that NOT includes as a software contract terms
<variant> Terms or limitations with the use of any related trademark rights or copyrights.
<variant> Supplier staffing and specified qualifications.
<variantright>Documentation for business analysis processes
<variant> Description of payment terms
<question> Request for Information (RFI) is a document that specifies the minimally
acceptable requirements (functional, technical, and contractual)
<variant>True
<question>SLA –
<variantright>Service Level Agreement
<variant> Service Local Application
<variant> Service Local Audit
<variant> Security level audit
<question>Internal measures keep the IT group focused on things the customer cares about.
<variant>TRUE
<variantright>FALSE
<question>Tools are needed to capture performance, usage metrics from the various
platforms, and to consolidate and report on all of this information.
<variantright>TRUE
<variant>FALSE
<question> Which of them are not possible sources of information for members of the
management board or the change control committee?
<variant>Data Center Operations
<variant>Networks/Telecommunications
<variant>Help Desk
<variantright>Ordinary users
<question> All key employees and departments affected by the change should be notified of
its implementation schedule. Those who may require notification include:
<variantright>End users of the system and manufacturers
<variant>Manufacturers and first users of the system
<variant>Passersby and testers
<variant>Any personnel not related to data control
<question> "Control of the physical inventory and the relationships between the components
that form a set of “basic” objects that can be changed." what does it say here?
<variantright>Conguration Management
<variant>change control management process
<variant>change control management procedures
<variant>organizational change management
<question> What does the CIs stand for?
<variant>Continuous integration
<variantright>Software Configuration Elements
<variant>Computer information
<variant>Computer integration
<question> "The change of culture and structure should be carried out throughout the entire
life cycle. This includes people, organization, and culture." What does it say here?
<variantright>Managing Organizational Change
<variant>Audit Involvement
<variant>Sample activities within such SCM plan.
<variant>Review Points
<question> Once controls are in place, they can be tested for adequacy and effectiveness.
Who does this?
<variant>IT Specialist
<variantright>auditors
<variant>Accountant
<variant>Business Process Controller.
<question> Who should evaluate the controls and determine whether the objectives have
been achieved?
<variant>IT Specialist
<variant>auditors
<variant>Accountant
<variantright>IT auditors
<question> How many of the organizations surveyed have either moved most of their
business continuity and disaster recovery tasks to the cloud (including backup) or plan to do
so in the near future?
<variantright>44%
<variant>34%
<variant>54%
<variant>64%
<question>What are the three fundamental objectives for information and confidentiality?
<variantright>Confidentiality, integrity, availability
<variant>Confidentiality, encryption, integrity
<variant>Confidentiality, availability, consistency
<variant>Integrity, connectivity, accuracy
<question>What is FIPS?
<variantright>Federal Information Processing Standards
<variant>Federal Information Protection Standards
<variant>Federal Instruction Principal Security
<variant>Federal Instruction Processing Standards
<question>What is ERP?
<variantright>Enterprise Resource Planning
<variant>Enterprise Rescue Plan
<variant>Educational Resource Planning
<variant>Educational Rescue Plan
<question>Primary ERP supplies include:
<variantright>SAP, Oracle, Microsoft
<variant>Java, React, SOAP
<variant>SAP, SOAP, Microsoft
<variant>Java, Oracle, React
<question>Based on the July 2015’s ISACA Innovation Insights report, which one was
considered as a key trend driving business?
<variantright>Cloud computing
<variant>BPM
<variant>Oracle
<variant>Kaspersky
<question>What is the main tool which is used by cloud computing?
<variantright>Internet
<variant>VPN
<variant>SSD
<variant>HDD
<question>MDM stands for:
<variantright>Mobile Device Management
<variant>Mobile Desktop Manager
<variant>Machine Division Manager
<variant>Middle Device Maintenance
<question>MDM is responsible for:
<variantright>Managing and administrating mobile devices
<variant>Storing and showing mobile devices
<variant>Managing and storing mobile devices
<variant>Only administrating mobile devices
<question>Employees can bring their own mobile device to the organization
<variantright>True
<variant>False
<question>How can mobile devices be used in organizations?
<variantright>Personal and work purposes
<variant>Personal and common purposes
<variant>Work and common purposes
<variant>Public and common purposes
<question>Which of the following has a potential transformational effect on IT
environments, data centers, technology providers?
<variantright>IoT
<variant>MDM
<variant>BPM
<variant>ERP
<question>IoT, as defined by Gartner, Inc., is a system that allows remote assets from
“things” (e.g., stationary or mobile devices, sensors, objects, etc.) to interact and
communicate among them and with other network systems.
<variantright>True
<variant>False
<question>What is “spamming”?
<variantright>Disruptive online messages, especially commercial messages posted on a
computer network or sent as email.
<variant>Attack designed to disable a network by flooding it with useless traffic.
<variant>Piece of program code that contains self-reproducing logic, which piggybacks
onto other programs and cannot survive by itself.
<variant>Independent program code that replicates itself and eats away at data, uses up
memory, and slows down processing.
<question>What is “Denial-of-service attack”?
<variantright>Attack designed to disable a network by flooding it with useless traffic.
<variant>Disruptive online messages, especially commercial messages posted on a
computer network or sent as email.
<variant>Piece of program code that contains self-reproducing logic, which piggybacks
onto other programs and cannot survive by itself.
<variant>Independent program code that replicates itself and eats away at data, uses up
memory, and slows down processing.
<question>What is “worm”?
<variantright>Independent program code that replicates itself and eats away at data, uses
up memory, and slows down processing.
<variant>Attack designed to disable a network by flooding it with useless traffic.
<variant>Disruptive online messages, especially commercial messages posted on a
computer network or sent as email.
<variant>Piece of program code that contains self-reproducing logic, which piggybacks
onto other programs and cannot survive by itself.
<question> How many categories does the Feasibility Analysis include?
<variant>3
<variantright>5
<variant>6
<variant>9