When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:

vulnerabilities and threats are identified.

controls needed to mitigate risks are in place.

Reviewing management's long-term strategic plans helps the IS auditor:

Gains an understanding of an organization's goals and objectives.

Tests the enterprise's internal controls.

Assess the organization's reliance on information systems.

Determine the number of audit resources needed.

Which of the following forms of evidence would be considered to be the most reliable when assisting an IS Auditor develop audit conclusion?

A confirmation letter received from a third party for the verification of an account balance.

Assurance via a control self-assessment received from the management that an application is working as designed.

Trend data obtained from World Wide Web (Internet) sources.

Ratio analysis developed by an IS Auditor from reports supplied by line management

Which of the following procedures would an IS Auditor not perform during pre-audit planning to gain an understanding of the overall environment under review

Perform compliance tests to determine if regulatory requirements are met

Tour Key organization activities

Interview key members of management to understand business risks

The first step the IS Audit Manager should take when preparing the annual IS audit plan is to:

Perform a risk ranking of the current and proposed application systems to prioritize the IS audits to be conducted.

Meet with the audit committee members to discuss the IS audit plan for the upcoming year

Ensure that the IS audit staff is competent in areas that are likely to appear on the plan and provide training as necessary.

Begin with the prior year's IS audit plan and carry over any IS audits that had not been accomplished.

The purpose of compliance tests is to provide reasonable assurance that:

Controls are working as prescribed.

Documentation is accurate and current.

The duties of users and data processing personnel are segregated.

Exposures are defined and quantified.

IS Auditors are most likely to perform tests of internal controls if, after their evaluation of such controls, they conclude that:

The control environment is poor.

A substantive approach to the audit are cost-effective

Control risks are within the acceptable limits.

Which of the following is the least important factor in determining the need for an IS Auditor to be involved in a new system development project?

The number of lines of code to be written.

The value of the system to the organization.

The potential benefits of the system.

Each of the following is a general control concern EXCEPT:

Balancing of daily control totals.

Organization of the IS Department.

Documentation procedures within the IS Department.

Physical access controls and security measures.

Which of the following types of audits requires the highest degree of technical expertise?

Microcomputer application audits

A manufacturing company has implemented a new client/server system enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following controls would BEST ensure that the orders are accurately entered and the corresponding products produced?

Verifying production to customer orders

Logging all customer orders in the ERP system

Using hash totals in the order transmitting process

Approving (production supervisor) orders prior to production

M1C12

Authored by Rohit Narang

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The primary purpose and existence of an audit charter is to:

Document the audit process used by the enterprise.

Formally document the audit department’s plan of action.

Document a code of professional conduct for the auditor.

Describe the authority and responsibilities of the audit department.

Answer explanation

It is like the constitution for the IS Audit function as it mandates the authority, scope and responsibility of IS Audit in the organization.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following control classifications identify the cause of a problem and minimize the impact of threat

Administrative Controls

Detective Controls

Preventive Controls

Corrective Controls

Answer explanation

Corrective Controls classifications identify the cause of a problem and minimize the impact of threat. The Goal of these controls is to identify the root cause of an issue whenever possible and eliminate the potential for that occurring again. The other controls are useful but perform other functions instead.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is NOT generally considered a category of Audit Risk?

Detection Risk

Scoping Risk

Inherent Risk

Control Risk

Answer explanation

Scoping risk is not generally considered as category of audit risk. The other risk categories are also possible types of risk; however they are not the one that question demand.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following are most commonly used to mitigate risks discovered by organizations?

Controls

Personnel

Resources

Threats

Answer explanation

Controls are most commonly used to mitigate risks discovered by organizations. This is what organizations implement as a result of the risks an organization discovers. Resources and personnel are often expended to implement controls.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is not a type of internal controls

Detective

Corrective

Preventive

Administrative

Answer explanation

Administrative is not a type of internal controls. Detective is designed to detect errors or irregularities that may have occurred. Corrective is designed to correct errors or irregularities that have been detected. Preventive is designed to keep errors or irregularities from occurring.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What means the rate at which opinion of the IS Auditor would change if he selects a larger sample size?

Audit Risk

Materiality

Risk Based Audit

Controls

Answer explanation

Audit risk means the rate at which opinion of the IS Auditor would change if he selects a larger sample size. Audit risk can be high, moderate or low depending on the sample size selected by the IS Auditor. A risk based audit approach is usually adapted to develop and improve the continuous audit process. Materiality means importance of information to the users. It is totally the matter of the professional judgment of the IS Auditor to decide whether the information is material or immaterial.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following cannot be classified as Audit Risk?

Inherent Risk

Detection Risk

Controllable Risk

Administrative Risk

Answer explanation

Inherent risk means overall risk of management which is on account of entity’s business operations as a whole. Controllable risk is the risk present in the internal control system and the enterprise can control this risk completely and eliminate it form the system. Detection risk is the risk of the IS Auditor when he is not able to detect the inherent risk or the controllable risk.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Signals and systems

Quiz

•

Professional Development

15 questions

Nursing Leadership & Management

Quiz

•

University - Professi...

15 questions

REVISED CODE OF CONDUCT QUIZ BEE

Quiz

•

Professional Development

15 questions

Resume & CV Recap

Quiz

•

Professional Development

15 questions

FIFA 20

Quiz

•

Professional Development

15 questions

Universal Design for Learning

Quiz

•

Professional Development

18 questions

Infallible Vedas (DYS 2)

Quiz

•

Professional Development

18 questions

A Poison Tree Cold Read

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Professional Development

44 questions

Would you rather...

Quiz

•

Professional Development

M1C12

The primary purpose and existence of an audit charter is to:

It is like the constitution for the IS Audit function as it mandates the authority, scope and responsibility of IS Audit in the organization.

Which of the following control classifications identify the cause of a problem and minimize the impact of threat

Which of the following is NOT generally considered a category of Audit Risk?

Scoping risk is not generally considered as category of audit risk. The other risk categories are also possible types of risk; however they are not the one that question demand.

Which of the following are most commonly used to mitigate risks discovered by organizations?

Controls are most commonly used to mitigate risks discovered by organizations. This is what organizations implement as a result of the risks an organization discovers. Resources and personnel are often expended to implement controls.

Which of the following is not a type of internal controls

Administrative is not a type of internal controls. Detective is designed to detect errors or irregularities that may have occurred. Corrective is designed to correct errors or irregularities that have been detected. Preventive is designed to keep errors or irregularities from occurring.

What means the rate at which opinion of the IS Auditor would change if he selects a larger sample size?

Which of the following cannot be classified as Audit Risk?

After you enter a purchase order in an on-line system, you get the message, “The request could not be processed due to lack of funds in your budget”. This is an example of error?

To stop or prevent a wrong entry is a function of error prevention . Rest all options work after an error. Prevention works before an occurring of error.

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:

Reviewing management's long-term strategic plans helps the IS auditor:

Strategic planning sets corporate or departmental objectives into motion. Strategic planning is time- and project-oriented, but must also address and help determine priorities to meet business needs. Reviewing long-term strategic plans would not achieve the objectives expressed by the other choices.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development