Choose the correct chain of audit project management basic steps:

Plan → build → execute → monitor

Plan → execute → develop → close

Plan → execute → build → monitor

Plan → develop → execute → close

What is true about follow-up activities?

The main objective of follow-up activities is to validate whether management has implemented the recommendations.

Serve as a valid reference for any party researching the auditor or audit topic.

Provide statements of assurance and, if needed, identification of areas requiring corrective action and related recommendations.

Conducted at the end of the audit, provides an IS auditor with the opportunity to discuss findings and recommendations with the auditee management.

What is true about COBIT?

EGIT framework that ensures that IT is aligned with the business and delivers value for the business.

Detailed framework for the operational service management of IT.

It provides guidelines on risk management for organizations.

Set of best practices for information security programs

ITGC: Access to program and data does not include which of the following processes:

Access provisioning/deprovisioning

Identification and authentication

What is the primary purpose of an audit trail in an information system?

To monitor and log user activities and changes for security and compliance purposes

To track and record all system performance metrics

To enhance system speed and efficiency

What is the purpose of testing the performance of a system during peak hours?

To ensure the system operates effectively under stress

To monitor and log user activities

To track and record all system performance metrics

What is not a risk associated with ITGC: Access to program and data:

Slow system performance due to network latency

What is a relational database?

A method of storing data in tables with defined relationships

A table showing access rights of subjects to objects in a computer system

A method of data protection through encryption

A table showing the access rights of subjects to objects in a computer system

A method of data protection through encryption

A method of memory allocation in an operating system

What is not considered as best practice for access termination:

Termination within 5 or more days

What is the main purpose of multi-factor authentication (MFA)?

To provide an additional layer of security by requiring multiple forms of verification

To improve user experience by simplifying the login process

To allow users to reset their passwords easily

To monitor and log all user activities during login attempts

Choose the correct chain of software development testing:

Unit → Integration → System → Final acceptance testing

System → Integration → Unit → Final acceptance testing

Integration → Unit → System → Final acceptance testing

Unit → System → Final acceptance testing → Integration

What is a compensating control?

A security measure that is used when it is not possible to implement the primary control or primary control seemed to be ineffective

A control that replicates an existing security control to improve efficiency

A control implemented to mitigate risks when the primary control is not possible or effective

A control designed to reduce costs

What is the correct sequence of the System Development Life Cycle (SDLC) phases for a purchased solution?

Feasibility study → Software selection → Configuration → Final testing → Post-implementation

Feasibility study → Requirements definition → Development → Final testing → Post-implementation

Feasibility study → Requirements definition → Design → Final testing → Post-implementation

Feasibility study → Software selection → Design → Configuration → Final testing → Post-implementation

Audit and Risk Management Quiz

Authored by Anel Aqtasova

Information Technology (IT)

12th Grade

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

33 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Audit charter includes all the following except:

The mission, purpose, and objective of the audit function

The responsibilities of management

The responsibilities of internal auditors

The scope of the audit project

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Depending on how the risk can be calculated/measured, two types of risk can be distinguished. What are the two types?

Inherent, residual

Gross, net

Qualitative, quantitative

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

High risk is identified when:

A process issue may result in damage to the reputation of the organization that will take more than six months to recover.

A process issue may result in damage to the reputation of the organization that will take less than six months but more than three months to recover.

A process issue may result in damage to the reputation of the organization that will take less than three months to recover.

OPEN ENDED QUESTION

3 mins • 1 pt

Medium risk is identified when:

Evaluate responses using AI:

OFF

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is not a characteristic of type of control?

Automated

Manual

Written

Combined

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the primary purpose of corrective control?

Prevent the occurrence

Detect as well as correct the error

Detect the error

Act as deterrence to prevent error

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The assessment of countermeasures should be based on the following:

The cost of the control compared to the benefit of minimizing the risk

Management's risk appetite (i.e., the level of residual risk that management is prepared to accept)

Preferred risk-reduction methods

All the above

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

30 questions

Information Systems Quiz

Quiz

•

12th Grade

30 questions

Information Processing Quiz

Quiz

•

12th Grade

35 questions

ASTS TIK 6 GENAP

Quiz

•

6th Grade - University

30 questions

Entrepreneurship Skill -II (PART -I)

Quiz

•

10th Grade - University

32 questions

ICT Grade 8 Chapter 5.1.2 Exploring Autonomous Transport Systems

Quiz

•

8th Grade - University

30 questions

Matplotlib MCQ Questions

Quiz

•

12th Grade - University

37 questions

AP Comp Sci A - CodeHS Unit 1 Vocab

Quiz

•

12th Grade

28 questions

Understanding Cloud Computing

Quiz

•

12th Grade

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Information Technology (IT)

18 questions

Informative or Argumentative essay

Quiz

•

5th Grade - University

20 questions

Career

Quiz

•

9th - 12th Grade

20 questions

Consumer Skills

Quiz

•

9th - 12th Grade

20 questions

Cartoon Characters

Quiz

•

12th Grade

20 questions

Food Chains and Food Webs

Quiz

•

7th - 12th Grade

10 questions

Geography of East Asia

Interactive video

•

7th - 12th Grade

20 questions

AEST Ag. Associates/Systems

Quiz

•

9th - 12th Grade

20 questions

Banking

Quiz

•

9th - 12th Grade

Audit and Risk Management Quiz

Audit charter includes all the following except:

Depending on how the risk can be calculated/measured, two types of risk can be distinguished. What are the two types?

High risk is identified when:

Medium risk is identified when:

What is not a characteristic of type of control?

What is the primary purpose of corrective control?

The assessment of countermeasures should be based on the following:

The involvement of a third party is an example of what type of risk response?

Choose the correct chain of audit project management basic steps:

What can be considered as the bridge or interface between the audit objectives and the final deliverables?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)