In a risk-based IS audit plan, which factor most increases systems risk score?

High monetary values, high confidentiality, and high impact of disruption

Highly stable system with low monetary throughput

Complex tech but zero regulatory exposure

The strongest evidence of effective program change control in production is:

Digitally signed, system-enforced workflow logs with time-stamps and release gates

Email approvals saved by the developer

A weekly release calendar alone

A retrospective verbal sign-off

Input controls that best ensure “once and only once” capture of transactions include:

Pre-numbering, control totals, and cancellation marks

For online update systems, the auditor’s primary concern versus batch is:

Concurrency and integrity under multi-user conditions

A test data approach is least persuasive when:

The program under test is not the live production version

Both valid and invalid cases are used

Population coverage is risk-focused

Results are reconciled to expected edit routines

Integrated Test Facility (ITF) provides strong assurance if and only if the auditor ensures:

ITF entities are segregated and purged from live results post-test

ITF transactions remain in production totals for realism

Source code is rewritten by audit

Parallel simulation is most useful when:

The auditor can process the same input/data with an independent program and compare results

The client cannot share data layouts

Manual recalculation is prohibited

Snapshot techniques are preferred when the auditor needs to:

Tag selected transactions and capture processing logic path for those items

Disable edit checks temporarily

Statistical sampling advantage over nonstatistical is primarily:

Quantified sampling risk and defensible confidence/precision

Lower staff training requirements

PPS (Dollar-Unit) sampling is especially suited to detect:

Overstatements in high-value items

A 95% confidence level implies a reliability factor near:

1.96–2.00 (context dependent)

In hardware risk and controls, which pairing is strongest?

Environmental failures ↔ UPS, AC, humidity control, surge protection, maintenance

Vandalism ↔ open server rooms

Operating system control weakness most critical to investigate first:

Excessive special privileges and weak password/rights management

Effective OS review typically includes:

Change controls for system libraries and parameter hardening with audit/logging

Allowing universal write access to SYS libraries

In network architecture, a star topology’s key risk is:

Central hub/switch as single point of failure

Every node has equal token access

A firewall is best described as:

A choke-point enforcing network access policy and logging traffic that passes through

A replacement for anti-virus tools

A solution to malicious insiders

Protection against all unknown, emerging threats by default

A common Internet risk that policies and controls must address is:

Unknown external actors and back-door paths

Guaranteed attribution of all remote users

Perfect confidentiality via SMTP alone

Automatic compliance with data privacy

For data centers, which control set is most fundamental?

Physical access control, environmental protections, redundant power/links, and DRP

Confidentiality in COBIT’s criteria primarily addresses:

Preventing unauthorized disclosure of sensitive information

Ensuring information is inexpensive

Planning & Organization (PO) processes are most directly about:

Strategic direction, information architecture, tech direction, project/quality/risk management

Incident handling and operations

Installing systems into production

Acquisition & Implementation (AI) includes:

Identify automated solutions, acquire/maintain apps and tech, develop procedures, manage changes

Define service levels and manage capacity

Monitor processes and obtain assurance

Delivery & Support (DS) typically includes all except:

Install and accredit systems before go-live

Ensure continuous service and security

Manage operations, facilities, configuration, incidents

Define service levels and assist customers

Monitoring (ME) encompasses:

Independent assurance and control assessment over all domains

Which metric best indicates efficiency (vs. effectiveness)?

Cost per processed transaction at a target throughput

Percentage of complete, correct outputs

Number of stakeholders satisfied

Compliance rate with regulation

ISACA/IIA Codes of Ethics most directly require auditors to:

Act with integrity, objectivity, due care, and protect confidentiality

Disclose proprietary data publicly if useful

In engagement planning, a realistic time budget should consider:

Leave, sickness, training, and administration overheads

No allowance for unplanned work

A fixed template for all audits

A balanced audit report should include:

Purpose, scope, results, opinion, recommendations, and management’s responses

Generalized Audit Software (GAS) is favored because it:

Gives auditor direct control with lower development cost and rapid implementation

The primary objective of an annual IS audit plan built on risk assessment is to:

Allocate scarce audit resources to systems with the greatest risk

Distribute hours equally across departments

Avoid regulated areas to reduce complexity

IS Audit - Mid Exam

University

•

50 Qs

Similar activities

SUMATIF Scracth kelas 8

8th Grade - University

•

50 Qs

LATIHAN SAS INFORMATIKA KELAS 9

9th Grade - University

•

45 Qs

Pengantar Teknologi Informasi

University

•

50 Qs

Uji Pengetahuan Informatika Kelas 8

8th Grade - University

•

50 Qs

Latihan Soal Kelas XI F

11th Grade - University

•

53 Qs

TechJar Round 1

University

•

45 Qs

CCNA 2 final exam part 1

University

•

55 Qs

Кәсіби ағылшын 51 - 100

University

•

50 Qs

IS Audit - Mid Exam

Quiz

•

Information Technology (IT)

•

University

•

Practice Problem

•

Medium

Irsyad Prasetia

Used 1+ times

FREE Resource

Whether compensating control is cheaper

Whether it is manual rather than automated

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

46 questions

Prelim: Project Management

Quiz

•

University

50 questions

Quiz Pengetahuan Umum

Quiz

•

10th Grade - University

50 questions

Инф 7 нұсқа

Quiz

•

11th Grade - University

50 questions

PSAT TIK VII A 2025

Quiz

•

7th Grade - University

50 questions

Persiapan PAT Genap 2024-2025

Quiz

•

8th Grade - University

45 questions

Analisis dan Visualisasi Data Kualitatif

Quiz

•

12th Grade - University

54 questions

CC-COMPROG11 - Computer Programming 1 Midterm Examination

Quiz

•

University

50 questions

Multimodal Interaction Design Questions 1-14

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

5 questions

Poetry Interpretation

Interactive video

•

4th Grade - University

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

15 questions

Review1

Quiz

•

University

15 questions

Pre1

Quiz

•

University

IS Audit - Mid Exam

50 questions

An internal audit function reports administratively to the CEO but functionally to the Audit Committee. The primary benefit is:

Which set best reflects data/transaction control objectives across input–processing–output?

An IS auditor reviews the control environment. Which observation most strongly indicates a healthy environment?

In manual vs. automated systems, the risk most uniquely elevated in on-line, real-time processing is:

The IS internal audit objective that most directly links to management assurance is to:

Which pair most accurately matches preventive vs. detective application controls?

When compensating controls are acceptable, the auditor’s focus should be on:

In a risk-based IS audit plan, which factor most increases systems risk score?

The strongest evidence of effective program change control in production is:

In audit reporting, the section most likely read by senior executives and must emphasize risk/impact is the:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)