In a risk-based IS audit plan, which factor most increases systems risk score?

High monetary values, high confidentiality, and high impact of disruption

Highly stable system with low monetary throughput

Complex tech but zero regulatory exposure

The strongest evidence of effective program change control in production is:

Digitally signed, system-enforced workflow logs with time-stamps and release gates

Email approvals saved by the developer

A weekly release calendar alone

A retrospective verbal sign-off

Input controls that best ensure “once and only once” capture of transactions include:

Pre-numbering, control totals, and cancellation marks

For online update systems, the auditor’s primary concern versus batch is:

Concurrency and integrity under multi-user conditions

A test data approach is least persuasive when:

The program under test is not the live production version

Both valid and invalid cases are used

Population coverage is risk-focused

Results are reconciled to expected edit routines

Integrated Test Facility (ITF) provides strong assurance if and only if the auditor ensures:

ITF entities are segregated and purged from live results post-test

ITF transactions remain in production totals for realism

Source code is rewritten by audit

Parallel simulation is most useful when:

The auditor can process the same input/data with an independent program and compare results

The client cannot share data layouts

Manual recalculation is prohibited

Snapshot techniques are preferred when the auditor needs to:

Tag selected transactions and capture processing logic path for those items

Disable edit checks temporarily

Statistical sampling advantage over nonstatistical is primarily:

Quantified sampling risk and defensible confidence/precision

Lower staff training requirements

PPS (Dollar-Unit) sampling is especially suited to detect:

Overstatements in high-value items

A 95% confidence level implies a reliability factor near:

1.96–2.00 (context dependent)

In hardware risk and controls, which pairing is strongest?

Environmental failures ↔ UPS, AC, humidity control, surge protection, maintenance

Vandalism ↔ open server rooms

Operating system control weakness most critical to investigate first:

Excessive special privileges and weak password/rights management

Effective OS review typically includes:

Change controls for system libraries and parameter hardening with audit/logging

Allowing universal write access to SYS libraries

In network architecture, a star topology’s key risk is:

Central hub/switch as single point of failure

Every node has equal token access

A firewall is best described as:

A choke-point enforcing network access policy and logging traffic that passes through

A replacement for anti-virus tools

A solution to malicious insiders

Protection against all unknown, emerging threats by default

A common Internet risk that policies and controls must address is:

Unknown external actors and back-door paths

Guaranteed attribution of all remote users

Perfect confidentiality via SMTP alone

Automatic compliance with data privacy

For data centers, which control set is most fundamental?

Physical access control, environmental protections, redundant power/links, and DRP

Confidentiality in COBIT’s criteria primarily addresses:

Preventing unauthorized disclosure of sensitive information

Ensuring information is inexpensive

Planning & Organization (PO) processes are most directly about:

Strategic direction, information architecture, tech direction, project/quality/risk management

Incident handling and operations

Installing systems into production

Acquisition & Implementation (AI) includes:

Identify automated solutions, acquire/maintain apps and tech, develop procedures, manage changes

Define service levels and manage capacity

Monitor processes and obtain assurance

Delivery & Support (DS) typically includes all except:

Install and accredit systems before go-live

Ensure continuous service and security

Manage operations, facilities, configuration, incidents

Define service levels and assist customers

Monitoring (ME) encompasses:

Independent assurance and control assessment over all domains

Which metric best indicates efficiency (vs. effectiveness)?

Cost per processed transaction at a target throughput

Percentage of complete, correct outputs

Number of stakeholders satisfied

Compliance rate with regulation

ISACA/IIA Codes of Ethics most directly require auditors to:

Act with integrity, objectivity, due care, and protect confidentiality

Disclose proprietary data publicly if useful

In engagement planning, a realistic time budget should consider:

Leave, sickness, training, and administration overheads

No allowance for unplanned work

A fixed template for all audits

A balanced audit report should include:

Purpose, scope, results, opinion, recommendations, and management’s responses

Generalized Audit Software (GAS) is favored because it:

Gives auditor direct control with lower development cost and rapid implementation

The primary objective of an annual IS audit plan built on risk assessment is to:

Allocate scarce audit resources to systems with the greatest risk

Distribute hours equally across departments

Avoid regulated areas to reduce complexity

IS Audit - Mid Exam

Authored by Irsyad Prasetia

Information Technology (IT)

University

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

An internal audit function reports administratively to the CEO but functionally to the Audit Committee. The primary benefit is:

Faster budget approvals for audit tools

Stronger independence with oversight aligned to governance expectations

Less interaction with executive management

Reduced need for audit evidence

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Which set best reflects data/transaction control objectives across input–processing–output?

Authentication, encryption, hashing

Accuracy, completeness, authorization, and proper audit trail

Efficiency, effectiveness, scalability

Identification, classification, disposal

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

An IS auditor reviews the control environment. Which observation most strongly indicates a healthy environment?

Informal role descriptions to increase flexibility

Documented structure with clear authority limits and SoD

One super-user account for all administrators

Ad-hoc policies maintained by teams

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

In manual vs. automated systems, the risk most uniquely elevated in on-line, real-time processing is:

Availability and concurrency control

Optical character recognition error

File label mismatch on tapes

Misfiled paper vouchers

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

The IS internal audit objective that most directly links to management assurance is to:

Design and implement controls

Express an opinion supported by sufficient, competent, relevant, and useful evidence

Approve business strategies

Negotiate vendor contracts

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Which pair most accurately matches preventive vs. detective application controls?

Limit check vs. batch exception report

Reconciliation vs. edit check

After-the-fact approval vs. field validation

Logging vs. encryption

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

When compensating controls are acceptable, the auditor’s focus should be on:

Whether the compensating control fully duplicates the original design

Whether residual risk is reduced to an acceptable level and is sustainable

Whether compensating control is cheaper

Whether it is manual rather than automated

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

CompTIA Security+ SY0-701 Revision Test 1

Quiz

•

University

50 questions

Preliminary Exam - ITP 311L

Quiz

•

University

50 questions

Кәсіби ағылшын 201 - 250

Quiz

•

University

50 questions

Uji Pemahaman Algoritma Pemrograman

Quiz

•

10th Grade - University

50 questions

Java қазақша 51 - 100

Quiz

•

University

50 questions

UTS Perangkat Komputer

Quiz

•

7th Grade - University

45 questions

IT2112 Networking 1 Quiz 1

Quiz

•

University

55 questions

PRELIM EXAM_INTERNET RESEARCH FOR BUSINESS

Quiz

•

University

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

18 questions

Valentines Day Trivia

Quiz

•

3rd Grade - University

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

5 questions

What is Presidents' Day?

Interactive video

•

10th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

20 questions

Mardi Gras History

Quiz

•

6th Grade - University

10 questions

The Roaring 20's Crash Course US History

Interactive video

•

11th Grade - University

17 questions

Review9_TEACHER

Quiz

•

University

IS Audit - Mid Exam

An internal audit function reports administratively to the CEO but functionally to the Audit Committee. The primary benefit is:

Which set best reflects data/transaction control objectives across input–processing–output?

An IS auditor reviews the control environment. Which observation most strongly indicates a healthy environment?

In manual vs. automated systems, the risk most uniquely elevated in on-line, real-time processing is:

The IS internal audit objective that most directly links to management assurance is to:

Which pair most accurately matches preventive vs. detective application controls?

When compensating controls are acceptable, the auditor’s focus should be on:

In a risk-based IS audit plan, which factor most increases systems risk score?

The strongest evidence of effective program change control in production is:

In audit reporting, the section most likely read by senior executives and must emphasize risk/impact is the:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)