In a risk-based IS audit plan, which factor most increases systems risk score?

High monetary values, high confidentiality, and high impact of disruption

Highly stable system with low monetary throughput

Complex tech but zero regulatory exposure

The strongest evidence of effective program change control in production is:

Digitally signed, system-enforced workflow logs with time-stamps and release gates

Email approvals saved by the developer

A weekly release calendar alone

A retrospective verbal sign-off

Input controls that best ensure “once and only once” capture of transactions include:

Pre-numbering, control totals, and cancellation marks

For online update systems, the auditor’s primary concern versus batch is:

Concurrency and integrity under multi-user conditions

A test data approach is least persuasive when:

The program under test is not the live production version

Both valid and invalid cases are used

Population coverage is risk-focused

Results are reconciled to expected edit routines

Integrated Test Facility (ITF) provides strong assurance if and only if the auditor ensures:

ITF entities are segregated and purged from live results post-test

ITF transactions remain in production totals for realism

Source code is rewritten by audit

Parallel simulation is most useful when:

The auditor can process the same input/data with an independent program and compare results

The client cannot share data layouts

Manual recalculation is prohibited

Snapshot techniques are preferred when the auditor needs to:

Tag selected transactions and capture processing logic path for those items

Disable edit checks temporarily

Statistical sampling advantage over nonstatistical is primarily:

Quantified sampling risk and defensible confidence/precision

Lower staff training requirements

PPS (Dollar-Unit) sampling is especially suited to detect:

Overstatements in high-value items

A 95% confidence level implies a reliability factor near:

1.96–2.00 (context dependent)

In hardware risk and controls, which pairing is strongest?

Environmental failures ↔ UPS, AC, humidity control, surge protection, maintenance

Vandalism ↔ open server rooms

Operating system control weakness most critical to investigate first:

Excessive special privileges and weak password/rights management

Effective OS review typically includes:

Change controls for system libraries and parameter hardening with audit/logging

Allowing universal write access to SYS libraries

In network architecture, a star topology’s key risk is:

Central hub/switch as single point of failure

Every node has equal token access

A firewall is best described as:

A choke-point enforcing network access policy and logging traffic that passes through

A replacement for anti-virus tools

A solution to malicious insiders

Protection against all unknown, emerging threats by default

A common Internet risk that policies and controls must address is:

Unknown external actors and back-door paths

Guaranteed attribution of all remote users

Perfect confidentiality via SMTP alone

Automatic compliance with data privacy

For data centers, which control set is most fundamental?

Physical access control, environmental protections, redundant power/links, and DRP

Confidentiality in COBIT’s criteria primarily addresses:

Preventing unauthorized disclosure of sensitive information

Ensuring information is inexpensive

Planning & Organization (PO) processes are most directly about:

Strategic direction, information architecture, tech direction, project/quality/risk management

Incident handling and operations

Installing systems into production

Acquisition & Implementation (AI) includes:

Identify automated solutions, acquire/maintain apps and tech, develop procedures, manage changes

Define service levels and manage capacity

Monitor processes and obtain assurance

Delivery & Support (DS) typically includes all except:

Install and accredit systems before go-live

Ensure continuous service and security

Manage operations, facilities, configuration, incidents

Define service levels and assist customers

Monitoring (ME) encompasses:

Independent assurance and control assessment over all domains

Which metric best indicates efficiency (vs. effectiveness)?

Cost per processed transaction at a target throughput

Percentage of complete, correct outputs

Number of stakeholders satisfied

Compliance rate with regulation

ISACA/IIA Codes of Ethics most directly require auditors to:

Act with integrity, objectivity, due care, and protect confidentiality

Disclose proprietary data publicly if useful

In engagement planning, a realistic time budget should consider:

Leave, sickness, training, and administration overheads

No allowance for unplanned work

A fixed template for all audits

A balanced audit report should include:

Purpose, scope, results, opinion, recommendations, and management’s responses

Generalized Audit Software (GAS) is favored because it:

Gives auditor direct control with lower development cost and rapid implementation

The primary objective of an annual IS audit plan built on risk assessment is to:

Allocate scarce audit resources to systems with the greatest risk

Distribute hours equally across departments

Avoid regulated areas to reduce complexity

IS Audit - Mid Exam

University

•

50 Qs

Similar activities

Кәсіби ағылшын 151 - 200

University

•

50 Qs

ST#2 (ONSITE)

12th Grade - University

•

45 Qs

UTS SQA Part 2

University

•

50 Qs

CISCO AIDANA

University

•

52 Qs

PL/SQL Brain Bowl Championship!

University

•

50 Qs

DMC 101- Formative Assessment # 2- Photopea

University

•

50 Qs

NEW Informatics Quiz for Grade 7 2526

7th Grade - University

•

53 Qs

Materi Internet Kelas 4 SD Kesatuan

4th Grade - University

•

50 Qs

IS Audit - Mid Exam

Quiz

•

Information Technology (IT)

•

University

•

Practice Problem

•

Medium

Irsyad Prasetia

Used 1+ times

FREE Resource

Whether compensating control is cheaper

Whether it is manual rather than automated

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

LQ#2_IS101 (Fundamentals of Information Systems)

Quiz

•

University

50 questions

FHCI Quiz 02

Quiz

•

University

50 questions

Quiz HTML Easy

Quiz

•

3rd Grade - University

50 questions

Mobile Devices Quiz

Quiz

•

University

47 questions

BÀI 2: CÁC GIAO THỨC MẠNG

Quiz

•

10th Grade - University

45 questions

EER Model Concepts and Relationships

Quiz

•

University

55 questions

C++ Object-Oriented Programming Quiz

Quiz

•

University

50 questions

Disruptive Technology Quiz

Quiz

•

University

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

Discover more resources for Information Technology (IT)

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

7 questions

Different Types of Energy

Interactive video

•

4th Grade - University

20 questions

Slopes and Slope-Intercept Form

Quiz

•

8th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Biomolecules (Updated)

Interactive video

•

11th Grade - University

20 questions

Winter/Holiday Trivia

Quiz

•

KG - University

10 questions

WINTER WIN Time - ELA - 12/9/2025

Quiz

•

KG - University

7 questions

Human Impact on Resources

Interactive video

•

4th Grade - University

IS Audit - Mid Exam

50 questions

An internal audit function reports administratively to the CEO but functionally to the Audit Committee. The primary benefit is:

Which set best reflects data/transaction control objectives across input–processing–output?

An IS auditor reviews the control environment. Which observation most strongly indicates a healthy environment?

In manual vs. automated systems, the risk most uniquely elevated in on-line, real-time processing is:

The IS internal audit objective that most directly links to management assurance is to:

Which pair most accurately matches preventive vs. detective application controls?

When compensating controls are acceptable, the auditor’s focus should be on:

In a risk-based IS audit plan, which factor most increases systems risk score?

The strongest evidence of effective program change control in production is:

In audit reporting, the section most likely read by senior executives and must emphasize risk/impact is the:

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)