One of the important principles in the process of collecting and evaluating evidence is Reliability . Which audit evidence is considered to have higher weight and more reliability?

Evidence that is sourced more directly, independently, or from original documents.

The evidence is the most quantity.

Evidence gathered from interviews with senior management.

Evidence that comes from a live system with no supporting documentation.

In the context of the Management Control Framework, what is the main focus of Security Management?

Includes physical, logical, and network security, and guarantees Confidentiality, Integrity, Availability (CIA Triad).

Organize programming activities so that code is free of bugs.

Ensure a disaster recovery plan (DRP) runs when the data center experiences problems.

Review the system specifications at the system planning stage.

When auditors use software such as ACL or IDEA to analyze the entire population of transaction data to efficiently detect anomalies, what audit techniques are being implemented?

Computer Assisted Audit Techniques (CAATs)

What is the main purpose of auditors to conduct a post audit or system effectiveness audit after the system has been running for some time?

To determine the extent to which the system has achieved its goals and provide input on whether the system's performance is worth maintaining or needs to be modified.

To review the system specifications that have been made.

To determine if the system is using the least possible resources.

To verify the hash values and checksums of critical data files.

Why is Code Comparison considered a crucial audit technique?

Because it allows auditors to detect unauthorized, undocumented, or suspicious changes in the production system.

Because it allows the auditor to analyze the system's performance at peak load.

Because it produces a flowchart that visualizes the flow of business processes.

Because it validates the user's data input (range, format) before processing.

A fintech startup ran into a problem: even though their system was running very fast, the reports generated by the system were often out of sync with the data in the database, causing the business decisions management made to be mistargeted. Audits should be conducted to verify the accuracy of the output and the usefulness of the information. Which information system audit objective is most relevant to this case?

Maintain system effectiveness (focusing on outputs that are beneficial to the user).

Maintain data integrity (focus on key issues).

In carrying out the Controlling Function in audit management, an audit supervisor at a fintech startup ensures that application security testing procedures (e.g. penetration testing) remain in accordance with OWASP standards, despite tight deadlines. What is the main focus of this function?

Monitor the quality of work and ensure audits run according to approved plans or standards.

Give direction and keep the team motivated.

Determine the number and competence of personnel involved.

Manage task sharing and communication flows.

In the Staffing Function stage of a digital hospital audit, why should auditors ensure the team has medical data security experts and HIPAA regulatory experts?

To determine and ensure the competence of personnel in accordance with the specific needs of the audit.

To ensure compliance with policies & regulations (control purposes).

To lead the audit (leading function).

To design a DRP (Disaster Recovery Plan).

A computer-based accounting information system is being audited. The auditor wants to test whether there are material misrepresentations in the financial statements. Based on the type, this audit is carried out in order to:

General Financial Statement Audit

Information Systems Audit (IT Governance)

[Case Study 1: ShopNusantara] The results of the evaluation of the ShopNusantara audit evidence show that the server performance metrics during peak hours exceed tolerance limits, which has a direct impact on the user experience (e.g. slow response time). These findings most strongly indicate a failure in which information system audit objective?

Maintain the effectiveness of the system (because the system is still producing outputs).

[Case Study 1: ShopNusantara] ShopNusantara auditors use Audit Hook on the payment module so that every transaction worth more than IDR 100 million is automatically flagged and verified immediately. Compared to traditional audits that are retrospective, what are the main advantages of this Concurrent Auditing technique ?

Allows for early detection and quick response to anomalies or potential fraud during operations.

Reduces system overhead and the risk of false alerts.

Ensure compliance with the Public Accountant Professional Standards (SPAP).

Replace the need for interviews and questionnaires.

[Case Study 2: Hospital] In a medical record system audit, the auditor verifies the hash values and checksums of the medical file. A finding of substantial changes without a valid log indicates a serious violation. The auditor's efforts to verify hash values and checksums technically contribute directly to the evaluation:

Reliability of evidence sources

[Case Study 2: Hospitals] The auditor's recommendation to address the gap in data modification without a trail audit is the implementation of granular access rights based on the principle of least privilege and strengthening the logging system. These actions collectively constitute a control hardening at the application layer on:

Database Control dan Output Control

Input Control dan Communication Control

Boundary Control dan Output Control

Processing Control dan Boundary Control

[Case Study 2: Hospitals] If an auditor decides to conduct in-depth interviews with physicians and nursing staff, as well as distribute questionnaires to operational staff to understand their challenges and perceptions of the system. Why is this combination of interviews and questionnaires necessary in addition to trail audit technical checks?

Because they provide insights into human processes, user perceptions, and potential risks that may not be seen in formal documentation.

Because interviews and questionnaires are part of Auditing Around the Computer.

Because interviews and questionnaires give definite results about hash values.

Because interviews can replace the need to create Control Flowcharts.

[Case Study 2: Hospital] If the hospital has a very detailed and tested Disaster Recovery Plan (DRP) procedure . This DRP test is specifically correlated with the Management Control Framework components in the area:

Data Resource Management (Backup & Recovery)

Security Management (CIA Triad)

System Development Management (SDLC)

[Case Study 3: Manufacturing ERP] The auditor tested the Production and Inventory modules and found that the system often generated negative stock reports or showed unexplained inventory differences because the calculation logic between the different modules was out of sync. This failure is most strongly caused by a weakness in which part of the app's controls?

Processing Control, because the data is processed not according to the rules (the calculation logic is out of sync).

Input Control, because the input data entered is incorrect.

Output Control, because the report is not properly secured.

Communication Control, because the data is not encrypted during transmission.

[Case Study 3: Manufacturing ERP] Referring to the objective of the information system audit, if the ineffective performance of the ERP system causes the production manager to be unable to create an optimal production schedule, this can negatively impact the objectives:

Achieve resource efficiency (It is the effect, not the main cause).

[Case Study 3: ERP Manufacturing] If the manager asks the auditor to conduct a system effectiveness audit at the system planning stage (before the system goes live) because the user is not sure that he has fully disclosed the system requirements. What will be the auditor's main focus at this stage?

Review the system specifications that have been created.

Compare newly created code with previous versions (Code Comparison).

Analyze server throughput and latency.

Apply Audit Hook to transactions that don't exist yet.

[Case Study 4: APBD/IT] Local government auditors use ACL Analytics to analyze thousands of APBD transactions, looking for duplicate payments or price anomalies. The use of ACLs for audit time efficiency is an example of the implementation of which audit management functions, is related to the efficiency audit objective?

Use of CAATs (Auditing With Computer) for audit time efficiency.

[Case Study 4: APBD/IT] When auditors use Nessus to find SQL Injection gaps in regional e-commerce systems, this is directly related to strengthening controls in the area:

Programming Management (Validation of user input) and Security Management.

Data Resource Management (Backup & Recovery).

Why should the Auditor assess the residual risk level once internal controls are in place?

Because internal controls may fail to prevent or detect material errors or cheating.

Because residual risk is the main goal of Application Control.

Because residual risk indicates that Auditing Around the Computer has failed.

Because residual risk determines whether the system should be abandoned or modified.

When an audit code review finds the use of unsanitized SQL parameters that opens a SQL injection loophole, this vulnerability has the potential to undermine the purpose of which audit directly?

Data integrity and asset security.

The Planning Function is the initial stage of the audit. Why should case studies involving core banking system audits set audit objectives to ensure that the system complies with OJK regulations?

Because planning must establish the scope and objectives of the audit in accordance with compliance with applicable regulations.

Because OJK provides audit tools such as ACL and IDEA.

Because the OJK is the most reliable source of evidence.

Because regulatory compliance can only be tested using Auditing Through the Computer.

When the auditor compares the version of the production code with the approved version in the repository and finds the backdoor, the next recommended course of action is forensic investigation. Why is forensic investigation an important step?

To determine who added the code and whether an exploit occurred, as well as determine the root cause of the security breach.

Because the backdoor can only be detected by interview.

Because forensics is part of Performance Measuring Tools.

To ensure the completeness of the test data used.

Evaluation of system efficiency in e-learning systems shows that database query optimization and increased server capacity are recommended because extreme spikes in memory consumption cause timeouts. If this optimization is successful, what is the positive impact on Control Risk?

The risk that the control is skipped (due to the system being slow) can be reduced, so the Control Risk decreases.

Control Risk will increase as the system becomes faster.

Control Risk will remain the same because efficiency is not related to control.

The risk of false positives from Audit Software will increase.

UTS Audit SI

University

•

40 Qs

Similar activities

Quiztronic

University

•

40 Qs

Lecture Activity 2: IOT

University

•

40 Qs

Soal Informatika Kelas 9

9th Grade - University

•

36 Qs

UH Topologi Jaringan Komputer

11th Grade - University

•

35 Qs

ASTS TIK 4 GENAP

4th Grade - University

•

35 Qs

SAS INFORMATIKA 9 SMT 1

9th Grade - University

•

40 Qs

Bagian 1: Berpikir Komputasional - Algoritma dan Dekomposisi

9th Grade - University

•

40 Qs

UH 2 Perlindungan Data Pribadi

9th Grade - University

•

35 Qs

UTS Audit SI

Quiz

•

Information Technology (IT)

•

University

•

Practice Problem

•

Medium

Farid Pribadi

Used 2+ times

FREE Resource

Without data integrity, organizations can't properly present a portrait of themselves, leading to critical decisions being mistargeted.

To restrict programmers' access to production data.

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

45 questions

INFORMATIKA JARINGAN KOMPUTER DAN INTERNET

Quiz

•

10th Grade - University

40 questions

Revision Quiz

Quiz

•

University

35 questions

Chapter 3 Mastering Significant Figures and Estimation

Quiz

•

7th Grade - University

40 questions

TIK-9

Quiz

•

8th Grade - University

41 questions

Quiz sobre Redes

Quiz

•

University

40 questions

FLOWCHART-UH2

Quiz

•

9th Grade - University

45 questions

MS Word Kelas 5

Quiz

•

5th Grade - University

40 questions

IoT Informatika kelas 9

Quiz

•

9th Grade - University

Popular Resources on Wayground

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

15 questions

Solving Equations with Variables on Both Sides Review

Quiz

•

8th Grade

Discover more resources for Information Technology (IT)

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

7 questions

Different Types of Energy

Interactive video

•

4th Grade - University

7 questions

Transition Words and Phrases

Interactive video

•

4th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Biomolecules (Updated)

Interactive video

•

11th Grade - University

34 questions

Unit 5 Review - The Middle Ages in Europe-B

Quiz

•

9th Grade - University

26 questions

Day2 classwork: Permutation and combination

Quiz

•

2nd Grade - University

5 questions

Using Context Clues

Interactive video

•

4th Grade - University