One of the important principles in the process of collecting and evaluating evidence is Reliability . Which audit evidence is considered to have higher weight and more reliability?

Evidence that is sourced more directly, independently, or from original documents.

The evidence is the most quantity.

Evidence gathered from interviews with senior management.

Evidence that comes from a live system with no supporting documentation.

In the context of the Management Control Framework, what is the main focus of Security Management?

Includes physical, logical, and network security, and guarantees Confidentiality, Integrity, Availability (CIA Triad).

Organize programming activities so that code is free of bugs.

Ensure a disaster recovery plan (DRP) runs when the data center experiences problems.

Review the system specifications at the system planning stage.

When auditors use software such as ACL or IDEA to analyze the entire population of transaction data to efficiently detect anomalies, what audit techniques are being implemented?

Computer Assisted Audit Techniques (CAATs)

What is the main purpose of auditors to conduct a post audit or system effectiveness audit after the system has been running for some time?

To determine the extent to which the system has achieved its goals and provide input on whether the system's performance is worth maintaining or needs to be modified.

To review the system specifications that have been made.

To determine if the system is using the least possible resources.

To verify the hash values and checksums of critical data files.

Why is Code Comparison considered a crucial audit technique?

Because it allows auditors to detect unauthorized, undocumented, or suspicious changes in the production system.

Because it allows the auditor to analyze the system's performance at peak load.

Because it produces a flowchart that visualizes the flow of business processes.

Because it validates the user's data input (range, format) before processing.

A fintech startup ran into a problem: even though their system was running very fast, the reports generated by the system were often out of sync with the data in the database, causing the business decisions management made to be mistargeted. Audits should be conducted to verify the accuracy of the output and the usefulness of the information. Which information system audit objective is most relevant to this case?

Maintain system effectiveness (focusing on outputs that are beneficial to the user).

Maintain data integrity (focus on key issues).

In carrying out the Controlling Function in audit management, an audit supervisor at a fintech startup ensures that application security testing procedures (e.g. penetration testing) remain in accordance with OWASP standards, despite tight deadlines. What is the main focus of this function?

Monitor the quality of work and ensure audits run according to approved plans or standards.

Give direction and keep the team motivated.

Determine the number and competence of personnel involved.

Manage task sharing and communication flows.

In the Staffing Function stage of a digital hospital audit, why should auditors ensure the team has medical data security experts and HIPAA regulatory experts?

To determine and ensure the competence of personnel in accordance with the specific needs of the audit.

To ensure compliance with policies & regulations (control purposes).

To lead the audit (leading function).

To design a DRP (Disaster Recovery Plan).

A computer-based accounting information system is being audited. The auditor wants to test whether there are material misrepresentations in the financial statements. Based on the type, this audit is carried out in order to:

General Financial Statement Audit

Information Systems Audit (IT Governance)

[Case Study 1: ShopNusantara] The results of the evaluation of the ShopNusantara audit evidence show that the server performance metrics during peak hours exceed tolerance limits, which has a direct impact on the user experience (e.g. slow response time). These findings most strongly indicate a failure in which information system audit objective?

Maintain the effectiveness of the system (because the system is still producing outputs).

[Case Study 1: ShopNusantara] ShopNusantara auditors use Audit Hook on the payment module so that every transaction worth more than IDR 100 million is automatically flagged and verified immediately. Compared to traditional audits that are retrospective, what are the main advantages of this Concurrent Auditing technique ?

Allows for early detection and quick response to anomalies or potential fraud during operations.

Reduces system overhead and the risk of false alerts.

Ensure compliance with the Public Accountant Professional Standards (SPAP).

Replace the need for interviews and questionnaires.

[Case Study 2: Hospital] In a medical record system audit, the auditor verifies the hash values and checksums of the medical file. A finding of substantial changes without a valid log indicates a serious violation. The auditor's efforts to verify hash values and checksums technically contribute directly to the evaluation:

Reliability of evidence sources

[Case Study 2: Hospitals] The auditor's recommendation to address the gap in data modification without a trail audit is the implementation of granular access rights based on the principle of least privilege and strengthening the logging system. These actions collectively constitute a control hardening at the application layer on:

Database Control dan Output Control

Input Control dan Communication Control

Boundary Control dan Output Control

Processing Control dan Boundary Control

[Case Study 2: Hospitals] If an auditor decides to conduct in-depth interviews with physicians and nursing staff, as well as distribute questionnaires to operational staff to understand their challenges and perceptions of the system. Why is this combination of interviews and questionnaires necessary in addition to trail audit technical checks?

Because they provide insights into human processes, user perceptions, and potential risks that may not be seen in formal documentation.

Because interviews and questionnaires are part of Auditing Around the Computer.

Because interviews and questionnaires give definite results about hash values.

Because interviews can replace the need to create Control Flowcharts.

[Case Study 2: Hospital] If the hospital has a very detailed and tested Disaster Recovery Plan (DRP) procedure . This DRP test is specifically correlated with the Management Control Framework components in the area:

Data Resource Management (Backup & Recovery)

Security Management (CIA Triad)

System Development Management (SDLC)

[Case Study 3: Manufacturing ERP] The auditor tested the Production and Inventory modules and found that the system often generated negative stock reports or showed unexplained inventory differences because the calculation logic between the different modules was out of sync. This failure is most strongly caused by a weakness in which part of the app's controls?

Processing Control, because the data is processed not according to the rules (the calculation logic is out of sync).

Input Control, because the input data entered is incorrect.

Output Control, because the report is not properly secured.

Communication Control, because the data is not encrypted during transmission.

[Case Study 3: Manufacturing ERP] Referring to the objective of the information system audit, if the ineffective performance of the ERP system causes the production manager to be unable to create an optimal production schedule, this can negatively impact the objectives:

Achieve resource efficiency (It is the effect, not the main cause).

[Case Study 3: ERP Manufacturing] If the manager asks the auditor to conduct a system effectiveness audit at the system planning stage (before the system goes live) because the user is not sure that he has fully disclosed the system requirements. What will be the auditor's main focus at this stage?

Review the system specifications that have been created.

Compare newly created code with previous versions (Code Comparison).

Analyze server throughput and latency.

Apply Audit Hook to transactions that don't exist yet.

[Case Study 4: APBD/IT] Local government auditors use ACL Analytics to analyze thousands of APBD transactions, looking for duplicate payments or price anomalies. The use of ACLs for audit time efficiency is an example of the implementation of which audit management functions, is related to the efficiency audit objective?

Use of CAATs (Auditing With Computer) for audit time efficiency.

[Case Study 4: APBD/IT] When auditors use Nessus to find SQL Injection gaps in regional e-commerce systems, this is directly related to strengthening controls in the area:

Programming Management (Validation of user input) and Security Management.

Data Resource Management (Backup & Recovery).

Why should the Auditor assess the residual risk level once internal controls are in place?

Because internal controls may fail to prevent or detect material errors or cheating.

Because residual risk is the main goal of Application Control.

Because residual risk indicates that Auditing Around the Computer has failed.

Because residual risk determines whether the system should be abandoned or modified.

When an audit code review finds the use of unsanitized SQL parameters that opens a SQL injection loophole, this vulnerability has the potential to undermine the purpose of which audit directly?

Data integrity and asset security.

The Planning Function is the initial stage of the audit. Why should case studies involving core banking system audits set audit objectives to ensure that the system complies with OJK regulations?

Because planning must establish the scope and objectives of the audit in accordance with compliance with applicable regulations.

Because OJK provides audit tools such as ACL and IDEA.

Because the OJK is the most reliable source of evidence.

Because regulatory compliance can only be tested using Auditing Through the Computer.

When the auditor compares the version of the production code with the approved version in the repository and finds the backdoor, the next recommended course of action is forensic investigation. Why is forensic investigation an important step?

To determine who added the code and whether an exploit occurred, as well as determine the root cause of the security breach.

Because the backdoor can only be detected by interview.

Because forensics is part of Performance Measuring Tools.

To ensure the completeness of the test data used.

Evaluation of system efficiency in e-learning systems shows that database query optimization and increased server capacity are recommended because extreme spikes in memory consumption cause timeouts. If this optimization is successful, what is the positive impact on Control Risk?

The risk that the control is skipped (due to the system being slow) can be reduced, so the Control Risk decreases.

Control Risk will increase as the system becomes faster.

Control Risk will remain the same because efficiency is not related to control.

The risk of false positives from Audit Software will increase.

UTS Audit SI

Authored by Farid Pribadi

Information Technology (IT)

University

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

40 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

According to Ron Weber's (1999, 10) definition, Information Systems Audit is the process of gathering and assessing evidence to determine whether a computer system can secure assets, maintain data integrity, can effectively promote the achievement of organizational goals, and use resources efficiently. The terms for competent, objective, and impartial parties who carry out this evaluation are referred to as:

Programmer

Project Manager

Auditor

Consultant

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In the historical development of Information Systems Auditing, the Electronic Data Processing Auditors Association (EDPAA) changed its name in 1994 to:

AICPA

COBIT

ISACA

GIZMO

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Based on the summary of the material, one of the main components that make up the Information System along with hardware, software, and procedures is:

User Interface

Server

Database

Brainware

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Controls designed to prevent errors or irregularities from occurring at all in information systems are referred to as:

Corrective control

Detective control

Compensating control

Preventive control

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the fundamental difference between an information system audit conducted in the context of a financial statement audit (General Financial Audit) and an audit conducted in relation to IT Governance?

Financial Audit uses the Auditing With Computer technique, while IT Governance Audit uses Auditing Around the Computer.

Financial Audits aim to ensure resource efficiency, while IT Governance Audits aim to secure assets.

Financial Audit uses an internal control reference model, usually COSO, while IT Governance Audit typically uses CobIT.

Financial Audits are conducted by internal auditors, while IT Governance Audits are conducted by external auditors.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An auditing approach that treats computers as black boxes and focuses only on system inputs and outputs, without testing the processing steps directly, is known as the method:

Auditing Through the Computer

Auditing With Computer

Auditing Around the Computer

Concurrent Auditing Techniques

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Data integrity is defined based on the completeness, goodness, and accuracy of the data. Why is maintaining data integrity considered important for organizations?

To ensure the system uses the minimum possible resources (efficiency).

So that the auditor can conduct a post audit after the system has been running for some time.

Without data integrity, organizations can't properly present a portrait of themselves, leading to critical decisions being mistargeted.

To restrict programmers' access to production data.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

45 questions

IT2112 Networking 1 Quiz 1

Quiz

•

University

35 questions

Lenguaje estructurado de consultas

Quiz

•

University

35 questions

Arduino

Quiz

•

10th Grade - University

43 questions

MGMT 2080 - Exam 2

Quiz

•

University

35 questions

2nd Year Data Structures Quiz Qn

Quiz

•

University

38 questions

Quiz sur Apollo GraphQL

Quiz

•

University

35 questions

untitled

Quiz

•

3rd Grade - University

40 questions

Communication and Literacy Quiz

Quiz

•

12th Grade - University

Popular Resources on Wayground

8 questions

2 Step Word Problems

Quiz

•

KG - University

20 questions

Comparing Fractions

Quiz

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Latin Bases claus(clois,clos, clud, clus) and ped

Quiz

•

6th - 8th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

7 questions

The Story of Books

Quiz

•

6th - 8th Grade

Discover more resources for Information Technology (IT)

8 questions

2 Step Word Problems

Quiz

•

KG - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

10 questions

14.2 Independent/Dependent Variables

Quiz

•

KG - University

18 questions

Great Lakes States

Quiz

•

KG - University

7 questions

DNA, Chromosomes, Genes, and Traits: An Intro to Heredity

Interactive video

•

11th Grade - University

7 questions

Reflexive Verbs in Spanish

Lesson

•

9th Grade - University

7 questions

Narrative Writing 1

Interactive video

•

4th Grade - University