Module 7 Isa
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Module 7 Isa as PDF for free.
More details
- Words: 3,156
- Pages: 10
1
The most common reason for IS an exposure is due to: a. Errors negligence and low tech. manipulations by insiders b. Hacking c. Computer Equipment breakdown d. Natural Disasters such as fire, earthquake and floods.
The Most Appropriate answer is “A” Errors negligence and low tech. manipulations by insiders. 2.
IS security is not concerned with: a. Possibilities of Fraud and Errors b. Ability to manage IT resources effectively c. Attempt of company to keep its information intact d. Ability to recover from disasters like data loss with minimum damage.
The Most appropriate answer is “B” Ability to manage IT resources effectively. 3.
The objective of IS security is least likely to include: a. Strategy for Risk Management b. Procedures and practices to assure that computer facilities are available at all required times c. Complete and Efficient processing of data resources d. Restriction of data access to authorized users.
The Most appropriate answer is “A” Strategy for Risk Management. 4.
The process of Risk Assessment involves all of the following except: a. Take steps to reduce risk to an acceptable level b. Assess probability of occurrence of threats c. Identify the IT resources d. Ascertain the risk profile
The most appropriate answer is “A” Take steps to reduce risk to an acceptable level 5.
The Risk Assessment approach should ensure that formal agreement on residual risk. The most critical factor on which this depends is : a. Risk identification and measurement b. Corporate policy c. Adopting risk assessment approach of that of the competitor d. Cost effectiveness of implementing safeguards and controls
The most appropriate answer is “D” Cost effectiveness of implementing safeguards and controls 6.
Exposures refers to: a. Quantification of potential impact of problem b. Causes of risk c. Audit objectives d. Alignment of functions.
The most appropriate answer is “Quantification of potential impact of problem”
7.
Changes in the traditional controls in a computerized environment is least likely to impact: a. Transfer of Responsibilities b. Decline in accountabilities c. Audit objectives d. Alignment of Functions
The most appropriate answer is “C” Audit objectives. 8.
The most critical control consideration in designing the audit procedure in a computerized environment is a. Lack of Segregation of Duties b. Lack of management controls c. Lack of IT knowledge of IT staff operating the system d. The online and real time nature of the system.
The most appropriate answer is “A” Lack of Segregation of Duties. 9.
The most important factor to be considered in case of an IT environment is: a. Inherent Risks b. Physical Access Control impact IT c. Environmental controls impact IT d. CAATs are used for Audit.
The most appropriate answer is “A” Inherent Risks. 10.
The key objectives of control is to : a. Implement appropriate policy, procedures and practices. b. Establish appropriate organization structure c. Provide reasonable assurance that business objectives are achieved d. Facilitate management of information system.
The most appropriate answer is “C” Provide reasonable assurance that business objectives are achieved 11.
the objective of audit mission statement is to : a. Outline the purpose and value addition of the audit function. b. Lay down the priorities for the areas of audit c. Outline the responsibility, authority and responsibility of the IS audit function d. Assess the competency and skill requirement of IS audit function
The most appropriate answer is “A” Outline the purpose and value addition of the audit function. 12.
The objectives of audit charter is to: a. Serve as a control framework for outsourced audit engagements b. Outline the responsibility, authority and responsibility of the IS audit function c. Prescribe the audit program and procedures d. A top level document that defines the rights, authority and responsibilities of the management towards the audit function
The most appropriate answer is “B” Outline the responsibility, authority and responsibility of the IS audit function
13.
which of the following forms would be considered to be the MOST reliable a. An oral statement from the auditee b. The result of Test performed by an IS auditor c. An internally generated computer accounting report d. A confirmation letter received from an outside source.
The most appropriate answer is “D” A confirmation letter received from an outside source 14.
IS audit refers to any audit that encompasses review and evaluation of: a. Efficiency of computer resources and networking technology. b. Controls in CIS c. Risks and controls as regard use of IT for business d. Automated information processing system and its interfaces.
The most appropriate answer is “Automated information processing system and its interfaces” 15.
Skills and competence requirements of an IS auditor must include: a. Proficient programming skill b. Sound Knowledge of business operations, practices and compliance requirements and related IT risks and controls c. A general understanding of system design and project managements concepts d. In depth knowledge of risks and controls relating to various information technologies.
The Most Appropriate answer is “B” Sound Knowledge of business operations, practices and compliance requirements and related IT risks and controls 16.
The scope and objectives of an IS audit assignment is: a. Always specified by regulation. b. Determined by the IS auditor c. Specified by the user Management d. Agreed in discussion with the senior management.
The most appropriate answer is “D’ Agreed in discussion with the senior management 17.
An IS auditor appointed to conduct an IS audit of networking controls is expected to perform all of the following except: a. Identify and evaluate control weaknesses b. Provide report on the findings and recommendations c. Follow up implementation of recommendation d. Ensure that controls are effectively installed by participating in implementing the controls.
The most appropriate answer is “D’ Ensure that controls are effectively installed by participating in implementing the controls.
18.
An Audit firm is offered the engagement to conduct a network security audit of the ATM systems of a large national bank. In such a situation the audit firm should: a. Accept the audit even though the internal competencies may not be available. b. Not accept the assignment since it does not possess the competencies c. First evaluate the audit risk of conducting the audit with available internal competencies and explore the options of relying on the services of an expert. d. Accept the audit first and take immediate steps to gain the knowledge and competency through intensive training.
The most appropriate answer is “C’ first evaluates the audit risk of conducting the audit with available internal competencies and explores the options of relying on the services of an expert 19.
An important Distinction an IS auditor should make when evaluating and classifying controls as preventive, detective and corrective is: a. The point when controls are exercised as data s flows through the system. b. Only preventive and detective controls are relevant. c. Corrective controls can only be regarded as compensating. d. Classification allows an IS auditor to determine which controls are missing.
The most appropriate answer is “A “The point when controls are exercised as data s flows through the system 20.
An IS auditor is expected to use due professional care when performing audits, which requires that the individual exercises skill or judgement a. Commonly possessed by practitioners of that specialty b. Which include programming skills in the software under review? c. Relating to the selection of audit tests and evaluation of test results. d. Where an incorrect conclusion based on available fact will not be drawn.
The most appropriate answer is “A” Commonly possessed by practitioners of that specialty 21.
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor perform first? a. Personally delete all copies of the unauthorized software. b. Inform auditee of all unauthorized software and follow up to confirm deletion. c. Report the use of the authorized software to auditee management and the need to prevent recurrence. d. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such case.
The most appropriate answer is “C” Report the use of the authorized software to auditee management and the need to prevent recurrence
22.
An IS auditor has been assigned the task of reviewing the Information system security of a sales data base, this refers to evaluation of Information based on the following criteria: a. Effectiveness, efficiency and Authenticity. b. Confidentiality, c. Availability, Integrity and Reliability. d. Confidentiality, compliance and Reliability.
The most appropriate answer is “B” Confidentiality. 23.
The document least likely to be considered in an Application Controls Audit is: a. User Manual b. Business Process Rules c. Work Flow Procedures d. Coding Standards
The Most Appropriate answer is “D” coding Standard. 24.
The Audit Procedure which could be common to auditing Information Security as well as for a financial audit and for IS audit is: a. Review Technical documentation b. Inspection. c. Use CAAT for finding Open Ports d. Review Information Security Policy.
The Most Appropriate answer is “B” Inspection. 25.
Which of the following is an anti-virus detective control? a. Route all links to external System via a firewall. b. Scan all Diskettes and CDs brought in from outside the company before use. c. Scan all files on all file server hard disks daily, moving suspect files to a safe area. d. Use anti virus software to update user’s anti virus configuration files every time they log in.
The most appropriate answer is “C” Scan all files on all file server hard disks daily, moving suspect files to a safe area 26.
The risk that an IS auditor uses an inadequate test procedures and concludes that material errors do not exist when, in fact, they do is an example of : a. Inherent Risk b. Control Risk c. Detection Risk d. Audit Risk
The most appropriate answer is “C” Detection Risk.
27.
During a review of the controls over the process of defining IT service levels an IS auditor would MOST likely interview the: a. Business Unit Manager. b. Legal Staff. c. Systems Programmer. d. Programmer.
The Most appropriate answer is “A” Business Unit Manager. 28.
The most critical impact on an Internal control System on account of computerization is: a. High volume of processing of transaction b. Extent of substantive procedures could be reduced c. Inherent controls system get in built into the application d. Inherent risks of information technology as deployed.
The most appropriate answer is “C” Inherent controls system gets in built into the application. 29.
Compliance testing could be most effectively used for testing the: a. Completeness of transaction. b. Accuracy of transactions c. Implementation of controls as per policy. d. Processing of transactions.
The most appropriate answer is”C” Implementation of controls as per policy. 30.
Which of the following is a detective control? a. Physical access control b. Segregation of duties c. Back up procedures d. Audit trails
The most appropriate answer is “Audit trails” 31.
IS auditors, auditing through computers are not expected to: a. Be aware of the fundamental concepts of IT. b. Know the key components of IT and how they function. c. Be experts in technology behind the development of CAATs. d. Understand business process control
The most appropriate answer is “C” Be experts in technology behind the development of CAATs. 32.
The most effective option of using computer programs for testing client data is : a. Use the client’s program b. Write a program specifically for the purpose of audit c. Use generalized audit software. d. Use a walk through approach to understand the process
The most appropriate answer is “ C” Use generalized audit software
33.
Using GAS for testing application if correct rates are applied to sales involves a. Testing the logic and sales tax data of auditee. b. Testing the sales tax data from the database of the client organization c. Testing the auditee’s sales application software. d. Testing the access control
The most appropriate answer is “A” Testing the logic and sales tax data of the auditee. 34.
The first step to using an audit software is to: a. Collect the test data b. Understand the test objective c. Evaluate the test results d. Identify IT resources required for the testing
The most appropriate answer is “B” Understand the test objective 35.
An auditor plans to use CAATs extensively for conducting an internal audit of manufacturing operations of an enterprise. CAATs are least likely to be used for:: a. Drawing out appropriate samples b. Interface with production database to query c. Report the audit findings with evidence d. Uncover fraudulent transactions.
The most appropriate answer is “C” Report the audit findings with evidence. 36.
With regard to an external audit agency entrusted with review of controls in sales and inventory process in a computerized information system environment, the audit approach will significantly differ with regard to : a. The method of fixation of audit objectives and scope b. The procedures followed by the auditor in obtaining a sufficient understanding of the accounting and Internal Control System. c. The method of rating based on his findings d. The degree of performance of his compliance and substantive test procedures in a computerized environment as compared to a non computerized environment.
The most appropriate answer is “D” The degree of performance of his compliance and substantive test procedures in a computerized environment as compared to a non computerized environment. 37.
An auditor would use black box approach: a. To test the suspected transaction or suspected practices b. In case the audit does not involve testing controls in a computerized information system environment. c. To evaluate the controls in Computerized system by analyzing the outputs from a computerized system against calculated results for a given set of input. d. To map the logic path and controls in the application software.
The most appropriate answer is “C” To evaluate the controls in computerized system by analyzing the outputs from a computerized system against calculated results for a given set of input.
38.
Entrusted with the objective of identifying errors or deviation in the controls relating to inventory application software, which of the following would the auditor find most appropriate for the purpose: a. Black Box Approach b. Snapshot Technique c. Integrated Test Facility d. Waterfall model
The most appropriate answer is “ B” Snapshot Technique. 39.
The risk of using Integrated Test Facility ( ITF) is : a. The controls in the application may not be tested b. The processing of data may not be tested c. The effects of testing using test data may adversely impact the integrity of production data base. d. The modification for audit testing made to application in live environment may not be removed entirely.
The most appropriate answer is “C” The effects of testing using test data may adversely impact the integrity of production data base. 40.
The most critical risk in embedded audit facility is: a. Special designed module is not appropriately embedded in the application. b. Selected data is stored on the auditee’s computer c. Selected data can be modified by the auditee’s management. d. Data collection modules are inserted in the application at points determined by the auditee management.
The most appropriate answer is “A” Special designed module is not appropriately embedded in the application 41.
IS audit Standards: a. Specify the manner in which an IS audit should be carried b. Provide recommendations on improvement of audit performance. c. Provide auditors a clear idea of the minimum level of acceptable performance. d. Provide guidance to professionals on audit on Performing IS audit in specified environment.
The most appropriate answer is “C” Provide auditors a clear idea of the minimum level of acceptable performance, 42.
CIS under AAS 29 of ICAI refers to: a. Continuous and Systematic Information b. Continuous and intermittent Simulation c. Computerized information System. d. Computerized Information Sources.
The Most Appropriate answer is “C” Computerized information System.
43.
COBIT is: a. A standard to be followed by IS auditors while conducting IS audit. b. A comprehensive standard for IT governance. c. A multi purpose Audit tool for testing application controls d. A standard for corporate governance
The most appropriate answer is “B” A comprehensive standard for IT governance 44.
An organization seeks to get its Information Security Management system certified by an Independent certifying agency, which of the following standard would be useful in this regard. a. COBIT. b. SAS 70 c. BS7799 d. ITIL
The most appropriate answer is “C” BS7799. 45.
IT Infrastructure Library ( ITIL) deals with: a. Information Technology controls for organizations requiring secure implementation. b. Best practices for quality of IT services and its management. c. A governance model for management of IT. d. Internal controls in IT for integrity of financial reporting.
The most appropriate answer is “B” Best practices for quality of IT services and its management. 46.
The IT Act : a. Defines the method of authentication of an electronic record b. Provides the authentication of all electronic records using digital signals c. Encourages the use of digital signatures for all governance transaction. d. Requires the use of electronic signatures using symmetric cryptography.
The most appropriate answer is “A” Defines the method of authentication of an electronic record 47.
the Information technology does not apply to all of the following except: a. A e-banking mechanism used instead of a cheque b. A will c. Electronic contract for the sale of building d. Notification of documents in the government Gazette through electronic means
The most appropriate answer is “D” Notification of documents in the government Gazette through electronic means 48.
Which of the following is not an offence under the IT Act, 2000 a. Introducing a virus into the network of an organization. b. Providing assistance to any person to facilitate unauthorized access to any computer system. c. Creating software to cause denial of service attack. d. Damaging the computer system by changing an operating system parameter with a view to cause disruption to business.
The most appropriate answer is “C” Creating software to cause denial of service attack.
49.
SOX seeks to regulate: a. Control requirement relating to IT governance and controls, especially those relating to financial disclosures controls. b. To enhance requirements as regard quality and transparency of financial reporting and disclosures and related internal controls and corporate responsibility thereof c. To empower audit committees. d. To check the rate of growing computer crime.
The most appropriate answer is “B” To enhance requirements as regard quality and transparency of financial reporting and disclosures and related internal controls and corporate responsibility thereof 50.
Which of the following would qualify to be a requirement under the IT Act 2000 a. Requiring signatures on all documents generated b. Controls over time and date stamping of data message. c. Controls over physical security of computer equipment. d. Use of standard software for firewall.
The most appropriate answer is “B” Controls over time and date stamping of data message.
The most common reason for IS an exposure is due to: a. Errors negligence and low tech. manipulations by insiders b. Hacking c. Computer Equipment breakdown d. Natural Disasters such as fire, earthquake and floods.
The Most Appropriate answer is “A” Errors negligence and low tech. manipulations by insiders. 2.
IS security is not concerned with: a. Possibilities of Fraud and Errors b. Ability to manage IT resources effectively c. Attempt of company to keep its information intact d. Ability to recover from disasters like data loss with minimum damage.
The Most appropriate answer is “B” Ability to manage IT resources effectively. 3.
The objective of IS security is least likely to include: a. Strategy for Risk Management b. Procedures and practices to assure that computer facilities are available at all required times c. Complete and Efficient processing of data resources d. Restriction of data access to authorized users.
The Most appropriate answer is “A” Strategy for Risk Management. 4.
The process of Risk Assessment involves all of the following except: a. Take steps to reduce risk to an acceptable level b. Assess probability of occurrence of threats c. Identify the IT resources d. Ascertain the risk profile
The most appropriate answer is “A” Take steps to reduce risk to an acceptable level 5.
The Risk Assessment approach should ensure that formal agreement on residual risk. The most critical factor on which this depends is : a. Risk identification and measurement b. Corporate policy c. Adopting risk assessment approach of that of the competitor d. Cost effectiveness of implementing safeguards and controls
The most appropriate answer is “D” Cost effectiveness of implementing safeguards and controls 6.
Exposures refers to: a. Quantification of potential impact of problem b. Causes of risk c. Audit objectives d. Alignment of functions.
The most appropriate answer is “Quantification of potential impact of problem”
7.
Changes in the traditional controls in a computerized environment is least likely to impact: a. Transfer of Responsibilities b. Decline in accountabilities c. Audit objectives d. Alignment of Functions
The most appropriate answer is “C” Audit objectives. 8.
The most critical control consideration in designing the audit procedure in a computerized environment is a. Lack of Segregation of Duties b. Lack of management controls c. Lack of IT knowledge of IT staff operating the system d. The online and real time nature of the system.
The most appropriate answer is “A” Lack of Segregation of Duties. 9.
The most important factor to be considered in case of an IT environment is: a. Inherent Risks b. Physical Access Control impact IT c. Environmental controls impact IT d. CAATs are used for Audit.
The most appropriate answer is “A” Inherent Risks. 10.
The key objectives of control is to : a. Implement appropriate policy, procedures and practices. b. Establish appropriate organization structure c. Provide reasonable assurance that business objectives are achieved d. Facilitate management of information system.
The most appropriate answer is “C” Provide reasonable assurance that business objectives are achieved 11.
the objective of audit mission statement is to : a. Outline the purpose and value addition of the audit function. b. Lay down the priorities for the areas of audit c. Outline the responsibility, authority and responsibility of the IS audit function d. Assess the competency and skill requirement of IS audit function
The most appropriate answer is “A” Outline the purpose and value addition of the audit function. 12.
The objectives of audit charter is to: a. Serve as a control framework for outsourced audit engagements b. Outline the responsibility, authority and responsibility of the IS audit function c. Prescribe the audit program and procedures d. A top level document that defines the rights, authority and responsibilities of the management towards the audit function
The most appropriate answer is “B” Outline the responsibility, authority and responsibility of the IS audit function
13.
which of the following forms would be considered to be the MOST reliable a. An oral statement from the auditee b. The result of Test performed by an IS auditor c. An internally generated computer accounting report d. A confirmation letter received from an outside source.
The most appropriate answer is “D” A confirmation letter received from an outside source 14.
IS audit refers to any audit that encompasses review and evaluation of: a. Efficiency of computer resources and networking technology. b. Controls in CIS c. Risks and controls as regard use of IT for business d. Automated information processing system and its interfaces.
The most appropriate answer is “Automated information processing system and its interfaces” 15.
Skills and competence requirements of an IS auditor must include: a. Proficient programming skill b. Sound Knowledge of business operations, practices and compliance requirements and related IT risks and controls c. A general understanding of system design and project managements concepts d. In depth knowledge of risks and controls relating to various information technologies.
The Most Appropriate answer is “B” Sound Knowledge of business operations, practices and compliance requirements and related IT risks and controls 16.
The scope and objectives of an IS audit assignment is: a. Always specified by regulation. b. Determined by the IS auditor c. Specified by the user Management d. Agreed in discussion with the senior management.
The most appropriate answer is “D’ Agreed in discussion with the senior management 17.
An IS auditor appointed to conduct an IS audit of networking controls is expected to perform all of the following except: a. Identify and evaluate control weaknesses b. Provide report on the findings and recommendations c. Follow up implementation of recommendation d. Ensure that controls are effectively installed by participating in implementing the controls.
The most appropriate answer is “D’ Ensure that controls are effectively installed by participating in implementing the controls.
18.
An Audit firm is offered the engagement to conduct a network security audit of the ATM systems of a large national bank. In such a situation the audit firm should: a. Accept the audit even though the internal competencies may not be available. b. Not accept the assignment since it does not possess the competencies c. First evaluate the audit risk of conducting the audit with available internal competencies and explore the options of relying on the services of an expert. d. Accept the audit first and take immediate steps to gain the knowledge and competency through intensive training.
The most appropriate answer is “C’ first evaluates the audit risk of conducting the audit with available internal competencies and explores the options of relying on the services of an expert 19.
An important Distinction an IS auditor should make when evaluating and classifying controls as preventive, detective and corrective is: a. The point when controls are exercised as data s flows through the system. b. Only preventive and detective controls are relevant. c. Corrective controls can only be regarded as compensating. d. Classification allows an IS auditor to determine which controls are missing.
The most appropriate answer is “A “The point when controls are exercised as data s flows through the system 20.
An IS auditor is expected to use due professional care when performing audits, which requires that the individual exercises skill or judgement a. Commonly possessed by practitioners of that specialty b. Which include programming skills in the software under review? c. Relating to the selection of audit tests and evaluation of test results. d. Where an incorrect conclusion based on available fact will not be drawn.
The most appropriate answer is “A” Commonly possessed by practitioners of that specialty 21.
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor perform first? a. Personally delete all copies of the unauthorized software. b. Inform auditee of all unauthorized software and follow up to confirm deletion. c. Report the use of the authorized software to auditee management and the need to prevent recurrence. d. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such case.
The most appropriate answer is “C” Report the use of the authorized software to auditee management and the need to prevent recurrence
22.
An IS auditor has been assigned the task of reviewing the Information system security of a sales data base, this refers to evaluation of Information based on the following criteria: a. Effectiveness, efficiency and Authenticity. b. Confidentiality, c. Availability, Integrity and Reliability. d. Confidentiality, compliance and Reliability.
The most appropriate answer is “B” Confidentiality. 23.
The document least likely to be considered in an Application Controls Audit is: a. User Manual b. Business Process Rules c. Work Flow Procedures d. Coding Standards
The Most Appropriate answer is “D” coding Standard. 24.
The Audit Procedure which could be common to auditing Information Security as well as for a financial audit and for IS audit is: a. Review Technical documentation b. Inspection. c. Use CAAT for finding Open Ports d. Review Information Security Policy.
The Most Appropriate answer is “B” Inspection. 25.
Which of the following is an anti-virus detective control? a. Route all links to external System via a firewall. b. Scan all Diskettes and CDs brought in from outside the company before use. c. Scan all files on all file server hard disks daily, moving suspect files to a safe area. d. Use anti virus software to update user’s anti virus configuration files every time they log in.
The most appropriate answer is “C” Scan all files on all file server hard disks daily, moving suspect files to a safe area 26.
The risk that an IS auditor uses an inadequate test procedures and concludes that material errors do not exist when, in fact, they do is an example of : a. Inherent Risk b. Control Risk c. Detection Risk d. Audit Risk
The most appropriate answer is “C” Detection Risk.
27.
During a review of the controls over the process of defining IT service levels an IS auditor would MOST likely interview the: a. Business Unit Manager. b. Legal Staff. c. Systems Programmer. d. Programmer.
The Most appropriate answer is “A” Business Unit Manager. 28.
The most critical impact on an Internal control System on account of computerization is: a. High volume of processing of transaction b. Extent of substantive procedures could be reduced c. Inherent controls system get in built into the application d. Inherent risks of information technology as deployed.
The most appropriate answer is “C” Inherent controls system gets in built into the application. 29.
Compliance testing could be most effectively used for testing the: a. Completeness of transaction. b. Accuracy of transactions c. Implementation of controls as per policy. d. Processing of transactions.
The most appropriate answer is”C” Implementation of controls as per policy. 30.
Which of the following is a detective control? a. Physical access control b. Segregation of duties c. Back up procedures d. Audit trails
The most appropriate answer is “Audit trails” 31.
IS auditors, auditing through computers are not expected to: a. Be aware of the fundamental concepts of IT. b. Know the key components of IT and how they function. c. Be experts in technology behind the development of CAATs. d. Understand business process control
The most appropriate answer is “C” Be experts in technology behind the development of CAATs. 32.
The most effective option of using computer programs for testing client data is : a. Use the client’s program b. Write a program specifically for the purpose of audit c. Use generalized audit software. d. Use a walk through approach to understand the process
The most appropriate answer is “ C” Use generalized audit software
33.
Using GAS for testing application if correct rates are applied to sales involves a. Testing the logic and sales tax data of auditee. b. Testing the sales tax data from the database of the client organization c. Testing the auditee’s sales application software. d. Testing the access control
The most appropriate answer is “A” Testing the logic and sales tax data of the auditee. 34.
The first step to using an audit software is to: a. Collect the test data b. Understand the test objective c. Evaluate the test results d. Identify IT resources required for the testing
The most appropriate answer is “B” Understand the test objective 35.
An auditor plans to use CAATs extensively for conducting an internal audit of manufacturing operations of an enterprise. CAATs are least likely to be used for:: a. Drawing out appropriate samples b. Interface with production database to query c. Report the audit findings with evidence d. Uncover fraudulent transactions.
The most appropriate answer is “C” Report the audit findings with evidence. 36.
With regard to an external audit agency entrusted with review of controls in sales and inventory process in a computerized information system environment, the audit approach will significantly differ with regard to : a. The method of fixation of audit objectives and scope b. The procedures followed by the auditor in obtaining a sufficient understanding of the accounting and Internal Control System. c. The method of rating based on his findings d. The degree of performance of his compliance and substantive test procedures in a computerized environment as compared to a non computerized environment.
The most appropriate answer is “D” The degree of performance of his compliance and substantive test procedures in a computerized environment as compared to a non computerized environment. 37.
An auditor would use black box approach: a. To test the suspected transaction or suspected practices b. In case the audit does not involve testing controls in a computerized information system environment. c. To evaluate the controls in Computerized system by analyzing the outputs from a computerized system against calculated results for a given set of input. d. To map the logic path and controls in the application software.
The most appropriate answer is “C” To evaluate the controls in computerized system by analyzing the outputs from a computerized system against calculated results for a given set of input.
38.
Entrusted with the objective of identifying errors or deviation in the controls relating to inventory application software, which of the following would the auditor find most appropriate for the purpose: a. Black Box Approach b. Snapshot Technique c. Integrated Test Facility d. Waterfall model
The most appropriate answer is “ B” Snapshot Technique. 39.
The risk of using Integrated Test Facility ( ITF) is : a. The controls in the application may not be tested b. The processing of data may not be tested c. The effects of testing using test data may adversely impact the integrity of production data base. d. The modification for audit testing made to application in live environment may not be removed entirely.
The most appropriate answer is “C” The effects of testing using test data may adversely impact the integrity of production data base. 40.
The most critical risk in embedded audit facility is: a. Special designed module is not appropriately embedded in the application. b. Selected data is stored on the auditee’s computer c. Selected data can be modified by the auditee’s management. d. Data collection modules are inserted in the application at points determined by the auditee management.
The most appropriate answer is “A” Special designed module is not appropriately embedded in the application 41.
IS audit Standards: a. Specify the manner in which an IS audit should be carried b. Provide recommendations on improvement of audit performance. c. Provide auditors a clear idea of the minimum level of acceptable performance. d. Provide guidance to professionals on audit on Performing IS audit in specified environment.
The most appropriate answer is “C” Provide auditors a clear idea of the minimum level of acceptable performance, 42.
CIS under AAS 29 of ICAI refers to: a. Continuous and Systematic Information b. Continuous and intermittent Simulation c. Computerized information System. d. Computerized Information Sources.
The Most Appropriate answer is “C” Computerized information System.
43.
COBIT is: a. A standard to be followed by IS auditors while conducting IS audit. b. A comprehensive standard for IT governance. c. A multi purpose Audit tool for testing application controls d. A standard for corporate governance
The most appropriate answer is “B” A comprehensive standard for IT governance 44.
An organization seeks to get its Information Security Management system certified by an Independent certifying agency, which of the following standard would be useful in this regard. a. COBIT. b. SAS 70 c. BS7799 d. ITIL
The most appropriate answer is “C” BS7799. 45.
IT Infrastructure Library ( ITIL) deals with: a. Information Technology controls for organizations requiring secure implementation. b. Best practices for quality of IT services and its management. c. A governance model for management of IT. d. Internal controls in IT for integrity of financial reporting.
The most appropriate answer is “B” Best practices for quality of IT services and its management. 46.
The IT Act : a. Defines the method of authentication of an electronic record b. Provides the authentication of all electronic records using digital signals c. Encourages the use of digital signatures for all governance transaction. d. Requires the use of electronic signatures using symmetric cryptography.
The most appropriate answer is “A” Defines the method of authentication of an electronic record 47.
the Information technology does not apply to all of the following except: a. A e-banking mechanism used instead of a cheque b. A will c. Electronic contract for the sale of building d. Notification of documents in the government Gazette through electronic means
The most appropriate answer is “D” Notification of documents in the government Gazette through electronic means 48.
Which of the following is not an offence under the IT Act, 2000 a. Introducing a virus into the network of an organization. b. Providing assistance to any person to facilitate unauthorized access to any computer system. c. Creating software to cause denial of service attack. d. Damaging the computer system by changing an operating system parameter with a view to cause disruption to business.
The most appropriate answer is “C” Creating software to cause denial of service attack.
49.
SOX seeks to regulate: a. Control requirement relating to IT governance and controls, especially those relating to financial disclosures controls. b. To enhance requirements as regard quality and transparency of financial reporting and disclosures and related internal controls and corporate responsibility thereof c. To empower audit committees. d. To check the rate of growing computer crime.
The most appropriate answer is “B” To enhance requirements as regard quality and transparency of financial reporting and disclosures and related internal controls and corporate responsibility thereof 50.
Which of the following would qualify to be a requirement under the IT Act 2000 a. Requiring signatures on all documents generated b. Controls over time and date stamping of data message. c. Controls over physical security of computer equipment. d. Use of standard software for firewall.
The most appropriate answer is “B” Controls over time and date stamping of data message.
Related Documents
Module 7 Isa
May 2020 3
Module 4 Isa
May 2020 5
Isa Module One
May 2020 9
Isa Module Two
May 2020 5
Isa Module 6
May 2020 5
Module 7
June 2020 18More Documents from ""
Module 4 Isa
May 2020 5
Isa Module One
May 2020 9
Module 7 Isa
May 2020 3
Disa Module 5
May 2020 7
Isa Module Two
May 2020 5