Scribd Logo
Upload

Welcome to Scribd!

  • Edp 1

    Uploaded by

    Arcelyn Joyce
    25 views8 pages
    1. The document discusses various IT audit concepts including: - Application controls pertain to individual business processes or systems. - The greatest concern when disposing computers is overwritten hard disks not being reformatted. - IS audit assesses the IS environment and understands applicable business processes. - Output controls monitor effectiveness of other controls and identify errors close to sources. 2. It also provides multiple choice questions testing understanding of topics like: - System software control weaknesses. - Parts of the audit process planning phase. - Objectives of discussing audit findings with auditees. 3. The document covers a wide range of additional IT audit topics such as risks of input/output controls, general vs application controls,

    Original Description:

    and

    Original Title

    edp-1

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document discusses various IT audit concepts including: - Application controls pertain to individual business processes or systems. - The greatest concern when disposing computers is overwritten hard disks not being reformatted. - IS audit assesses the IS environment and understands applicable business processes. - Output controls monitor effectiveness of other controls and identify errors close to sources. 2. It also provides multiple choice questions testing understanding of topics like: - System software control weaknesses. - Parts of the audit process planning phase. - Objectives of discussing audit findings with auditees. 3. The document covers a wide range of additional IT audit topics such as risks of input/output controls, general vs application controls,

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views8 pages

    Edp 1

    Uploaded by

    Arcelyn Joyce
    1. The document discusses various IT audit concepts including: - Application controls pertain to individual business processes or systems. - The greatest concern when disposing computers is overwritten hard disks not being reformatted. - IS audit assesses the IS environment and understands applicable business processes. - Output controls monitor effectiveness of other controls and identify errors close to sources. 2. It also provides multiple choice questions testing understanding of topics like: - System software control weaknesses. - Parts of the audit process planning phase. - Objectives of discussing audit findings with auditees. 3. The document covers a wide range of additional IT audit topics such as risks of input/output controls, general vs application controls,

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    1.

    Those controls that pertain to the scope of individual business processes or application
    systems, including data edits, separation of business functions, balancing of processing
    totals, transaction logging, and error reporting.
    a. Application Controls
    b. Internal Controls
    c. Processing Controls
    d. Input Controls
    2. When reviewing the procedures for the disposal of computers, which of the following
    should be the GREATEST concern for the IS auditor?
    a. Hard disks are overwritten several times at the sector level but are not reformatted
    before leaving the organization.
    b. All files and folders on hard disks are separately deleted, and the hard disks are
    formatted before leaving the organization.
    c. Hard disks are rendered unreadable by hole-punching through the platters at specific
    positions before leaving the organization.
    d. The transport of hard disks is escorted by internal security staff to a nearby metal
    recycling company, where the hard disks are registered and then shredded.
    3. Which of the following BEST describes IS Audit?
    a. Observing key organizational facilities
    b. Assessing the IS environment
    c. Understanding business process and environment applicable to the review
    d. Reviewing prior IS audit reports
    4. This control monitors the effectiveness of other controls and identifies errors as close as
    possible to their sources.
    a. Integrity Controls
    b. Management Trail
    c. Output Controls
    d. Processing Controls
    5. An IS auditor, performing a review of an application’s controls, discovers a weakness in
    system software, which could materially impact the application. The Is auditor
    should:
    a) Disregard these control weaknesses as a system software review is beyond the scope
    of this review.
    b) Conduct a detailed system software review and report the control weaknesses.
    c) Include in the report a statement that the audit was limited to a review of the
    application’s controls.
    d) Review the system software controls as relevant and recommend a detailed system
    software review.
    6. Control activities under SAS 109/ COSO include
    a. IT controls, preventative controls, and corrective controls
    b. Physical controls, preventative controls, and corrective controls
    c. General controls, application controls, and physical controls
    d. Transaction authorization, segregation of duties, and risk assessment
    7. Change control procedures to prevent scope creep during an application development
    project should be defined during:
    a. Design
    b. Feasibility
    c. Implementation
    d. Requirements definition
    8. When implementing an application software package, which of the following presents the
    greatest risks?
    a. Uncontrolled multiple software versions
    b. Source programs that are not synchronized with object code
    c. Incorrectly set parameters
    d. Programming errors
    9. Which of the following is not an application control?
    a. Input Controls
    b. Output controls
    c. Software controls
    d. Management Trail
    10. The following are risks regarding input and output controls except:
    a. Loss of data during transmission
    b. Incomplete processing
    c. Duplicate inputs
    d. Incomplete data
    11. It controls data as it manually or electronically enters the system:
    a. Input Control
    b. Batch Control
    c. Applications Control
    d. Processing Control
    12. The following are parts of the planning phase in the audit process activities except:
    a. Determine audit subject
    b. Determine audit procedures and steps for data gathering
    c. Set audit scope
    d. Understanding of the relationship between business risk and IT risk
    13. These controls provide an automated means to ensure processing is complete, accurate,
    and authorized.
    a. Management Trail
    b. Integrity Controls
    c. Processing Controls
    d. Input Controls
    14. Which of the following BEST describes the objective of an IS auditor discussing the
    audit findings with the auditee?
    a. Communicate results of the audit to the auditee.
    b. Develop time lines for the implementation of suggested recommendations.
    c. Confirm the findings, and propose a course of corrective action.
    d. Identify compensating controls to the identified risk.
    15. An IS auditor is reviewing risk and controls of a bank wire transfer system. To ensure
    that the bank’s financial risk is properly addressed, the IS auditor will most likely review
    which of the following?
    a. Privileged access to the wire transfer system
    b. Wire transfer procedures
    c. Fraud monitoring controls
    d. Employee background checks
    16. During the system testing phase of an application development project the IS auditor
    should review the:
    a. conceptual design specifications
    b. vendor contract
    c. error reports.
    d. program change requests.
    17. Controls which apply to a specific element of the system are called:
    a. user controls.
    b. general controls.
    c. systems controls.
    d. applications controls.
    18. Which of the following is not an example of an applications control?
    a. An equipment failure causes system downtime.
    b. There is a preprocessing authorization of the sales transactions.
    c. There are reasonableness tests for the unit selling price of a sale.
    d. After processing, all sales transactions are reviewed by the sales department.
    19. Which of the following is not an application control?
    a. Preprocessing authorization of sales transactions.
    b. Reasonableness test for unit selling price of sale.
    c. Post-processing review of sales transactions by the sales department.
    d. Separation of duties between computer programmer and operators.
    20. Application controls vary across the IT system. To gain an understanding of internal
    control for a private company, the auditor must evaluate the application controls for every:
    a. every audit area.
    b. every material audit area.
    c. every audit area in which the client uses the computer.
    d. every audit area where the auditor plans to reduce assessed control risk.
    21. Which of the following system and data conversion strategies provides the GREATEST
    redundancy?
    a. Direct cutover
    b. Pilot study
    c. Phased approach
    d. Parallel run
    22. Which of the following is the GREATEST risk to the effectiveness of application system
    controls?
    a. Removal of manual processing steps
    b. Inadequate procedure manuals
    c. Collusion between employees
    d. Unresolved regulatory compliance issues
    23. Which of the following is not one of the risk assessment techniques?
    a. The review’s nature, timing, and extent.
    b. The critical business functions supported by application controls.
    c. The extent of time and resources to be expended on the review.
    d. The scope of the business function does not extend to the whole organization.
    24. It is a list of procedures and tasks that should be performed to meet audit objectives.
    a. Audit program
    b. Work Program
    c. Accounting Program
    d. Audit Plan
    25. The purpose of debugging program is to:
    a. Generate random data that can be used to test programs before implementing them.
    b.Protect, during the programming phase, valid changes from being overwritten by other
    changes.
    c. Define the program development and maintenance costs to be include in the feasibility
    study.
    d.Ensure that program abnormal terminations and program coding flaws are detected and
    corrected.
    26. Software maintainability bet relates to which of the following software attributes?
    a. Resources needed to make specified modifications.
    b. Effort needed to use the system application.
    c. Relationship between software performance and the resource needed.
    d. Fulfillment of user needs.
    27. IT governance ensures that an organization aligns its IT strategy with:
    a. Enterprise objectives
    b. IT objectives
    c. Audit Objectives
    d. Finance Objective
    28. A validation which ensures that input data are matched to predetermined reasonable
    limits or occurrence rates is known as:
    a. Reasonableness check
    b.Validity check
    c. Existence Check
    d.Limit check
    29. IT audit is the process of collecting and evaluating evidence to determine

    a. Whether a computer system safeguards assets


    b.Whether maintains data integrity
    c. Whether allows organizational goals to be achieved effectively and uses resources
    efficiently
    d.All of the above
    30. The security goals of the organization does not cover

    a. Confidentiality
    b.Probability and impact of occurrence
    c. Availability
    d.Integrity
    31. Substantive tests as they relate to the IT environment does not include

    a. Conducting system availability analysis


    b.Conducting system outage analysis
    c. Performing system storage media analysis
    d.Determining whether a disaster recovery plan was tested
    32. The reason for management’s failure to use information properly is

    a. Failure to identify significant information


    b.Failure to interpret the meaning and value of the acquired information
    c. Failure to communicate information to the decision maker
    d.All of the above

    33. The GREATEST advantage of using web services for the exchange of information between
    two systems is:
    A. secure communications.
    B. improved performance.
    C. efficient interfacing.
    D. enhanced documentation.
    34. Which of the following is the BEST way to satisfy a two-factor user authentication?
    A. A smart card requiring the user personal identification number (PIN).
    B. User ID along with password.
    C. Iris scanning plus fingerprint scanning.
    D. A magnetic card requiring the user's PIN.
    35. To ensure an organization is complying with privacy requirements, an IS auditor should
    FIRST review:
    A. the IT infrastructure.
    B. organizational policies, standards and procedures.
    C. legal and regulatory requirements.
    D. adherence to organizational policies, standards and procedures.
    36. Which of the following system and data conversion strategies provides the GREATEST
    redundancy?
    A. Direct cutover
    B. Pilot study
    C. Phased approach
    D. Parallel run
    37. Processing control that matches input data with information held on master file.
    a. Batch control totals
    b. Edit checks
    c. Run control totals
    d. Computer matching
    38. Statement 1: Manual controls are more reliable than application controls when evaluating the
    potential for control errors due to human intervention
    Statement 2: The auditor will be able to test control once and not multiple times during the
    testing period.
    a. Only statement 1 is correct.
    b. Both statements are correct.
    c. Only statement 2 is correct.
    d. Both statements are incorrect.
    39. This refers to the complete end-to-end process, such as procure-to-pay
    a. Mega Process
    b. Major Process
    c. Minor Process
    d. Activity Process

    40. The PRIMARY reason an IS auditor performs a functional walkthrough during the
    preliminary phase of an audit assignment is to:

    A.understand the business process.


    B. comply with auditing standards.
    C. identify control weakness
    D. plan substantive testing
    References
    http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Prepare-for-
    the-Exam/Pages/CISASelfAssessment.aspx?id=100002&fbclid=IwAR1TeM_xMC-
    EpwAXEb2xCfA55Jsl25RnuIA_2G1BrYBee-nC5uVSrX2GpXM

    https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%208%20-
    %20Auditing%20application%20controls.pdf?fbclid=IwAR1atk83he44Q7kSRj1NHXCjMYIXmvu6
    QOf5Rj2S-kOgkVqpfaPYEk9HNGo

    https://www.google.com/url?sa=t&source=web&rct=j&url=http://wps.prenhall.com/wps/media/object
    s/14071/14409392/Learning_Tracks/Ess10_Ch07_LT4_General_and_Application_Controls_for_Informat
    ion_Systems.pdf&ved=2ahUKEwj63YibhrPhAhXWV30KHS95ANYQFjAfegQIBRAB&usg=AOvVaw2N_6lutU
    GxmoevoogbVKG5

    https://www.isaca.org/COBIT/Documents/IS-auditing-creating-audit-programs_whp_eng_0316.pdf

    https://www.interniaudit.cz/download/ippf/GTAG/gtag_8_auditing_application_controls.pdf

    https://www.slideshare.net/mulyadiyusuf56/032-application-control
    https://www.academia.edu/36351659/Information_Technology_Auditing_4th_Edition_Test_Bank

    https://www.slideshare.net/ArshadAJaved/cisa-xam-100-practice-question

    https://www.slideshare.net/ArshadAJaved/cisa-xam-100-practice-question

    https://www.mcqadda.com/2017/09/information-technology-audit.html

    You might also like