Académique Documents
Professionnel Documents
Culture Documents
1.
A1:
2.
A2:
3.
A3:
4.
A. Monitor
B. Fac ilitator
C. Project leader
D. Authorization only
Answer: C. If proper identification and authentic ation are not performed during access
control, no acc ountability can exist for any action performed.
When initially planning a risk-based audit, whic h of the following steps is MOST
critical?
Answer: D. In planning an audit, the MOST critical step is identifying areas of high risk.
A4:
5.
A5:
6.
A6:
7.
Answer: C. Although secure audit trails and other logging are used as a c ompensatory
control for a lack of proper segregation of duties, the primary purpose of audit trails is
to establish ac countability and responsibility for processed transac tions.
Which of the following is the MOST appropriate type of risk to be associated with
authorized program exits (trap doors)?
A. Inherent
B. Audit
C. Detec tion
D. Business
Answer: A. Inherent risk is associated with authorized program exits (trap doors).
When performing an audit of an organizations systems, the auditors first step should
be to:
Answer: B. The IS auditors first step is to understand the business focus of the
organization. Until the auditor has a good understanding of the organizations business
goals, objec tives, and operations, the auditor will not be able to competently c omplete
any of the other tasks listed.
Which of the following risks results when the auditor uses an insufficient test
procedure, resulting in the auditors ill-informed conc lusion that material errors do not
exist, when, in fac t, they do?
A7:
8.
A8:
9.
A. Business risk
C. Audit risk
D. Inherent risk
Answer: B. Detec tion risk results when an IS auditor uses an inadequate test
procedure and conc ludes that material errors do not exist when, in fact, they do.
Which of the following is c onsidered the MOST signific ant advantage of implementing a
continuous auditing approac h?
A9:
Answer: D. While preparing the audit report, the IS auditor should record the
observations and the risk arising from the c ollective weaknesses.
10.
Which of the following is c onsidered to present the GREATEST c hallenge to using test
data for validating processing?
A10:
Answer: B. Creating test data that c overs all possible valid and invalid conditions is
often the greatest challenge in using test data.