Académique Documents
Professionnel Documents
Culture Documents
It serves as the primary guideline for allocating scarce resources throughout the firm and keeping the organization headed
in a profitable direction.
a. IT governance
b. Strategic plan
c. Mission and vision
d. Company policy
6. In project development, monitoring of activities and use of benchmarks, milestones and deliverables to track progress are
done under what phase?
a. First phase
b. Second phase
c. Third phase
d. Fourth phase
7. In fourth phase
a. the specific sequencing and timing of each activity and associated resources are scheduled
b. it involves planning, setting time, scope and cost parameters for the entire project
c. controlling and development of specific actions aimed at keeping a project moving forward in the most efficient are
done
d. project manager should obtain client acceptance, release and evaluate project personnel, identify and reassign
remaining project assets, consider a post-project evaluation and chronicle the history of the project
8. Below are the roles of a project manager, except:
a. Overall Responsible for the project
b. Should be the sole responsible in planning the project
c. Should have a great deal of experience in the domain area and skill at managing projects
d. Should work with representatives from senior management, the IT staff, and affected users in planning and executing
the project
13. This serves as the foundation for setting an explicit IT strategy, which details how the IT Function will achieve its objectives
through its organizational structure, relationships with others and IT configurations
a. IT function
b. IT governance
c. IT objective
d. IT controls
14. Strategy
a. Represents the guiding light for developing a set of objectives
b. Support the mission and objectives of the organization
c. Is used to develop a set of policies
d. All of the above
a. I,IV,II,III
b. I,II,III,IV
c. II,III,I,IV
d. II,I,III,IV
24. It is the likelihood that an organization will not achieve its business goals and objectives
a. Business risk
b. Audit risk
c. Objective risk
d. Security risk
a. Both statements
b. Only statement I
c. Only statement II
d. None of the statements
29. Statement I: Inherent risk, control risk and detection risk are independent from each other.
Statement II: Auditors can reduce risks to zero by managing risks at an acceptable level and in a cost-effective manner.
32. Statement I: The COSO international framework definition emphasizes that internal control is a process and that it is a
responsibility of an organization’s management, employees, and board of directors.
Statement II: Included within the COSO framework are five interrelated components of internal control that relates to the
three objectives of internal control.
a. Both statements are true
b. Only statement I is true
c. Only statement II is true
d. Both statements are false
33. Which of the following is not an objective of internal control as defined by COSO?
a. Effectiveness and efficiency of operations
b. Reliability of financial reporting
c. Compliance with laws and regulations
d. Prevention of IT risks
34. Statement I: Canadian Criteria Control Committee defines internal control as this encompasses financial and operational
controls and auditor should report on both
Statement II: Canadian Criteria Control Committee is less complex than Cadbury and COSO
a. Both statements are true
b. Only statement I is true
c. Only statement II is true
d. Both statements are false
35. Which of the following is not a dimension of CobiT?
a. Information criteria
b. IT governance
c. IT processes
d. IT resources
38. Which of the following is incorrect about monitoring information technology risks and controls?
a. Risk management can be made from time to time basis but not continuous
b. It ensures that IT meets business objectives
c. It may include exception reporting systems
d. It points to the fact that sometimes humans do not make use of IT controls
39. When electronic information is compromised, the ramifications of such crime fall into the following categories, except:
a. Confidentiality
b. Objectivity
c. Integrity
d. Availability
40. It occurs when an authorized user is prevented from timely, reliable access to data or a system, such as a denial of service
attack
a. Confidentiality
b. Objectivity
c. Integrity
d. Availability
41. It occurs when a system or data has been accidentally or maliciously modified, altered, or destroyed without authorization.
a. Confidentiality
b. Objectivity
c. Integrity
d. Availability
42. It occurs when a person knowingly accesses a computer without authorization or when a person exceeds his authorized
access.
a. Confidentiality
b. Objectivity
c. Integrity
d. Availability
43. If the audit client owns one or more copyrights, the auditor should
a. Make sure that client has policies or activities aimed at protecting their copyrights
b. Look if such are copyrighted, if not suggest it to the client
c. Auditor should ensure that the client has the right to use it
d. All of the above
44. If the audit client uses trademarks of other entities, the auditor should
a. Make sure that client has policies or activities aimed at protecting it
b. Look if such are registered, if not suggest it to the client
c. Auditor should ensure that the client has the right to use it
d. All of the above
45. Statement I: If IT Auditor works for communication services or remote computing services, they must check the
internal control in securing the contents of electronic communications
Statement II: If computers have been accessed without proper authorization, they should not jump to conclusion of a possible
cybercrime.
46. Which of the following is not a reason for organizations to develop codes of ethical conduct?
a. Promote high standards of practice throughout the organization
b. Offer a vehicle for occupational identity
c. Provide a benchmark for organization members to use for self-evaluation
d. Prevent members of organizations from committing irregular and illegal acts
48. Statement I: Auditors are not qualified to determine whether an irregular, illegal or erroneous act has occurred.
Statement II: Determination of irregular and illegal acts should be made by a qualified expert, such as IT auditor or external
auditor.
a. Both statements are true
b. Only statement I is true
c. Only statement II is true
d. Both statements are false
49. To whom can the IT auditor report suspected irregular and illegal acts?
a. Government authority
b. Co-IT auditor
c. Board of directors/audit committee
d. Employees suspected of irregular and illegal act
50. Statement I: Common laws are written laws enacted by a legislature, the collection of rules imposed by authority.
Statement II: Statutory law reflects customs and general principles that serve as precedents to situations not covered by
common law.
a. Both statements are true
b. Only statement I is true
c. Only statement II is true
d. Both statements are false
51. Statement I: IT auditor must look to ensure that at least one of the three elements (Consent, Object or Consideration) is
stated in the contract.
Statement II: IT auditors will examine written contracts of purchase and sale of goods (e.g. computer equipment and software
applications) and services (e.g. outsourcing arrangements and maintenance agreements)
a. Both statements are true
b. Only statement I is true
c. Only statement II is true
d. Both statements are false
52. Which of the following is not a general personal and business skills that IT auditors must possess?
a. Business education
b. Technical computer skills
c. Accounting skills
d. Marketing skills
53. Statement I: IT auditor may work hand-in-hand with the financial auditor through each step in the engagement, from
planning through delivery of the report.
Statement II: The amount of work IT auditor does not depend on the support the financial auditor requests.
a. Both statements are true
b. Only statement I is true
c. Only statement II is true
d. Both statements are false
54. Which of the following is an engagement that an IT auditor might not perform?
a. Providing third party assurance
b. Penetrating testing
c. Supporting the financial audit
d. All of the above can be performed by an IT auditor
55. Statement I: Roles of IT auditors vary with their position within or outside an organization and with each individual project.
Statement II: The level of expertise needed for an engagement varies from the very technical to a need for plain common
sense and good communication skills.
a. Both statements are true
b. Only statement I is true
c. Only statement II is true
d. Both statements are false