All Matches

Solution Library

Expert Answer

Textbooks

Search Textbook questions, tutors and Books

Oops, something went wrong!

Change your search query and then try again

Result Not Found

Books FREE
Tutors
Study Help
Ask a Question

Search
Sign In
Register

study help
business
auditing 12th

Questions and Answers of Auditing 12th

List five key metrics that are useful to manage project progress.
List three features that the software used to manage large projects should contain.
Explain how an organization can demonstrate its adherence with the principle that management decisions are based on a long-term philosophy (principle 1).
Provide three examples of how organizations can create continuous process flows to bring problems to the surface (principle 2).
Explain the difference between a pull and a push system, and the pros and cons of each model (principle 3).
What evidence would you ask to examine to determine if an organization is leveling the workload (principle 4)?
Give three examples of how organizations can build a culture of stopping to fix problems so quality is right the first time (principle 5).
Use three tools to describe how a process can be improved to standardize its tasks and processes in pursuit of continuous improvement and employee empowerment (principle 6).
Provide three examples of effective visual controls that make sure that problems come to the surface (principle 7).
What specific recommendations would you make to an organization that wants to grow leaders who understand the work and live the philosophy (principle 9) and develops exceptional people and teams
How do organizations show that they respect their extended network of partners and suppliers(principle 11) and what evidence would you evaluate?
Describe genba walks and explain how managers can use them to thoroughly understand situations (principle 12).
List and describe the three most common types of organizational structure.
Which organizational structure, while typically providing greater clarity about roles and responsibilities, often slows operational responsiveness?
Which structure is most often used when operations are relatively stable and there is a low rate of change?
Which two structures often provide the greatest opportunities for workers to learn from each other thus facilitating the transfer of knowledge laterally in the organization?
Why are org charts commonly reviewed by internal auditors?
Why is Variation in Approach important to the success of organizations and what are the implications for internal auditors?
Relate the three main forms of resistance to Situational Positioning and how awareness of this impacts risk assessments.
List five attributes that characterize exceptional organizations and explain their significance to operational auditors.
Explain why employee involvement is important for operational effectiveness.
Develop an operational audit program that includes procedures to determine if a unit is effectively balancing flexibility and stability.
A security assessment is a method for proving the strength of security systems.A. True B. False
Categorizing information and information systems and then selecting and implementing appropriate security controls is part of a ________.
Whereas only qualified auditors perform security audits, anyone may do security assessments.A. True B. False
NIST 800-53A provides ________.
Which one of the following is not a method used for conducting an assessment of security controls?A. Examine B. Interview C. Test D. Remediate
Which of the following is an assessment method that attempts to bypass controls and gain access to a specific system by simulating the actions of a would-be attacker?A. Policy review B. Penetration
An IT security audit is an ________ assessment of an organization’s internal policies, controls, and activities.
Which of the following best describes an audit used to determine if a Fortune 500 health care company is adhering to Sarbanes-Oxley and HIPAA regulations?A. IT audit B. Operational audit C.
The internal audit function may be outsourced to an external consulting firm.A. True B. False
Compliance initiatives typically are efforts around all except which one of the following?A. To adhere to internal policies and standards B. To adhere to regulatory requirements C. To adhere to
At all levels of an organization, compliance is closely related to which of the following?A. Governance B. Risk management C. Government D. Risk assessment E. Both A and B F. Both C and D
Which one of the following is true with regard to audits and assessments?A. Assessments typically result in a pass or fail grade, whereas audits result in a list of recommendations to improve
Noncompliance with regulatory standards may result in which of the following?A. Brand damage B. Fines C. Imprisonment D. All of the above E. B and C only
Which of the following companies engaged in fraudulent activity and subsequently filed for bankruptcy?A. WorldCom B. Enron C. TJX D. All of the above E. A and B only
Some regulations are subject to ________, which means even if there wasn’t intent of noncompliance, an organization can still incur large fines.
Which of the following acknowledges the importance of sound information security practices and controls in the interest of national security?A. FISMA B. GLBA C. HIPAA D. FACTA E. FERPA
What organization was tasked to develop standards to apply to federal information systems using a risk-based approach?A. Public Entity Risk Institute B. International Organization for Standardization
RMF provides for the authorization of the operation of an information system based on an acceptable level of ________.
Which of the following organizations was tasked to develop and prescribe standards and guidelines that apply to federal information systems?A. NIST B. FISMA C. Congress D. PCI SSC E. U.S. Department
What section of Sarbanes-Oxley requires management and the external auditor to report on the accuracy of internal controls over financial reporting?A. Section 301 B. Section 404 C. Section 802 D.
Sarbanes-Oxley explicitly addresses the IT security controls required to ensure accurate financial reporting.A. True B. False
Which of the following was established to have oversight of public accounting firms and is responsible for defining the process of SOX compliance audits?A. COSO B. Enron C. PCAOB D. Sarbanes-Oxley E.
Which of the following is not one of the titles within Sarbanes-Oxley?A. Corporate Responsibility B. Enhanced Financial Disclosures C. Analyst Conflicts of Interest D. Studies and Reports E. Auditor
Which one of the following is not considered a principal part of the Gramm-Leach-Bliley Act?A. Financial Privacy Rule B. Pretexting provisions C. Safeguards Rule D. Information Security Rule
Which regulatory department is responsible for the enforcement of HIPAA laws?A. HHS B. FDA C. U.S Department of Agriculture D. U.S. EPA E. FTC
Which one of the following is not one of the safeguards provided within the HIPAA Security Rule?A. Administrative B. Operational C. Technical D. Physical
In accordance with the Children’s Internet Protection Act, who determines what is considered inappropriate material?A. FCC B. U.S. Department of Education C. The local communities D. U.S.
While the Family Educational Rights and Privacy Act prohibits the use of Social Security numbers as directory information, the act does permit the use of the last four digits of a SSN.A. True B. False
PCI DSS is a legislative act enacted by Congress to ensure that merchants meet baseline security requirements for how they store, process, and transmit payment card data.A. True B. False
To comply with the Red Flags Rule, financial institutions and creditors must do which of the following?A. Identify red flags for covered accounts.B. Detect red flags.C. Respond to detected red
After mapping existing controls to new regulations, an organization needs to conduct a ________ analysis.
Which of the following best describes the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personal information?A. Security
The process of selecting security controls is considered within the context of risk management.A. True B. False
If a baseline security control cannot be implemented, which of the following should be considered?A. Compensating control B. Baseline security standard revision C. Policy revision D. None of the above
Account management and separation of duties are examples of what type of controls?A. Audit and accountability B. Access control C. Security assessment and authorization D. Personal security
Which one of the following is not one of the seven domains of a typical IT infrastructure?A. User Domain B. Workstation Domain C. LAN-to-LAN Domain D. WAN Domain E. Remote Access Domain
Which of the following policies would apply to the User Domain concerning the seven domains of a typical IT infrastructure?A. Acceptable use policy B. Internet access policy C. Security incident
Mitigating a risk from an IT security perspective is about eliminating the risk to zero.A. True B. False
Which of the following is an example of why an ongoing IT compliance program is important?A. Organizations are dynamic, growing environments.B. Threats evolve.C. Laws and regulations evolve.D. All of
Policies, standards, and guidelines are part of the policy ________.
Which one of the following is not part of the change management process?A. Identify and request B. Evaluate change request C. Decision response D. Implement unapproved change E. Monitor change
Regarding the seven domains of IT infrastructure, the Workstation Domain includes which of the following? (Select three.)A. Desktop computers B. Laptop computers C. Remote access systems D. E-mail
Adequate controls over privacy data helps prevent ________ theft.
A _______ is a conceptual set of rules and ideas that provide structure to a complex and challenging situation.
Frameworks differ from each other in that they might offer varying levels of depth and breadth.A. True B. False
Avoiding the need for audits is one reason organizations develop clearly documented policies, standards, and procedures.A. True B. False
Which of the following should organizations do when selecting a standard? (Select three.)A. Select a standard that can be followed.B. Employ the selected standard.C. Select a flexible standard.D.
The COSO framework is targeted to which of the following groups within a company?A. Executive management B. First-line management C. Security analysts D. Application developers
COSO is the acronym for which of the following?A. Compliance Objectives Standards Organization B. Committee of Sponsoring Organizations C. Compliance Organization Standard Operation D. Committee on
Responding to business requirements in alignment with the business strategy is an example of an IT ________.
Which one of the following is not true of COBIT?A. It is business-focused.B. It is security-centered.C. It is process-oriented.D. It is controls-based.E. It is measurement-driven.
Which one of the following is not one of the four domains of COBIT?A. Plan and Organize B. Implement and Support C. Acquire and Implement D. Deliver and Support E. Monitor and Evaluate
SSAE 16 Type 1 includes everything in a SSAE 16 Type 2 report, but it adds a detailed testing of the controls over a specific time frame.A. True B. False
Organizations may be audited for both ISO/IEC 27001 and ISO/IEC 27002 and receive a formal certification for each.A. True B. False
ISO/IEC 27002 is a code of ________ for information security management.
What PCAOB standard states that the auditor should assess the amount of IT involvement in the financial reporting process?A. Auditing Standard No. 1 B. Auditing Standard No. 11 C. Auditing Standard
Which of the following provides a framework for assessing the adequacy of implemented controls?A. NIST 800-53 B. NIST 800 C. NIST 800-53A D. NIST 800A
Which one of the following can an audit help identify?A. Fraud B. Ineffective IT practices C. Improper use of resources D. Inadequate security E. All of the above
Which of the following is the discipline of managing and understanding uncertainty?A. Audit management B. Metrology C. Risk management D. Cryptology
Threat is synonymous with risk and can be used interchangeably.A. True B. False
Identifying potential dangers to an organization is part of the process called ________ identification.
Which of the following is the best example of a potential vulnerability to an IT system?A. Hacker B. Terrorist C. Unpatched operating system D. None of the above
The results of a risk assessment help define the audit objectives.A. True B. False
When applying controls, which of the following is not an example of what needs to be considered when examining the tradeoffs?A. Feasibility B. Cost C. Operational impact D. Due diligence
The audit ________ includes the area or areas to be reviewed.
Which of the following defines the goals for an audit?A. Audit objective B. Audit scope C. Audit frequency D. Audit report
Which of the following is not a category of IT security controls defined by NIST?A. Physical controls B. Management controls C. Operational controls D. Technical controls
Which of the following documents should be included in the gathering process of an IT audit?A. Policies and procedures B. Previous audit reports C. Network diagrams D. Answers A and C only E. Answers
Only security operations personnel need to follow IT security policies.A. True B. False
Fraudulent activity uncovered during interviews would be a reason to expand the scope of an audit.A. True B. False
Which of the following describes all the auditable components within an organization?A. Cosmos domains of IT B. Domains of applications C. IT universe D. Universal audit
Which one of the following is not an example of an audit facilitating tool defined by the IIA?A. Project management software B. Flowcharting software C. Electronic work papers D. Presentation software
The decision to apply or not apply controls is based on risk.A. True B. False
Which one of the following is the best example of avoiding risk?A. The IT department decides to install an antivirus device at its network border.B. The IT department outsources its vulnerability
Which of the following is an examination of the current state of controls against the desired state of controls?A. Control objective B. Gap analysis C. Baseline analysis D. Log review
The purpose of a network scan is to identify as many vulnerabilities as possible.A. True B. False
A ________ is an assessment method that uses methods similar to what a real-world attacker might use.
Which one of the following is not an example of a review technique?A. Password cracking B. File integrity checking C. Log review D. Network sniffing

Showing 900 - 1000 of 1786

First
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Last

Get In Touch

About Us
Contact Us
Career
Jobs
FAQ
Campus Ambassador

Company Info

Security
Copyrights
Privacy Policy
Terms & Condition
SolutionInn Fee
Scholarship

Services

Sitemap
Fun
Definitions
Become Tutor
Study Help Categories
Recent Questions
Expert Questions

Copyright © 2024 SolutionInn All Rights Reserved.

Get the SolutionInn - Study Help App