New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
fraud examination
The Complete Guide For Cisa Examination Preparation 1st Edition Richard E. Cascarino - Solutions
Program change controls are intended to ensure that all changes are:a) Audited to verify intent.b) Implemented into production systems.c) Within established performance criteria.d) Tested to ensure correctness.
In order to determine the overall management governance in place, the auditor may examine:a) Management’s measurement of the workload.b) Capacity measuring and measurement against standards.c) Customer satisfaction.d) Management’s attainment of agreed service levels.e) All of the above.
The final step in the change control process is:a) Validated and approved.b) Report change to management.c) Test and implement.d) Review and approve.
Operational auditing involves assessing the quality of controls leading to:a) Effectiveness.b) Efficiency.c) Economy.d) All of the above.
A performance management measures which aspects of the organization?a) How well the business needs are matched with the deliverables.b) what processes are in place to track and communicate the performance.c) How effective the mechanisms are to correct or escalate situations that are out of the
Because of their portable nature, tablet computers:a) Do not require change control.b) Require the same change control procedures as mainframes.c) May require different change control procedures.d) Require only problem management procedures.
In a change control environment, the assurance of proper changes to source programs in production status is increased by all of the following except:a) Programmer access.b) Authorization of the change.c) Testing of the change.d) Documentation of the change.
Among the five components defined by COSO were all except:a) A sound control environment.b) A sound risk-assessment process.c) Effective management procedures.d) Sound information and communications systems.e) Effective monitoring.
ISO 27002 includes among its component areas all of the following except:a) Organization of Information Security.b) Management authority levels.c) Human Resources Security.d) Physical Security.
COSO defined the objectives that all businesses strive for to include:a) Economy and efficiency of operations, including achievement of performance goals and safeguarding of assets against loss.b) Reliable financial and operational data and reports.c) Compliance with laws and regulations.d) All of
Factors to consider when assessing independence on an ongoing basis throughout an audit engagement include all of the following except:a) Previous work done in this area.b) The financial interests of the auditor.c) Opportunities for personal advantage or financial gain.d) Prior work assignments and
The COBIT® toolset also includes provisions for all of the following except:a) Maturity models for assessing your organization’s control over processes in comparison with industry and international standards.b) Critical success factors defining the most important implementation guidelines.c)
Legislation requires annual affirmation of management’s responsibility for internal controls over financial reporting. Management must attest to effectiveness based on an evaluation and the auditor must attest and report on management’s evaluation. This legislation is known as:a) Foreign
Electronic eavesdropping involves:a) Obtaining information from wastebaskets.b) Use of the internet.c) Interception of a communication.d) Use of a computer.
PCI DSS standards include:a) Changing vendor supplied defaults for system passwords.b) Detecting stored cardholder data.c) Use of regularly updated antivirus software.d) All of the above.
The main difference between governance and management is that management is involved with everything except:a) Achieving the current and future needs of the organization in a controlled manner.b) Ensuring the ongoing supply of quality services and products.c) Controlling costs.d) Ensuring
Fraud typically involves:a) Actual prejudice.b) Use of the Internet.c) Intentional misrepresentation.d) Loss of confidentiality.
The Chief IT Auditor has received the following from the president of the organization: ‘You are directed to discontinue any further investigation in this audit until informed by me to proceed’. The Chief IT Auditor should:a) Immediately report the communication to The Institute of Internal
In evaluating the planning aspects, audit would typically look at all except:a) Management’s forecasting of needs and requirements.b) Management’s delivery of goals.c) Management’s devising of strategies.d) Management’s development of policies.
Information processing facility operations include all except:a) Mounting and dismounting data files.b) Loading paper into printers.c) Writing computer programs.d) Scheduling runs.
An electronics firm has decided to acquire a new application system by purchasing a package. Which of the following would NOT be included in the evaluation of alternative systems?a) Whether the system will run in a client-server environment.b) Type of database and file structures used.c)
Critical success factors in implementing and maintaining acquired software would include:a) There is a quality education and training program.b) Policies and procedures relating to compliance with external requirements have been documented and communicated.c) Job rotation for career development is
Key indicators that system change project has been successful would include all of the following EXCEPT:a) Number of findings during the quality assurance review of installation and accreditation functions.b) Degree of stakeholder satisfaction with the new process.c) Degree of seamlessness of
Project control is primarily designed to:a) Maximize the likelihood of successful outcomes.b) Eliminate delivery risk.c) Minimize the risk of non-achievement of objectives.d) Control the consumption of resources.
The audit program provides for the collection of audit evidence of:a) Structures.b) Documentation standards.c) Systems documentation.d) All of the above.
An advantage of a centralized IS audit function is:a) Close ties at local level.b) Use of a non-standardized audit approach.c) Independence from local management.d) The auditor may be seen as an outsider.
The IT Audit Charter should include:a) Mission and scope of work.b) Independence.c) Accountability.d) All of the above.
The IT audit executive should develop and maintain a quality assurance and improvement program that covers all aspects of the IT audit activity and continuously monitors its effectiveness with all of the following included except:a) Periodic internal assessment.b) Annual appraisals of individual
One of the biggest barriers to achieving effective auditing in an IT environment is:a) Lack of appropriate IT audit skills.b) The assumption that IT audit is a separate, unique, and special audit discipline.c) Lack of availability of CAATs.d) Overemphasis on accounting and general business auditing.
A charter is being drafted for a newly formed IT audit activity. Which of these would be the most appropriate organizational status to be incorporated into the charter?a) The chief IT audit executive should report to the chief executive officer but have access to the audit committee.b) The chief IT
Which of the following statements is true about risks?a) When evaluating risks their impact should be considered, however probability of occurrence is not important.b) Risks if they happen always have negative impact and not positive.c) The risks may be documented in detail in a Risk Register.d)
Deliverables from a risk assessment process are threats identified, controls selected, action plan complete, and:a) Risk level established.b) Technical issues quantified.c) Vulnerability assessment completed.d) Risk mitigation established.
Which one of the following is a core infrastructure and service element of Business Continuity Planning (BCP)?a) The risk management process.b) Internal and external support functions.c) The change management process.d) Backup and restoration functions.
Discretionary audit activities are those activities which:a) Must be carried out within the timespan of the audit plan.b) Are based upon management’s requests.c) Are decided upon using only the most important risk factors.d) Are decided upon using all risk factors.
The starting point for risk-based audit approach is:a) Determination of the overall business objectives of the organization.b) Determination of the individual detailed control objectives.c) Identification of the internal controls relied upon by management.d) Identification of best practice in
Need-to-know is defined as:a) Access to, or possession of information based on need to perform security duties.b) Possession of information based on need to perform assigned duties.c) Access to, or possession of information based on need to perform assigned job duties.d) Knowledge of information or
The primary reason for an IS risk-based audit approach is:a) To control costs within the IS function.b) To show management the areas in which the controls are deficient.c) To show the audit committee that IS audit is being carried out in an appropriate manner.d) To permit the efficient allocation
Risk is commonly expressed as a function of the:a) Systems vulnerabilities and the cost to mitigate.b) Likelihood that the harm will occur and its potential impact.c) Types of countermeasures needed and the system’s vulnerabilities.d) Computer system-related assets and their costs.
According to Sarbanes-Oxley, management’s report on internal control over financial reporting is required to include:a) A statement of the IT manager’s responsibility for establishing and maintaining adequate internal control over financial reporting for the company.b) A statement identifying
A common security issue that is extremely hard to control in large environments occurs when a user has more computer rights, permissions, and privileges than required for the tasks the user needs to fulfill. This is an example of:a) Excessive Rights.b) Excessive Access.c) Excessive Privileges.d)
Which one of the following statements describes management controls?a) They prevent users from accessing any control function.b) They eliminate the need for most auditing functions.c) They are generally inexpensive to implement.d) They may be administrative, procedural, or technical.
Control problems during business process change would typically include:a) Poor control over file conversions.b) Changing effectiveness of existing control structures.c) Employee uncertainty and lack of co-operation.d) Changing control objectives.
Organizations develop change control procedures to ensure that:a) Changes are controlled by the Change Controller.b) All changes are requested, scheduled, and completed on time.c) All changes are authorized, tested, and recorded.d) Management is advised of changes made to system.
Corporate IT governance is the responsibility of:a) The board and management.b) The IS manager.c) The IS auditor.d) The audit committee.
Which of the following audit steps would an IS auditor normally perform FIRST when conducting a review of hardware acquisition procedures?a) Testing compliance to management directives.b) Determine the adequacy of the hardware for the intended task.c) Determining the management directives that
Results of last audit.Factors that best define materiality of audit risk are:a) 1 through 7.b) 2, 4, and 7.c) 1, 5, and 6.d) 3, 4, and 6.
Average value per transaction.
Value of ‘assets at risk’.
Significant management turnover.
Years since last audit.
Degree of system integration.
Volume of transactions.
Factors that should be considered when evaluating audit risk in an IS functional area include:
Which of the following is not part of physical access control?a) CCTV.b) Man-traps.c) Data classification and labeling.d) Biometrics.
In which one of the following documents is the assignment of individual roles and responsibilities MOST appropriately defined?a) Security policy.b) Enforcement guidelines.c) Acceptable use policy.d) Program manual
Which of the following is the strongest form of authentication?a) Something you know.b) Something you are.c) Passwords.d) Tokens.
Which of the following is not one of the three types of access controls?a) Administrative.b) Personnel.c) Technical.d) Physical.
Key indicators that a business process change project has been successful would include all of the following EXCEPT:a) Number of findings during the quality assurance review of installation and accreditation functions.b) Degree of stakeholder satisfaction with the new process.c) Degree of
Critical success factors in implementing and maintaining acquired software would include:a) There is a quality education and training program.b) Policies and procedures relating to compliance with external requirements have been documented and communicated.c) Job rotation for career development is
A common reason for the failure of business process change projects would be:a) Over-optimistic timescales.b) The transformation is not owned by the implementers at the user end.c) Inadequately trained staff.d) Radical changes to the business itself.
Critical success factors in controlling a business process change project would include all of the following except:a) Ensuring the re-engineering is appropriate.b) Understanding the business processes.c) Appointing the right leader.d) Speed of change.
Acceptable business reasons to undertake a business change process would include all of the reasons below EXCEPT:a) Elimination of competitive disadvantage.b) Creating a business breakthrough.c) Compatibility with existing systems.d) Corporate survival.
An electronics firm has decided to acquire a new application system by purchasing a package. Which of the following would NOT be included in the evaluation of alternative systems?a) Whether the system will run in a client-server environment.b) Type of database and file structures used.c)
Which of the following would NOT be considered an environmental control?a) Installation of a no-break power system.b) Logging of authorized and unauthorized attempts to access the computer area.c) Installation of a fire detection and extinguishing system.d) Validation of passwords and transaction
Which of the following is NOT true regarding upgrading software packages?a) Software upgrades to packages should be implemented via change control.b) All new releases of software packages should be acquired and implemented immediately.c) Software upgrades should be justified on the business
To trace data through several application programs, an auditor needs to know what programs use the data, which files contain the data, and which printed reports display the data. If data exists only in a database system, the auditor could probably find all of this information in a:a) Data
Communications unavailability can be controlled using all of the following except:a) Adequate backups.b) User authentication.c) Peer-to-peer networking to permit mutual back-up.d) Adequate Disaster Recovery Planning.
Which of the following would not normally be considered a typical file structure for a database management system?a) Relational structure.b) Hierarchical structure.c) Network structure.d) Batched sequential structure.
The type of processing where data is updated with immediate effect is known as:a) Online.b) Batch.c) Transaction-based.d) Real-time.
Major risks in online systems would include all of the following except:a) Availability.b) Late arrival of data.c) Security.d) Unauthorized access.
Database benefits from the auditor’s viewpoint include the potential for:a) Consistency of datab) Enhanced quality of audit by increased accessibility.c) More accurate systems-development process.d) Data resource management will accrue benefits through formalized discipline.e) All of the above.
Which of the following most seriously compromises the independence of the internal auditing department?a) The director of internal auditing has dual reporting responsibility to the firm’s top executive and the Audit Committee.b) Internal auditors frequently draft revised procedures for
Identify the major threats and controls regarding identity theft.
Design and implement a corrective program to bring the audit program in line with the changing business environment.
Identify deficiencies within their current audit approaches.
Identify the new sources of audit and legal evidence.
Determine the changes to the internal control structure required in such an environment.
Identify the primary threat areas within a paperless environment.
Identify appropriate physical access exposures and controls.
Describe the environmental issues and exposures concepts and their effect on physical IT security.
Define the nature of intrusion detection systems.
Describe the usage and types of firewall security systems and other connectivity protection resources (e.g. cryptography, digital signatures, key management policies).
Explain the impact of client-server, and other services.
Identify and describe the principles of network security.
Explain the need for communications and network security.
Describe the techniques of user authentication.
Explain the need for and basic processes in ensuring Logical Computer Security.
Describe the logical security risks, controls, and audit considerations (audit of logical access, security testing) together with logical security features, tools, procedures.
Describe the role of security packages.
Define the components of logical IT security, logical access control issues, and exposures, access control software.
Identify the steps in auditing operating environments.
Explain how tailoring the Operating System affects security.
Describe the fundamental concepts governing Computer Operating Systems.
Define the main components of an information security policy.
Describe the major problem areas to be found in encryption processes.
Describe the major forms of encryption and message authentication.
Explain the major business problems which the failure of information security can lead to.
Describe the fundamental concepts underlying Information Assets Security.
The most effective corrective control in the event of a building collapse is:a. The corporate contingency plan.b. The computer disaster recovery plan.c. Well-built buildings.d. All of the above.
A UPS is an appropriate control for:a. Fire prevention.b. Fire detection.c. Disaster recovery planning.d. Ensuring continuity of power.
Showing 5700 - 5800
of 8740
First
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Last
Step by Step Answers
Get 50% OFF
Claim Now
