Questions and Answers of Information Technology Control And Audit

Document common audit objectives the IT auditor should focus on when auditing storage or archival of information. Also, list control activities that the IT auditor would need to test in order to meet
One of the recommendations you made during last year’s IT audit was the implementation of a disaster recovery plan. In performing the IT audit for this year, you find that although a plan was in
You are the Senior IT auditor conducting a planning audit meeting with your two IT staff auditors. The main topic discussed at this planning meeting is the upcoming audit of a company’s End-User
List information that the IT auditor should request or obtain at the preaudit meeting in order to conduct a data center audit. Why is this information important for the IT auditor?
As the IT audit senior of the engagement, you are presenting to the IT manager and partner (as part of the planning meeting) the results of the risk assessment performed in Exhibit 3.3.Exhibit
Explain why IT audit is considered a profession. Describe the requirements for candidates to become CISA certified.
Explain what information assurance is.
Summarize the importance of an audit plan. What are the four minimum steps an audit plan should have?
Describe the essentials functions of Chief Information Officers in organizations.
Summarize the steps in building an IT Balanced Scorecard.
Choose one of the three widely recognized and best practice IT-related frameworks discussed in the chapter. Perform research, outside of the chapter, and provide the following: a. Summary of the
What is computer forensics? What do computer forensic tools support? How do you think computer forensic tools may assist the IT auditor?
What is the emphasis or focus of an operational review? List specific activities when performing an operational review.
Technology has impacted the business environment in three areas. Summarize those areas.
After reading this chapter, you should feel comfortable about the general roles and responsibilities of an IT auditor.a. Describe in your own words what do IT auditors do. b. Why should they be part
Differentiate between internal and external auditors in terms of their roles and responsibilities.
List five Websites you can go to for information about: a. IT auditing b. IT security and privacy issues
How is IT auditing defined?
Visit the Websites of four external audit organizations: two private and two government sites. Provide a summary of who they are and their roles, function, and responsibilities.
General Computer Controls Audit and Application Controls Audit are the two broad groupings of IT audits. Summarize both audits and provide specific examples supporting the controls evaluated within
Interview an IT auditor and gather the following information: a. Position and company? b. Number of years of experience in IT auditing? c. Degree(s) and professional certifications? d. Career
The TSPC, maintained by the AICPA’s ASEC, presents criteria for use by practitioners when providing professional attestation or advisory services to assess controls relevant to five principles.
You are asked by your IT audit manager to: Prepare a list of at least five professional certifications/designations that would be helpful for the IT audit staff to have. In a three-column table
One of the roles of the IT auditor is to act as a Counselor to organizations. As a Counselor, IT auditors can assist organizations in developing policies, procedures, standards, and/or best
What is ISACA and how does it helps the IT audit profession?
Where are the current career opportunities for the IT auditor? Search the Internet and identify at least one job profile/description for each career opportunity identified above. For each job profile
Using an Internet web browser, search and examine five websites on each of the topics below. In a three-column table format, document the name of the Website examined in the first column, the source
Identify two recent cyberattacks (not mentioned in the book) conducted either in the United States or internationally. Summarize both cyberattacks consistent with Exhibit 2.2 (i.e., Company,
Summarize the three main categories of crimes involving computers.
Explain why you think is important for IT auditors to know about each type of legislation below. Your explanation for each type of legislation should take no less than three paragraphs and
What does the Sarbanes–Oxley Act (SOX) of 2002 prohibit? What does SOX require from the Board of Directors?
You were engaged as a consultant by a client that just started doing business. Some of the services your client provides include storing, processing, and/or transmitting credit card data. You client
What is the Computer Fraud and Abuse Act (CFAA) of 1984?
What is the purpose of the Computer Security Act of 1987, and what does it protect?
Differentiate between the Uniform Electronic Transactions Act (UETA) and the Electronic Signatures in Global and National Commerce Act (ESIGN). Provide examples of specific transactions where an
What is the Privacy Act of 1974? What requirements does it place on federal agencies?
What is the Electronic Communications Privacy Act of 1986, and what does it prohibit?
Use the following information to prepare an IT Planning Memo similar to the one in Appendix 1.Appendix 1.a. You are the IT audit senior (or IT auditor representative) assigned. Your audit firm has
What does the Children’s Online Privacy Protection Act of 1998 apply to? Which factors does the Federal Trade Commission (FTC) consider to determine whether a Website is directed to children?
What does HIPAA stand for and what does it protect? List the three factors that must be in place to comply with HIPAA?
Why was the USA PATRIOT Act of 2001 implemented?
What is an audit universe and what does it include?
What is Control Objectives for Information and Related Technology (COBIT) and why is it valuable to management and IT auditors?
Why are risk assessments significant to the audit function?
How is substantive testing used in an IT audit? Explain what does the term auditingthrough-the-computer refers to.
What is an audit finding and which information should be included when documenting them?
State the significance of an audit schedule.
You are an external IT auditor asked to perform a review of the following: The Financial Transactions Application (FTA) is causing a problem with the General Ledger Application (GLA) due to the
Describe what an audit scoping should include.
Briefly describe the eight typical phases of an audit engagement.
What specific information or evidence can an IT auditor gather for a client that uses its IT environment to store and process financially significant data?
Explain what an audit program is.
Describe the procedures IT auditors perform in order to test controls, processes, and exposures.
Describe the procedures typically performed when conducting an IT audit related to: a. Systems Development b. Business Continuity Planning/Disaster Recovery Planning
What are audit productivity tools? How do they assist auditors?
List and describe three broad categories of computer auditing functions IT professionals use to support the audit of an application. Explain their application.
What are CAATs and what benefits they provide to IT auditors?
You are a Senior IT auditor having a planning meeting with your two Staff members. The task at hand is an ACL data analysis project for the client. List and describe the steps you and your team
Describe the following system documentation techniques commonly used to understand financial application systems: a. Data flow diagrams b. Business Process Diagrams c. Flowcharts
Differentiate between “auditing around the computer” and “auditing through the computer.”
List the steps required in the development of flowcharts.
CAATs are known to assist auditors in defining sample size and selecting a sample for testing purposes. Describe two techniques used by CAATs to define sample size and select the sample.
What is the audit command language (ACL) audit software? List the benefits it provides.
Explain the four steps to follow when planning for an ACL data analysis project.
Spreadsheet controls are one type of application controls used by auditors. List and describe five key spreadsheet controls.
How does COBIT define governance?
In regards to delivering IT value, why is it so important for the business and its IT department to join efforts?
Describe the three widely recognized best practice IT-related frameworks, and state when each framework should be used.
Discuss why should organizations consider implementing a joint framework between ITIL, COBIT, and ISO/IEC 27002.
Explain what an IT balanced scorecard is.
The chapter mentioned three ways that IT can deliver value to the organization, through: a. Implementing successful projects and keeping operations running b. Automating business processes c.
What is a strategy? What is an IT strategic plan and why is it significant in aligning business objectives with IT?
What is an IT Steering Committee? Summarize the various activities included as part of its scope.
Operationalization translates the understanding of both, organization and IT objectives, into operating plans. Operating plans identify and schedule the IT projects that will be initiated and the IT
What is a Technical Steering Committee and what does it assess related to a technology solution?
Project Management Methodology (“Methodology”)—Group Assignment and Presentation. Professor to divide the class in groups and assign Methodologies from Exhibit 7.1. Groups will go outside of
Define Enterprise Risk Management (ERM) according to COSO. What is the ERM— Integrated Framework?
Explain why the internal environment component of the ERM—Integrated Framework is critical for organizations.
List the eight components of the ERM—Integrated Framework. List the management objectives typically related to the framework.
One of the components of the ERM—Integrated Framework is “Event (or Risk) Identification,” where incidents (i.e., events or risks) could occur in the business organization and significantly
How does NIST define risk management? How does risk management protect the organization’s information from IT threats?
Summarize the professional standards mentioned in the chapter that provide guidance to auditors and managers when conducting risk assessments.
Your organization has recently developed criteria for a risk management program. One goal of the program is to determine the adequacy and effectiveness of the company IT insurance coverage. Describe
NIST is one of the several professional standards that provide guidance to auditors and managers involved in the risk assessment process. How does NIST guidelines have assisted federal agencies and
List and describe examples of four resources for tools and techniques used in the identification and evaluation of IT-related risks.
Explain what control activities refer to and describe the types of controls available.
Describe what insurance policies for IT-related risks should typically include or cover.
Discuss what cyber insurance is. Why do you think cyber insurance is frequently excluded from traditional commercial general liability policies, or not specifically defined in traditional insurance
Explain what project management refers to.
List and describe seven best practices for an effective project management office (PMO), according to the Gartner Group.
List 10 controls normally considered when managing projects, according to COBIT.
Exhibit 7.4 lists essential skills for big data project managers. Think of (and list) three to five additional skills that would assist project managers when dealing with big data projects. Explain
Explain why/how project management has often been described as part art and part science.
Summarize the steps auditors should do in order to determine their level of involvement in a project management audit.
What is the primary standards organization for project management and what is its purpose?
What is included within the Project Management Body of Knowledge (PMBOK)?
Differentiate between the traditional and agile project management methodologies.
List and briefly explain key success factors for effective project management.
What is the difference between program and project management? How does program management puts all program pieces together?
List key tasks the auditor may perform during a project’s development.

Showing 1 - 100 of 175