AIS Advanced Exam 1 Questions & Answers 2024/2025
Biro's Tenets - AWTIRC - ANSWERS- Assume nothing
- What is the root cause?
- Trust but verify (Ronald Reagan)
- Integrity
- Respect for those you audit and their mission
- Compliance does NOT equal security; compliance is not...
- Compliance does NOT equal security; compliance is not permanent
Difference between a risk assessment and IT audit - ANSWERSRisk assessment allows an entity to
understand the extent to which potential events might impact objectives
IT audit is similar to RA but with teeth - demonstrates compliance with law, regulation or policy
Definition of Risk - ANSWERSA daily occurrence
* Risk = Probability (Likelihood) x Impact
Recent noteworthy Info Security Breaches (Jan 2023) - ANSWERS- Twitter: Database of over 200 million
users goes public
- Mail-chimp: Discloses social engineering attack
- Norton Life-lock: Warns customer of credential stuffing attack
- PayPal: Reports credential stuffing attack
,- CommuteAir: No Fly List leaks over unsecured server
- T-Mobile: Disclosed data breach affecting 37 million customers
A process, effected by an entity's board of directors, management and other personnel, applied in
strategy setting and across the enterprise, designed to identify potential events that may affect the
entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the
achievement of entity objectives
Response to Risk - ARSA - ANSWERS4 categories:
- Avoid
- Reduce
- Share
- Accept
Management considers these responses with the intent of achieving a residual risk level aligned with the
entity's tolerances
Risk Culture - ANSWERSSet of encouraged and acceptable behaviors, discussions, decisions, and
attitudes toward taking and managing risk within an institution
- Glue that binds all elements of risk management infrastructure together, bc it reflects the shared
values, goals, practices and reinforcement mechanisms that embed risk into organization's decision-
making processes and risk mgmt into its operating processes
- Surveyed to establish ERM
- after risk philosophy is determined
- before organizational integrity and ethical values are considered
- before roles and responsibilities are decided
, Risk Appetite - ANSWERSThe amount of risk - on a broad level - an entity is willing to accept in pursuit of
value
- Use quantitative/qualitative terms and consider risk tolerance
Internal Auditor - ANSWERSPlay an important role in monitoring ERM, but do NOT have primary
responsibility for its implementation or maintenance
Assist mgmt and the board/audit committee in the process by:
- Monitoring
- Examining
- Evaluating
- Reporting
- Recommending Improvements
Definition of Risk Assessment - ANSWERSThe identification and analysis of risks to the achievement of
business objectives —> it forms a basis for determining how risks should be managed
Assesses risk from 2 perspectives: Likelihood and Impact
Assesses risk on both an inherent and a residual basis
How internal auditors add value: - ANSWERS- Reviewing critical control systems and risk mgmt processes
- Performing an effectiveness review of mgmt's risk assessments and the internal controls
- Providing advice in the design & improvement of control systems and risk mitigation strategies
- Implementing a risk-based approach to planning & executing the internal audit process
- Ensuring that internal auditing's resources are directed at those areas most important to the
organization
- Challenging the bass of mgmt's risk assessments & evaluating the adequacy & effectiveness of risk
treatment strategies
- Facilitating ERM workshops
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Bensuda. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.