Who should approve the audit charter of an organization? - ANSWERSenior Management
What should the content of an audit charter be? - ANSWERThe scope, authority, and responsibilities of the audit function
What is the prime reason for review of an organization chart? - ANSWERTo understand the a...
Hemang Doshi CISA Study Guide Key
Aspects Questions & Answers 100%
Correct!!
Who should approve the audit charter of an organization? - ANSWERSenior
Management
What should the content of an audit charter be? - ANSWERThe scope, authority,
and responsibilities of the audit function
What is the prime reason for review of an organization chart? - ANSWERTo
understand the authority and responsibility of individuals
The actions of an IS auditor are primiarily influenced by - ANSWERAudit Charter
Which document provides the overall authority for an auditor to perform an audit? -
ANSWERAudit charter
What is the objective of encryption? - ANSWERTo ensure the integrity and
confidentiality of transactions.
How are inbound transactions controlled in an EDI environment? - ANSWERInbound
transactions are controlled via logs of the receipt of inbound transactions, the use of
segment count totals, and the use of check digits to detect transposition and
transcription errors.
What is the objective of key verification control? - ANSWERKey verification is a
method where data is entered a second time and compared with the initial data entry
to ensure that the data entered is correct. This is generally used in EFT transactions,
where another employee re-enters the same data to perform this check before any
money is transferred.
What is the primary reason for the audit function directly reporting to the audit
committee? - ANSWERThe audit function must be independent of the business
function and should have direct access to the audit committee of the board
What is the major risk of EDI transactions? - ANSWERThe absence of agreement (in
the absence of a trading partner agreement, there could be uncertainty related to
specific legal liability)
What is the objective of non-repudiation? - ANSWERNon-repudiation ensures that a
transaction is enforceable and that the claimed sender cannot later deny generating
and sending the message.
What is the most important component of the artificial intelligence/expert system
area? - ANSWERKnowledge base (The knowledge base contains specific
,information or fact patterns associated with a particular subject matter and the rules
for interpreting these facts; therefore, strict access control should be implemented
and monitored to ensure the integrity of the decision rules)
Segregation of duties is an example of which type of control? - ANSWERPreventive
control
Controls that enable a risk or deficiency to be corrected before a loss occurs are
known as what? - ANSWERCorrective control
Controls that directly mitigate a risk or lack of controls directly acting upon a risk are
know as what? - ANSWERCompensating control
The most important step in a risk assessment is to identify - ANSWERThreats and
vulnerabilities
In risk-based audit planning, an IS auditor's first step is to identify what? -
ANSWERHigh risk areas
Once threats and vulnerabilities are identified, what should be the next step? -
ANSWERIdentify and evaluate existing controls
What is the advantage of risk based audit planning? - ANSWERResources can be
utilized for high risk areas
What does the level of protection of information assets depend on? -
ANSWERCriticality of assets
What is risk that is influenced by the actions of an auditor known as? -
ANSWERDetection risk
What is audit risk? - ANSWERAudit risk is the sum total of inherent risk, control risk,
and detection risk
What is risk the product of? - ANSWERProbability and impact
What are the results of risk management processes used for? - ANSWERDesigning
the control
Whose responsibility is the management of risk to an acceptable level? -
ANSWERSenior management
What is the absence of proper security measures known as? - ANSWERVulnerability
What is the advantage of the bottom-up approach for the development of
organizational policies? - ANSWERIt ensures consistency across the organization.
What is risk before controls are applied known as? - ANSWERInherent risk/gross
risk (after the implementation of controls, it is known as residual risk/net risk).
, What does the information systems audit provide? - ANSWERReasonable
assurance about coverage of material items.
What is the first step of an audit project? - ANSWERTo develop an audit plan.
What is the primary reason for a functional walkthrough? - ANSWERTo understand
the business process.
What is the major concern in the absence of established audit objectives? -
ANSWERNot able to determine key business risks.
What is the primary objective for performing risk assessment prior to the audit? -
ANSWERAllocate audit resources to areas of high risks.
What is the step of the audit planning phase? - ANSWERConducting risk
assessments to determine the area of high risk.
Which sampling technique should be used when the probability of error must be
objectively quantified? - ANSWERStatistical sampling.
How can sampling risk be mitigated? - ANSWERStatistical sampling.
Which sampling method is most useful when testing for compliance? -
ANSWERAttribute sampling.
In the case of a strong internal control, could the confidence coefficient/sample size
be increased or lowered? - ANSWERThe confidence coefficient/sampling size may
be lowered.
Which sampling method would best assist auditors when there is concerns of fraud?
- ANSWERDiscovery sampling.
How can you differentiate between compliance testing and substantive testing? -
ANSWERThe objective of compliance testing is to test the presence of controls,
whereas the objective of substantive testing is to test individual transactions. Let's
take the example of asset inventory:
To verify whether control exists for inward/outward of the assets is compliance
testing
To verify the count of physical assets and comparing it with records is substantive
testing
Give an example of compliance testing. - ANSWERTo verify the configuration of a
router for controls
.
To verify the change management process to ensure controls are effective.
Review of system access rights.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller papersbyjol. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
