AIS Advanced Exam 1 Questions & Answers 2024/2025
Biro's Tenets - AWTIRC - ANSWERS- Assume nothing
- What is the root cause?
- Trust but verify (Ronald Reagan)
- Integrity
- Respect for those you audit and their mission
- Compliance does NOT equal security; compliance is not...
- Compliance does NOT equal security; compliance is not permanent
Difference between a risk assessment and IT audit - ANSWERSRisk assessment allows an entity to
understand the extent to which potential events might impact objectives
IT audit is similar to RA but with teeth - demonstrates compliance with law, regulation or policy
Definition of Risk - ANSWERSA daily occurrence
* Risk = Probability (Likelihood) x Impact
Recent noteworthy Info Security Breaches (Jan 2023) - ANSWERS- Twitter: Database of over 200 million
users goes public
- Mail-chimp: Discloses social engineering attack
- Norton Life-lock: Warns customer of credential stuffing attack
- PayPal: Reports credential stuffing attack
,- CommuteAir: No Fly List leaks over unsecured server
- T-Mobile: Disclosed data breach affecting 37 million customers
A process, effected by an entity's board of directors, management and other personnel, applied in
strategy setting and across the enterprise, designed to identify potential events that may affect the
entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the
achievement of entity objectives
Response to Risk - ARSA - ANSWERS4 categories:
- Avoid
- Reduce
- Share
- Accept
Management considers these responses with the intent of achieving a residual risk level aligned with the
entity's tolerances
Risk Culture - ANSWERSSet of encouraged and acceptable behaviors, discussions, decisions, and
attitudes toward taking and managing risk within an institution
- Glue that binds all elements of risk management infrastructure together, bc it reflects the shared
values, goals, practices and reinforcement mechanisms that embed risk into organization's decision-
making processes and risk mgmt into its operating processes
- Surveyed to establish ERM
- after risk philosophy is determined
- before organizational integrity and ethical values are considered
- before roles and responsibilities are decided
, Risk Appetite - ANSWERSThe amount of risk - on a broad level - an entity is willing to accept in pursuit of
value
- Use quantitative/qualitative terms and consider risk tolerance
Internal Auditor - ANSWERSPlay an important role in monitoring ERM, but do NOT have primary
responsibility for its implementation or maintenance
Assist mgmt and the board/audit committee in the process by:
- Monitoring
- Examining
- Evaluating
- Reporting
- Recommending Improvements
Definition of Risk Assessment - ANSWERSThe identification and analysis of risks to the achievement of
business objectives —> it forms a basis for determining how risks should be managed
Assesses risk from 2 perspectives: Likelihood and Impact
Assesses risk on both an inherent and a residual basis
How internal auditors add value: - ANSWERS- Reviewing critical control systems and risk mgmt processes
- Performing an effectiveness review of mgmt's risk assessments and the internal controls
- Providing advice in the design & improvement of control systems and risk mitigation strategies
- Implementing a risk-based approach to planning & executing the internal audit process
- Ensuring that internal auditing's resources are directed at those areas most important to the
organization
- Challenging the bass of mgmt's risk assessments & evaluating the adequacy & effectiveness of risk
treatment strategies
- Facilitating ERM workshops
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur Bensuda. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour 9,53 €. Vous n'êtes lié à rien après votre achat.