Professional Documents
Culture Documents
1) In sampling, which of the following is a measure of central tendency? A. Variance B. Range C. Mode D. Standard deviation 2) A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual's experience and: A. ability, as an IS auditor, to be independent of existing IS relationships. B. age as training in audit techniques may be impractical. C. the length of service since this will help ensure technical competence. D. IS knowledge since this will bring enhanced credibility to the audit function. 3) Each of the following is a general control concern EXCEPT: A. documentation procedures within the IS Department. B. physical access controls and security measures. C. organization of the IS Department. D. balancing of daily control totals. 4) Which of the following online auditing techniques is most effective for the early detection of errors or irregularities? A. Embedded audit module B. Audit hooks C. Integrated test facility D. Snapshots 5) In a review of the IS resource management function, the IS Auditor finds that no computer routines were developed or acquired to read and take extracts from the mainframe systems job accounting software facility. Instead, the complete log record of system activity is printed out on a daily basis and distributed to several responsible managers in the IS department. The most reasonable interpretation of this situation by the IS Auditor is that: A. Managements review of systems activity is unusually thorough; control in this area is probably strong. B. IS management makes little real use of this system facility, control in this area is probably weak. C. IS Management is probably concerned over the high cost of developing or acquiring programs of this type. D. Operations management has decided to take this approach in the interest of maximizing systems efficiency. 6) Which of the following would an Information Systems Auditor consider most important in selecting an application for audit? A. The IS Auditors level of experience. B. The applications degree of exposure. C. The results of previous audits. D. Whether or not the system is a financial one. 7) The primary purpose of an audit charter is to: A. describe the authority and responsibilities of the audit department. B. formally document the audit department's plan of action. C. document a code of professional conduct for the auditor. D. document the audit process used by the enterprise.
16) Which of the following would be the BEST population to take a sample from when testing program changes? A. Program change requests B. Test library listings C. Source program listings D. Production library listings 17) An IS Auditor using systematic sampling for a population of 10,000 items determines that a sample size of 200 would be sufficient to accomplish the test objectives. The sampling interval would be: A. 50 B. 200 C. 100 D. 500 18) The PRIMARY role of an IS auditor during the system design phase of an application development project is to: A. advise the development manager on adherence to the schedule. B. ensure all necessary controls are included in the initial design. C. ensure the design accurately reflects the requirement. D. advise on specific and detailed control procedures. 19) The first step the IS Audit Manager should take when preparing the annual IS audit plan is to: A. begin with the prior year's IS audit plan and carry over any IS audits that had not been accomplished. B. meet with the audit committee members to discuss the IS audit plan for the upcoming year. C. ensure that the IS audit staff is competent in areas that are likely to appear on the plan and provide training as necessary. D. perform a risk ranking of the current and proposed application systems to prioritize the IS audits to be conducted. 20) Which of the following is the least important factor in determining the need for an IS Auditor to be involved in a new system development project? A. The number of lines of code to be written B. The potential benefits of the system C. The value of the system to the organization D. The cost of the system 21) Which statement is true concerning transaction selections that use generalized audit software: A. It requires a highly technical auditor to install an maintain the generalized audit software all year B. It is not practical for sampling of transactions in complex computer application systems C. It requires alteration of the production computer application system D. It employs an independent computer program to monitor and select transactions for internal audit review 22) Reviewing management's long-term strategic plans helps the IS auditor: A. assess the organization's reliance on information systems. B. test the enterprise's internal controls. C. gain an understanding of an organization's goals and objectives. D. determine the number of audit resources needed. 23) IS Audit Managements most important function is to: A. Maintain the quality of the departments written communications to management. B. Encourage the use of the computer-assisted audit techniques to reduce audit cost. C. Maintain the level of technical competence in the department.
24) An audit charter should: A. document the audit procedures designed to achieve the planned audit objectives. B. be dynamic and change often to coincide with the changing nature of technology and the audit profession. C. clearly state audit objectives for and the delegation of authority to the maintenance and review of internal controls. D. outline the overall authority, scope and responsibilities of the audit function. 25) While reviewing internal controls in a microcomputer environment, an IS auditor recommends that duties should be regularly rotated. The effect of implementing this recommendation would ensure which of the following controls? A. Compensating B. Detective C. Preventative D. Corrective