search

Which of the following is most important for an IS auditor to understand when auditing an e commerce environment?

1 Jahrs vor
Kommentare: 0
Ansichten: 86

Show

An appropriate control for ensuring the AUTHENTICITY of orders received in an electronic data interchange system application is to:

VERIFY the identity of senders and determine if orders correspond to contract terms.

As part of audit planning, an IS auditor is designing various data validation tests to effectively detect transposition and transcription errors. Which of the following will BEST help in detecting these errors?

Check digit

An AUDIT CHARTER should (3):

OUTLINE the overall (1) authority, (2) scope and (3) responsibilities of the audit FUNCTION.

A centralized antivirus system DETERMINES whether each personal computer has the latest signature files and installs the latest signature files before allowing a PC to connect to the network. This is an example of a:

CORRECTIVE control.

A company has recently upgraded its purchase system to incorporate electronic data interchange (EDI) transmissions. Which of the following CONTROLS should be implemented in the EDI interface to provide for efficient data mapping?

Functional ACKNOWLEDGEMENTS

Due to unexpected resource constraints of the IS audit team, the AUDIT PLAN, as originally approved, cannot be completed. Assuming the situation is communicated in the audit report, which course of action is MOST acceptable?

FOCUS on auditing high-RISK areas.

During a compliance audit of a small bank, the IS auditor notes that BOTH the IT and accounting FUNCTIONS are being performed by the same user of the financial system. Which of the following reviews conducted by the user's supervisor would represent the BEST compensating control?

Examine computer LOG files that show INDIVIDUAL transactions.

During an exit interview, in cases where there is disagreement regarding the impact of a finding, an IS auditor should:

Elaborate on the significance of the finding and the risk of not correcting it.

During a risk analysis, an IS auditor identifies threats and potential impacts. Next, the IS auditor should:

Identify and evaluate the existing controls.

During a security audit of IT processes, an IS auditor FOUND that documented security procedures did NOT EXIST. The IS auditor should:

IDENTIFY and EVALUATE existing practices.

During the PLANNING stage of an IS audit, the PRIMARY goal of an IS auditor is to:

Address audit OBJECTIVES

The EXTENT to which data will be collected during an IS audit should be determined based on the:

PURPOSE and scope of the audit being done.

An external IS auditor discovers that systems in the scope of the audit were implemented by an associate. In such a circumstance, IS audit management should:

DISCLOSE the issue to the client.

An external IS auditor issues an audit report pointing out the lack of firewall protection features at the perimeter network gateway and RECOMMENDING a SPECIFIC vendor product to address this vulnerability. The IS auditor has failed to exercise:

Professional INDEPENDENCE.

The FINAL decision to include a material finding in an audit REPORT should be made by the:

IS auditor

A financial institution with multiple branch offices has an AUTOMATED control that requires the branch manager to APROVE transactions more than a certain amount. What type of audit control is this?

Preventive

For a retail business with a large volume of transactions, which of the following audit techniques is the MOST appropriate for addressing EMERGING risk?

CONTINUOUS auditing

In a small organization, the FUNCTION of release manager and application programmer are performed by the SAME employee. What is the BEST compensating CONTROL in this scenario?

VERIFY that only approved program changes are implemented

In PLANNING an IS audit, the MOST critical STEP is:

The IDENTIFICATION of the areas of SIGNIFICANT risk.

The internal audit department has written some scripts that are used for continuous auditing of some information systems. The IT department has asked for copies of the scripts so that they can use them for setting up a continuous monitoring process on key systems. Would sharing these scripts with IT affect the ability of the IS auditors to independently and objectively audit the IT function?

Sharing the scripts is permissible as long as IT recognizes that audits may still be conducted in areas not covered in the scripts.

An internal IS audit function is planning a general IS audit. Which of the following activities takes place during the FIRST step of the planning phase?

Development of a risk assessment

An IS auditor discovers that devices connected to the network are not included in a network diagram that had been used to develop the scope of the audit. The chief information officer explains that the diagram is being updated and awaiting final approval. The IS auditor should FIRST:

Evaluate the impact of the undocumented devices on the audit scope.

An IS auditor has identified a business process to be audited. The IS auditor should NEXT identify the:

Control objectives and activities.

An IS auditor is developing an audit plan for an environment that includes new systems. The organization's management wants the IS auditor to focus on recently implemented systems. How should the IS auditor respond?

Determine the highest-risk systems and plan accordingly.

An IS auditor is reviewing a project risk assessment and notices that the overall residual risk level is high due to confidentiality requirements. Which of the following types of risk is normally high due to the number of unauthorized users the project may affect?

Inherent risk

An IS auditor is reviewing a software application that is built on the principles of service-oriented architecture. What is the INITIAL step?

Understanding services and their allocation to business processes by reviewing the service repository documentation.

An IS auditor is reviewing risk and controls of a bank wire transfer system. To ensure that the bank's financial risk is properly addressed, the IS auditor will most likely review which of the following?

Wire transfer procedures

An IS auditor notes that failed login attempts to a core financial system are automatically logged and the logs are retained for a year by the organization. This logging is:

Not an adequate control.

An IS auditor performing an audit of the risk assessment process should FIRST confirm that:

Assets have been identified and ranked

An IS auditor performing a review of application controls would evaluate the:

Impact of any exposures discovered.

An IS auditor reviewing the process of log monitoring wants to evaluate the organization's manual review process. Which of the following audit techniques would the auditor MOST likely employ to fulfill this purpose?

Walk-through

An IS auditor should ensure that review of online electronic funds transfer reconciliation procedures should include:

Tracing.

An IS auditor who has discovered unauthorized transactions during a review of electronic data interchange (EDI) transactions is likely to recommend improving the:

Authentication techniques for sending and receiving messages.

A long-term IT employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be PRIMARILY based on the individual's experience and:

Ability, as an IS auditor, to be independent of existing IT relationships.

The MAIN purpose of the annual IS audit plan is to:

Allocate resources for audits.

The MOST effective audit practice to determine whether the operational effectiveness of controls is properly applied to transaction processing is:

Substantive testing.

The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:

Provide a basis for drawing reasonable conclusions.

An organization's IS AUDIT CHARTER should specify the:

ROLE of the IS audit FUNCTION

An organization uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks and reports for distribution. To BEST ensure payroll data accuracy:

Payroll reports should be COMPARED to input forms.

A PRIMARY benefit derived for an organization employing control self- assessment (CSA) techniques is that it:

Can IDENTIFY high-RISK areas that might need a detailed review later.

The PRIMARY objective of the audit INITIATION meeting with an IS audit client is to:

discuss the SCOPE of the audit.

The PRIMARY purpose of an IT FORENSIC audit is:

the systematic COLLECTION and analysis of EVIDENCE after a system irregularity.

The PRIMARY purpose of the IS audit charter is to:

outline the RESPONSIBILITY and AUTHORITY of the IS audit function.

The PRIMARY reason an IS auditor performs a functional walk-through during the preliminary phase of an audit assignment is to:

UNDERSTAND the business PROCESS.

The PURPOSE of a CHECKSUM on an amount field in an electronic data interchange communication of financial transactions is to ensure:

INTEGRITY.

The success of control self-assessment (CSA) DEPENDS highly on:

line managers assuming a portion of the responsibility for control monitoring.

A system developer transfers to the audit department to serve as an IT auditor. When production systems are to be reviewed by this employee, which of the following will become the MOST significant concern?

The work may be construed as a self-audit.

To ensure that audit resources deliver the best value to the organization, the FIRST step in an audit project is to:

develop the audit PLAN on the basis of a detailed RISK assessment.

What is the MAJOR benefit of conducting a control self-assessment (CSA) over a traditional audit?

It detects risk sooner.

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:

vulnerabilities and threats are identified.

When developing a risk management program, what is the FIRST activity to be performed?

Inventory of assets

When evaluating the collective effect of preventive, detective and corrective controls within a process, an IS auditor should be aware of which of the following?

The point at which controls are exercised as data flow through the system

When evaluating the controls of an electronic data interchange (EDI) application, an IS auditor should PRIMARILY be concerned with the risk of:

improper transaction authorization.

When performing a risk analysis, the IS auditor should FIRST:

IDENTIFY the organization's information ASSETS.

Which of the following choices would be the BEST source of information when developing a risk-based audit plan?

Senior management identify key business processes.

Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?

Compensating controls

Which of the following does a lack of adequate controls represent?

A vulnerability

Which of the following is an attribute of the control self- assessment approach?

Broad stakeholder involvement

Which of the following is evaluated as a preventive control by an IS auditor performing an audit?

Table lookups

Which of the following is in the BEST position to approve changes to the audit charter?

Audit committee

Which of the following is MOST important for an IS auditor to understand when auditing an e- commerce environment?

The nature and criticality of the business process supported by the application

Which of the following is MOST important to ensure that effective application controls are maintained?

Control self- assessment

Which of the following is MOST likely be considered a conflict of interest for an IS auditor who is reviewing a cybersecurity implementation?

Designing the cybersecurity controls

Which of the following is the FIRST step in an IT risk assessment for a risk-based audit?

Understand the business, its operating model and key processes.

Which of the following is the FIRST step performed prior to creating a risk ranking for the annual internal IS audit plan?

Define the audit universe.

Which of the following is the key benefit of a control self- assessment?

Management ownership of the internal controls supporting business objectives is reinforced.

Which of the following is the MAIN reason to perform a risk assessment in the planning phase of an IS audit?

To provide reasonable assurance material items will be addressed

Which of the following is the MOST critical step when planning an IS audit?

Perform a risk assessment.

Which of the following is the PRIMARY purpose of a risk-based audit?

Material areas are addressed first.

Which of the following is the PRIMARY requirement for reporting IS audit results? The report is:

Backed by sufficient and appropriate audit evidence.

Which of the following represents an example of a preventive control with respect to IT personnel?

Implementation of a badge entry system for the IT facility

Which of the following represents the GREATEST potential risk in an electronic data interchange (EDI) environment?

Lack of transaction authorizations

Which of the following responsibilities would MOST likely compromise the independence of an IS auditor when reviewing the risk management process?

Participating in the design of the risk management framework

Which of the following situations could impair the independence of an IS auditor? The IS auditor:

Implemented specific functionality during the development of an application

Which of the following would be expected to approve the audit charter?

Audit committee

Which of the following would be the GREATEST concern if audit objectives are not established during the initial phase of an audit program?

Important business risk may be overlooked

While performing an audit of an accounting application's internal data integrity controls, an IS auditor identifies a major control deficiency in the change management software supporting the accounting application. The MOST appropriate action for the IS auditor to take is to:

Continue to test the accounting application controls and include the deficiency in the final report.

While planning an IS audit, an assessment of risk should be made to provide:

Reasonable assurance that the audit will cover material items.

While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the:

Confidentiality of the work papers.

Why does an audit manager review the staff's audit papers, even when the IS auditors have many years of experience?

Professional standards

Which of the following is the most important skill an is auditor should develop?

Which of the following is the MOST important skill that an IS auditor should develop to understand the constraints of conducting an audit? Project management is correct.

Which aspects should the auditor's understanding of the entity and its environment cover?

Internal Control The auditor's understanding of the entity and its environment consists of an understanding of the following aspects: (a) Industry, regulatory, and other external factors, including the applicable financial reporting framework.

What are the factors the auditor must evaluate to understand IT?

Yes, an auditor must understand each component of the client's financial reporting controls. This includes the control environment, risk assessment process, information system, control activities that relate to the audit, and the client's monitoring of the controls.

Which of the following auditing techniques would be the most appropriate for a retail business with a large volume of transactions to address emerging risk proactively?

For a retail business with a large volume of transactions, which of the following audit techniques is the MOST appropriate for addressing emerging risk? Continuous auditing.

important auditor understand auditing commerce environment

zusammenhängende Posts

Which of the following is the most important skill that an IT auditor should develop to understand the constraints of conducting an audit?
Which of the following is the most important skill that an IT auditor should develop to understand the constraints of conducting an audit?

Why is it so important for a speaker to use the introduction to establish the relevance of the topic to the audience?
Why is it so important for a speaker to use the introduction to establish the relevance of the topic to the audience?

Why is it important to consider the historical context surrounding an event when making a historical apex?
Why is it important to consider the historical context surrounding an event when making a historical apex?

Which of the following technological advances played an important role in opening the Great Plains to farming?
Which of the following technological advances played an important role in opening the Great Plains to farming?

According to the book, a clear understanding of the businesss customers is important because it
According to the book, a clear understanding of the businesss customers is important because it

Why is it important for citizens to contact their representatives to have their voices be heard quizlet?
Why is it important for citizens to contact their representatives to have their voices be heard quizlet?

Which of the following are topics or that anthropologists believe are important to study in relation to the role of individuals in particular cultures?
Which of the following are topics or that anthropologists believe are important to study in relation to the role of individuals in particular cultures?

Why were transportation networks important in the Second Industrial Revolution in the United States quizlet?
Why were transportation networks important in the Second Industrial Revolution in the United States quizlet?

Which of the following refers to a socially constructed category of people who share biologically transmitted traits that members of a society consider important?
Which of the following refers to a socially constructed category of people who share biologically transmitted traits that members of a society consider important?

Why are ethics considered so important when studying organizational behavior multiple choice?
Why are ethics considered so important when studying organizational behavior multiple choice?

Werbung

NEUESTEN NACHRICHTEN

Which incentive plans are specifically designed to promote group performance
1 Jahrs vor . durch ContaminatedSeizure
According to the flsa, which individual is most likely a nonexempt employee?
1 Jahrs vor . durch CurledParadox
Reactive and protective behaviors designed to avoid action, blame, or change are termed ________.
1 Jahrs vor . durch ArchitecturalJogging
The machiavellian personality is characterized by the will to manipulate and the desire for power.
1 Jahrs vor . durch SubstantiveCholera
Ist ein mann in brunn gefallen noten
1 Jahrs vor . durch High-poweredAbundance
Which of the following biometric authentication systems is the most accepted by users?
1 Jahrs vor . durch ConcomitantHomeland
Was ist der Unterschied zwischen Hanf und CBD?
1 Jahrs vor . durch IllustratedSolicitation
Wie viele noten braucht man für eine zeugnisnote sachsen-anhalt
1 Jahrs vor . durch HalfwayMeantime
Wie fühlt man sich wenn man schwanger ist am anfang
1 Jahrs vor . durch UptownLineage
Kann man Basaltemperatur auch tagsüber Messen?
1 Jahrs vor . durch FlashyDismissal

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjpkoptzhhiitth
Urheberrechte © © 2024 defrojeostern Inc.