Beruflich Dokumente
Kultur Dokumente
1. One reason why IT auditing evolved from traditional auditing was that
a. Auditors realized that computers had impacted their ability to perform the attestation
function
b. Computers and information processing were not a key resource
c. Professional associations such as AICPA and ISACA did not recognize the need
d. Government did not recognize the need
2. IT auditing may involve
a. Organizational IT audits
b. Application IT audits
c. Development/implementation IT audits
d. All of the above
3. The breadth and depth of knowledge required to audit IT and systems are extensive and may include
a. Application of risk-oriented audit approaches
b. Reporting to management and performing follow-up review to insure action taken
c. Assessment of security and privacy issues that can put the organization at risk
d. All of the above
4. COBIT stands for
a. A computer language
b. A federal agency
c. Control Objective for Information and Related Technology
d. None of the above
5. ISACA stands for
a. Information Systems Security Association
b. Institute of Internal Auditors
c. Information Systems Audit and Control Association
d. International Association for Computer Educators
6. ISO is
a. A government organization
b. A private company
c. The International Organization for Standardization
d. None of the above
7. The federal government plan for improving security on the Internet is called
a. FIP 102 Computer Security and Accreditation
b. National Strategy for Securing Cyberspace
c. Computer Abuse Act of 1984
d. Privacy Act of 1974
8. The SarbanesOxley Act of 2002
a. Does not affect the attestation function
b. Applies only to the Big Four accounting firms
c. Requires auditor rotation
d. Does not apply to small accounting/audit firms
9. Which is the most recent federal law that addresses computer security or privacy
a. Computer Fraud and Abuse Act
b. Computer Security Act
c. Homeland Security Act
d. Electronic Communications Privacy Act
10. Which act has a provision where punishment can be up to life in prison if electronic hackers are found
guilty of causing death to others through their actions?
a. Computer Fraud and Abuse Act
b. Freedom of information Act
c. Communications Decency Act
d. Homeland Security Act
Chapter 2
The Legal Environment and Its Impact on Information Technology
Chapter 3
Audit and Review: Its Role in Information Technology
1. Which of the following is not one of the 10 top reasons for the start-up of IT audit:
a. Auditing around the computer was becoming unsatisfactory for the purposes of database reliance
b. Accessibility of personal computers for office and home use
c. Very little advancement in technology
d. The growth of corporate hackers
2. Professional associations that have Standards of Practice:
a. IIA
b. ISACA
c. AICPA
d. All the above
3. A federal agency that develops and issues government auditing standards is
a. GSA
b. GAO
c. Federal Bureau of Investigation (FBI)
d. Federal Trade Commission (FTC)
4. A special condition where an auditor must be free of any bias or influence, and have
a. IT skills
b. Good writing skills
c. Professional development
d. Independence
5. Which federal law was developed and passed by the U.S. lawmakers in reaction to the recent financial
frauds such as Enron:
a. FCPA
b. SEC Act
c. SarbanesOxley Act
d. Computer Fraud and Abuse Act
6. In the authors opinion, an auditor must have
a. High ethical standards
b. Limited training
c. Poor communication skills
d. Poor time management skills
7. GAAS was developed and issued by
a. NIST
b. AICPA
c. FTC
d. NSA
8. Certifications that may be helpful to an IT auditor:
a. CIA
b. CFE
c. CISSP
d. All of the above
9. An auditor who works for IBM directly and is on its audit staff is considered to be
a. An external auditor
b. An internal auditor
c. A consultant
d. None of the above
10. Computer forensic specialists are experts who
a. Investigate under extreme secrecy so that other individuals do not know exactly what they are
doing or what information they have gathered
b. May testify in court where an independent opinion is needed on complex technical issues
c. Have an extensive background working with computers and dealing with technical issues, and are,
of course, familiar with gathered information and the methods used to acquire that information
d. All of the above
Chapter 4
The Audit Process in an Information Technology Environment
1. Which audit area involves definition of audit scope, initial contacts and communication with auditees,
and audit team selection?
a. Fact gathering
b. Audit state
c. Audit preparation
d. Audit objectives
2. Which audit area involves a formal plan for reviewing and testing each significant audit subject area
disclosed during fact gathering?
a. Audit objectives
b. Audit program
c. Audit state
d. Use of audit tools
3. Which IT audit area involves formal statements that describe a course of action that should be
implemented to restore or provide accuracy, efficiency, or adequate control of audit subject?
a. Audit state
b. Findings of the audit reports
c. Recommendations of an audit report
d. Conclusion of an audit report
4. At the minimum, an audit plan should include all but
a. Definition of scope
b. Objectives stated
c. An orderly, structured approach
d. A lack of flexibility in approach
5. The activities of a preliminary review may include
a. General data gathering
b. Identifying financial application areas
c. Preparing the audit plan
d. All of the above
6. The first step in conducting fieldwork and implementing audit methodology is
a. Design audit procedures
b. Define audit objectives
c. Evaluate results
d. Build a detailed understanding of area being audited
7. The purpose of follow up is to
a. Determine if the audit recommendations have been implemented
b. Determine the progress made in implementing the audit recommendations
c. Assess any potential savings/value added as a result of the recommendations
d. All of the above
8. The advantage of tying the audit universe to organization objectives is that it
a. Links the entire audit process to business objectives
b. Improves managements understanding of the audit process
c. Develops the communication plan for the audit
d. None of the above
9. Audit risk assessment is an important step in the audit process because
a. It leverages the abilities of audit staff and by minimizing redundant activity
b. It provides a framework for communicating the audit results
c. It provides a framework for allocating audit resources to achieve maximum benefit
d. None of the above
10. Auditing is a cyclical process because
a. Performing audit tests is an iterative process
b. Audit results are used in subsequent risk assessments
c. The audit universe is aligned to the business cycle
d. All of the above
Chapter 5
Auditing Information Technology Using Computer-Assisted Audit Tools and Techniques
Chapter 7
IT Auditing in the New Millennium
1. IT auditing involves
a. People
b. Technology
c. Operations and systems
d. All of the above
2. COBIT was developed and issued by
a. AICPA
b. IIA
c. ISACA
d. ACFE
3. The SAC reports were issued by
a. IIA
b. ISSA
c. ISACA
d. AICPA
4. Information assurance is defined as
a. Information integrity
b. The level of confidence and trust that can be placed on the information
c. The level of trust and confidence that can be placed on service availability
d. All of the above
5. The following U.S. federal act has pledged almost a billion dollars toward curriculum, research, and
skill development in IT audit, control, security, and information assurances issues:
a. Computer Fraud and Abuse Act of 1984
b. Computer Security Act of 1987
c. Cyber Security Research and Development Act
d. HIPAA Act of 1996
6. Which organization operating under U.S. national authority and its initiatives provides the foundation
for a dramatic increase in the population of trained and professionalized security experts?
a. AICPA
b. ISACA
c. NIETP
d. None of the above
7. Standards for information security officers have been issued by
a. CIA
b. FBI
c. GAO
d. NSTISSC
8. A new field of opportunity and career growth is
a. Business systems analyst
b. Computer forensic analyst
c. Network administrator
d. None of the above
9. The number of universities within the United States identified as centers of excellence in information
assurances is
a. 10
b. 25
c. 40
d. Greater than 49
10. The IT auditors role in IT governance can be as
a. A counselor
b. A partner of senior management
c. An educator
d. All of the above
Chapter 8
IT Governance
1. IT governance is
a. The process by which an enterprises IT is directed and controlled
b. The evaluation of computers and information processing not as key resources
c. Management that is only involved in making decisions
d. User dominance in IT decision making
2. IT governance is controlled through a series of processes and procedures that:
a. Determine how investments are managed
b. Identify who can make decisions
c. Determine how results are measured
d. None of the above
3. For IT to be an effective partner in organizational decision making, the CIO must
a. Offer proactive solutions to organizational needs
b. Get agreement on the measures of IT performance
c. Regularly attend board meetings
d. None of the above
4. Which of the following is not a main reason for ERM functions being established within organizations?
a. Increasing software patches
b. Magnitude of problem
c. Increasing business risks
d. Organizational oversight
5. Compliance with laws and regulations is a key business risk because of
a. The controls outlined in COBIT
b. The impact on security of an organization
c. The sheer number of laws and regulations
d. The automation of financial processes
6. Continuous auditing is a technique used to
a. Create a sample of production data to test controls
b. Detect and report on control breakdowns as they occur
c. Provide a tool for business users to manage IT
d. All of the above
7. Measuring IT performance is dependent on
a. Delivering successful projects
b. Keeping operations running
c. Reducing operating costs
d. The strategy and objectives of the organization
8. Developing a successful measurement process requires
a. Alignment between IT and organization objectives
b. Mature measurement processes
c. Support from IT and organization management
d. Automated measurement tools to report accurate metrics
9. A successful measurement process includes all of the following, except
a. Ownership of the measurement process from the area to be measured.
b. Measure the effective use of resources and alignment with business objectives.
c. Measurement of events and processes rather than individuals.
d. Measurement must be meaningful, reliable, and accurately represent the area measured.
10. IT governance requires management action taken at all levels to
a. Decrease the probability of carelessness
b. Reduce outside threat and the probability of hostile penetration
c. Decrease fraud and corruption within the organization
d. All of the above
Chapter 9
Strategy and Standards
Chapter 10
Risk Management