Question 1

Transaction cost economics (TCE)theory suggests that firms should outsource specific non−core IT assets

Accepted Answer

A) True 
 B)False

Question 2

Computer fraud can take on many forms,including each of the following except

Accepted Answer

A)  theft or illegal use of computer-readable information 
B)  theft, misuse, or misappropriation of computer equipment 
C)  theft, misuse, or misappropriation of assets by altering computer-readable records and files 
D)  theft, misuse, or misappropriation of printer supplies 
A)  theft or illegal use of computer-readable information 
B)  theft, misuse, or misappropriation of computer equipment 
C)  theft, misuse, or misappropriation of assets by altering computer-readable records and files 
D)  theft, misuse, or misappropriation of printer supplies

Question 3

Contrast internal and external auditing.

Accepted Answer

Internal auditing is an independent appr

Question 4

IT auditing is a small part of most external and internal audits.

Accepted Answer

A) True 
 B)False

Question 5

Define database management fraud.

Accepted Answer

Database management fraud incl

Question 6

Changing the Hours Worked field in an otherwise legitimate payroll transaction to increase the amount of the paycheck is an example of data collection fraud.

Accepted Answer

A) True 
 B)False

Question 7

What is a mirrored data center?

Accepted Answer

A mirrored data center duplica

Question 8

The fundamental difference between internal and external auditing is that

Accepted Answer

A)  internal auditors represent the interests of the organization and external auditors represent outsiders 
B)  internal auditors perform IT audits and external auditors perform financial statement audits 
C)  internal auditors focus on financial statement audits and external auditors focus on operational audits and financial statement audits 
D)  external auditors assist internal auditors but internal auditors cannot assist external auditors 
A)  internal auditors represent the interests of the organization and external auditors represent outsiders 
B)  internal auditors perform IT audits and external auditors perform financial statement audits 
C)  internal auditors focus on financial statement audits and external auditors focus on operational audits and financial statement audits 
D)  external auditors assist internal auditors but internal auditors cannot assist external auditors

Question 9

What is scavenging?

Accepted Answer

Scavenging involves

Question 10

Tests of controls determine whether the database contents fairly reflect the organization's transactions.

Accepted Answer

A) True 
 B)False

Question 11

Which concept is not an integral part of an audit?

Accepted Answer

A)  evaluating internal controls 
B)  preparing financial statements 
C)  expressing an opinion 
D)  analyzing financial data 
A)  evaluating internal controls 
B)  preparing financial statements 
C)  expressing an opinion 
D)  analyzing financial data

Question 12

Why should the tasks of systems development and maintenance be segregated from operations?

Accepted Answer

The segregation of systems development (

Question 13

A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.

Accepted Answer

A) True 
 B)False

Question 14

Adequate backups will protect against all of the following except

Accepted Answer

A)  natural disasters such as fires 
B)  unauthorized access 
C)  data corruption caused by program errors 
D)  system crashes 
A)  natural disasters such as fires 
B)  unauthorized access 
C)  data corruption caused by program errors 
D)  system crashes

Question 15

Explain why reduced security is an outsourcing risk.

Accepted Answer

Information outsourced to off-shore IT v

Question 16

The financial statements of an organization reflect a set of management assertions about the financial health of the business.All of the following describe types of assertions except

Accepted Answer

A)  that all of the assets and equities on the balance sheet exist 
B)  that all employees are properly trained to carry out their assigned duties 
C)  that all transactions on the income statement actually occurred 
D)  that all allocated amounts such as depreciation are calculated on a systematic and rational basis 
A)  that all of the assets and equities on the balance sheet exist 
B)  that all employees are properly trained to carry out their assigned duties 
C)  that all transactions on the income statement actually occurred 
D)  that all allocated amounts such as depreciation are calculated on a systematic and rational basis

Question 17

Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.

Accepted Answer

A) True 
 B)False

Question 18

Briefly explain how a SAS 70 report is used in assessing internal controls of outsourced facilities.

Accepted Answer

The internal controls over the outsource

Question 19

Describe two tests that an auditor would perform to ensure that the disaster recovery plan is adequate.

Accepted Answer

review second site backup plan,critical

Question 20

Which of the following is NOT an implication of section 302 of the Sarbanes-Oxley Act?

Accepted Answer

A)  Auditors must determine, whether changes in internal control has, or is likely to, materially affect internal control over financial reporting. 
B)  Auditors must interview management regarding significant changes in the design or operation of internal control that occurred since the last audit. 
C)  Corporate management (including the CEO) must certify monthly and annually their organization's internal controls over financial reporting. 
D)  Management must disclose any material changes in the company's internal controls that have occurred during the most recent fiscal quarter. 
A)  Auditors must determine, whether changes in internal control has, or is likely to, materially affect internal control over financial reporting. 
B)  Auditors must interview management regarding significant changes in the design or operation of internal control that occurred since the last audit. 
C)  Corporate management (including the CEO) must certify monthly and annually their organization's internal controls over financial reporting. 
D)  Management must disclose any material changes in the company's internal controls that have occurred during the most recent fiscal quarter.

Transaction cost economics (TCE)theory suggests that firms should outsource specific non−core IT assets

Computer fraud can take on many forms,including each of the following except

Contrast internal and external auditing.

IT auditing is a small part of most external and internal audits.

Define database management fraud.

Changing the Hours Worked field in an otherwise legitimate payroll transaction to increase the amount of the paycheck is an example of data collection fraud.

What is a mirrored data center?

The fundamental difference between internal and external auditing is that

What is scavenging?

Tests of controls determine whether the database contents fairly reflect the organization's transactions.

Which concept is not an integral part of an audit?

Why should the tasks of systems development and maintenance be segregated from operations?

A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.

Adequate backups will protect against all of the following except

Explain why reduced security is an outsourcing risk.

The financial statements of an organization reflect a set of management assertions about the financial health of the business.All of the following describe types of assertions except

Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.

Briefly explain how a SAS 70 report is used in assessing internal controls of outsourced facilities.

Describe two tests that an auditor would perform to ensure that the disaster recovery plan is adequate.

Which of the following is NOT an implication of section 302 of the Sarbanes-Oxley Act?

The Information System: An Accountant’s Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

General Ledger, Financial Reporting, and Management Reporting Systems

Database Management Systems

The REA Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls : Security and Access

IT Controls : Systems Development Program Changes and Application Controls

Filters

Exam 15: IT Controls : Sarbanes-Oxley and IT Governance

Transaction cost economics (TCE)theory suggests that firms should outsource specific non−core IT assets

Computer fraud can take on many forms,including each of the following except

Contrast internal and external auditing.

IT auditing is a small part of most external and internal audits.

Define database management fraud.

Changing the Hours Worked field in an otherwise legitimate payroll transaction to increase the amount of the paycheck is an example of data collection fraud.

What is a mirrored data center?

The fundamental difference between internal and external auditing is that

What is scavenging?

Tests of controls determine whether the database contents fairly reflect the organization's transactions.

Which concept is not an integral part of an audit?

Why should the tasks of systems development and maintenance be segregated from operations?

A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.

Adequate backups will protect against all of the following except

Explain why reduced security is an outsourcing risk.

The financial statements of an organization reflect a set of management assertions about the financial health of the business.All of the following describe types of assertions except

Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.

Briefly explain how a SAS 70 report is used in assessing internal controls of outsourced facilities.

Describe two tests that an auditor would perform to ensure that the disaster recovery plan is adequate.

Which of the following is NOT an implication of section 302 of the Sarbanes-Oxley Act?

The Information System: An Accountant’s Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

General Ledger, Financial Reporting, and Management Reporting Systems

Database Management Systems

The REA Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls : Security and Access

IT Controls : Systems Development Program Changes and Application Controls

Filters