Question 1

To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.

Accepted Answer

A) True 
 B)False  False

Question 2

Distributed data processing reduces the risk of operational inefficiencies.

Accepted Answer

A) True 
 B)False  False

Question 3

Adequate backups will protect against all of the following except

Accepted Answer

A)  natural disasters such as fires 
B)  unauthorized access 
C)  data corruption caused by program errors 
D)  system crashes 
A)  natural disasters such as fires 
B)  unauthorized access 
C)  data corruption caused by program errors 
D)  system crashes B

Question 4

List five risks associated with IT outsourcing.

Accepted Answer

Failure to Perform
Vendor Expl

Question 5

Certain duties that are deemed incompatible in a manual system may be combined in a computer-based information system environment.

Accepted Answer

A) True 
 B)False

Question 6

Which of the following is a feature of fault tolerance control?

Accepted Answer

A)  interruptible power supplies 
B)  RAID 
C)  DDP 
D)  MDP 
A)  interruptible power supplies 
B)  RAID 
C)  DDP 
D)  MDP

Question 7

All of the following are control risks associated with the distributed data processing structure except

Accepted Answer

A)  lack of separation of duties 
B)  system incompatibilities 
C)  system interdependency 
D)  lack of documentation standards 
A)  lack of separation of duties 
B)  system incompatibilities 
C)  system interdependency 
D)  lack of documentation standards

Question 8

List three pairs of system functions that should be separated in the centralized computer services organization. Describe a risk exposure if the functions are not separated.

Accepted Answer

separate systems development from data p

Question 9

Which of the following disaster recovery techniques is has the least risk associated with it?

Accepted Answer

A)  empty shell 
B)  ROC 
C)  internally provided backup 
D)  they are all equally risky 
A)  empty shell 
B)  ROC 
C)  internally provided backup 
D)  they are all equally risky

Question 10

Specific IT assets support an organization's strategic objectives.

Accepted Answer

A) True 
 B)False

Question 11

What problems may occur as a result of combining applications programming and maintenance tasks into one position?

Accepted Answer

One problem that may occur is inadequate

Question 12

Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.

Accepted Answer

A) True 
 B)False

Question 13

Explain the outsourcing risk of failure to perform.

Accepted Answer

Once a client firm has outsourced specif

Question 14

The least important item to store off-site in case of an emergency is

Accepted Answer

A)  backups of systems software 
B)  backups of application software 
C)  documentation and blank forms 
D)  results of the latest test of the disaster recovery program 
A)  backups of systems software 
B)  backups of application software 
C)  documentation and blank forms 
D)  results of the latest test of the disaster recovery program

Question 15

Critical applications should be identified and prioritized by the user departments, accountants, and auditors.

Accepted Answer

A) True 
 B)False

Question 16

A mutual aid is the lowest cost disaster recovery option, but has shown to be effective and low risk.

Accepted Answer

A) True 
 B)False

Question 17

All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except

Accepted Answer

A)  inspection of the second site backup 
B)  analysis of the fire detection system at the primary site 
C)  review of the critical applications list 
D)  composition of the disaster recovery team 
A)  inspection of the second site backup 
B)  analysis of the fire detection system at the primary site 
C)  review of the critical applications list 
D)  composition of the disaster recovery team

Question 18

Discuss the advantages and disadvantages of the second site backup options.

Accepted Answer

Second site backups include mutual aid p

Question 19

All of the following tests of controls will provide evidence about the physical security of the computer center except

Accepted Answer

A)  review of fire marshal records 
B)  review of the test of the backup power supply 
C)  verification of the second site backup location 
D)  observation of procedures surrounding visitor access to the computer center 
A)  review of fire marshal records 
B)  review of the test of the backup power supply 
C)  verification of the second site backup location 
D)  observation of procedures surrounding visitor access to the computer center

Question 20

Describe two tests that an auditor would perform to ensure that the disaster recovery plan is adequate.

Accepted Answer

Review second site backup plan, critical

To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.

Distributed data processing reduces the risk of operational inefficiencies.

Adequate backups will protect against all of the following except

List five risks associated with IT outsourcing.

Certain duties that are deemed incompatible in a manual system may be combined in a computer-based information system environment.

Which of the following is a feature of fault tolerance control?

All of the following are control risks associated with the distributed data processing structure except

List three pairs of system functions that should be separated in the centralized computer services organization. Describe a risk exposure if the functions are not separated.

Which of the following disaster recovery techniques is has the least risk associated with it?

Specific IT assets support an organization's strategic objectives.

What problems may occur as a result of combining applications programming and maintenance tasks into one position?

Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.

Explain the outsourcing risk of failure to perform.

The least important item to store off-site in case of an emergency is

Critical applications should be identified and prioritized by the user departments, accountants, and auditors.

A mutual aid is the lowest cost disaster recovery option, but has shown to be effective and low risk.

All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except

Discuss the advantages and disadvantages of the second site backup options.

All of the following tests of controls will provide evidence about the physical security of the computer center except

Describe two tests that an auditor would perform to ensure that the disaster recovery plan is adequate.

Auditing and Internal Control

Auditing Operating Systems and Networks

Auditing Database Systems

Systems Development and Program Change Activities

Transaction Processing and Financial Reporting Systems Overview

Computer Assisted Audit Tools and Techniques

Data Structures and Caatts for Data Extraction

Auditing the Revenue Cycle

Auditing the Expenditure Cycle

Enterprise Resource Planning Systems

Business Ethics, Fraud, and Fraud Detection

Filters

Exam 2: Auditing IT Governance Controls

To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.

Distributed data processing reduces the risk of operational inefficiencies.

Adequate backups will protect against all of the following except

List five risks associated with IT outsourcing.

Certain duties that are deemed incompatible in a manual system may be combined in a computer-based information system environment.

Which of the following is a feature of fault tolerance control?

All of the following are control risks associated with the distributed data processing structure except

List three pairs of system functions that should be separated in the centralized computer services organization. Describe a risk exposure if the functions are not separated.

Which of the following disaster recovery techniques is has the least risk associated with it?

Specific IT assets support an organization's strategic objectives.

What problems may occur as a result of combining applications programming and maintenance tasks into one position?

Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.

Explain the outsourcing risk of failure to perform.

The least important item to store off-site in case of an emergency is

Critical applications should be identified and prioritized by the user departments, accountants, and auditors.

A mutual aid is the lowest cost disaster recovery option, but has shown to be effective and low risk.

All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except

Discuss the advantages and disadvantages of the second site backup options.

All of the following tests of controls will provide evidence about the physical security of the computer center except

Describe two tests that an auditor would perform to ensure that the disaster recovery plan is adequate.

Auditing and Internal Control

Auditing Operating Systems and Networks

Auditing Database Systems

Systems Development and Program Change Activities

Transaction Processing and Financial Reporting Systems Overview

Computer Assisted Audit Tools and Techniques

Data Structures and Caatts for Data Extraction

Auditing the Revenue Cycle

Auditing the Expenditure Cycle

Enterprise Resource Planning Systems

Business Ethics, Fraud, and Fraud Detection

Filters