Exam 14: Auditing It Controls Part I: Sarbanes-Oxley and It Governance

Section 404 requires management to make a statement identifying the control framework used to conduct their assessment of internal controls.Discuss the options in selecting a control framework.

What is the empty shell?

Describe how a corporate IT function can overcome some of the problems associated with distributed data processing.

Which of the following is not an essential feature of a disaster recovery plan?

Which of the following is not true?

Which of the following is true of disaster recovery as a service (DRaaS)?

Why is inadequate documentation a chronic problem?

Explain why reduced security is an outsourcing risk.

The fundamental difference between internal and external auditing is that

Explain the outsourcing risk of failure to perform.

Both the SEC and the PCAOB have expressed an opinion as to which internal control framework an organization should use to comply with SOX legislation.Explain.

Describe the two broad groupings of information system controls that are specified by COSO.

Discuss the key features of Section 302 of the Sarbanes-Oxley Act.

The IT audit focuses on systems where technology plays a material role and thus makes the entire audit process more complex.

Distinguish between errors and irregularities.Which do you think concern auditors the most?

Internal auditors assist external auditors with financial audits to

The financial statements of an organization reflect a set of management assertions about the financial health of the business.All of the following describe types of assertions except

Which concept is not an integral part of an audit?

Define database management fraud.

Briefly explain how a SSAE 16 report is used in assessing internal controls of outsourced facilities.