Question 1

Define operational fraud.

Accepted Answer

Operations fraud is the misuse or theft of the firm's computer resources.This often involves using the computer to conduct personal business.

Question 2

What are the components of audit risk?

Accepted Answer

Inherent risk is associated with the unique characteristics of the business itself; control risk is the likelihood that the control structure is flawed because controls are absent or inadequate; and detection risk is the risk that auditors are willing to take that errors will not be detected by the audit.

Question 3

What is a recovery operations center? What is its purpose?

Accepted Answer

A recovery operations center (ROC)or hot site is a fully equipped backup data center that many companies share.In addition to hardware and backup facilities,ROC service providers offer a range of technical services to their clients,who pay an annual fee for access rights.In the event of a major disaster,a subscriber can occupy the premises and,within a few hours,resume processing critical applications..

Question 4

The following are examples of commodity assets except

Accepted Answer

A)  network management 
B)  systems operations 
C)  systems development 
D)  server maintenance 
A)  network management 
B)  systems operations 
C)  systems development 
D)  server maintenance

Question 5

To ensure sound internal control,program coding and program processing should be separated.

Accepted Answer

A) True 
 B)False

Question 6

Why should the tasks of systems development and maintenance be segregated from operations?

Accepted Answer

The segregation of systems development (

Question 7

Which organizational structure is most likely to result in good documentation procedures?

Accepted Answer

A)  separate systems development from systems maintenance 
B)  separate systems analysis from application programming 
C)  separate systems development from data processing 
D)  separate database administrator from data processing 
A)  separate systems development from systems maintenance 
B)  separate systems analysis from application programming 
C)  separate systems development from data processing 
D)  separate database administrator from data processing

Question 8

Which statement is not true?

Accepted Answer

A)  Auditors must maintain independence. 
B)  IT auditors attest to the integrity of the computer system. 
C)  IT auditing is independent of the general financial audit. 
D)  IT auditing can be performed by both external and internal auditors. 
A)  Auditors must maintain independence. 
B)  IT auditors attest to the integrity of the computer system. 
C)  IT auditing is independent of the general financial audit. 
D)  IT auditing can be performed by both external and internal auditors.

Question 9

Why should new systems development activities be segregated from the program change (maintenance)function.

Accepted Answer

Combining these functions increases the

Question 10

The most common access point for perpetrating computer fraud is at the data collection stage.

Accepted Answer

A) True 
 B)False

Question 11

Explain why reduced security is an outsourcing risk.

Accepted Answer

Information outsourced to off-shore IT v

Question 12

Explain the role of a SAS 70 report in reviewing internal controls.

Accepted Answer

SAS 70 report is the means by which an o

Question 13

Does a qualified opinion on management's assessment of internal controls over the financial reporting system necessitate a qualified opinion on the financial statements? Explain.

Accepted Answer

No.Auditors are permitted to simultaneou

Question 14

__________________________ are intentional mistakes while __________________________ are unintentional mistakes.

Accepted Answer

Irregulari

Question 15

Supervision in a computerized environment is more complex than in a manual environment for all of the following reasons except

Accepted Answer

A)  rapid turnover of systems professionals complicates management's task of assessing the competence and honesty of prospective employees 
B)  many systems professionals have direct and unrestricted access to the organization's programs and data 
C)  rapid changes in technology make staffing the systems environment challenging 
D)  systems professionals and their supervisors work at the same physical location 
A)  rapid turnover of systems professionals complicates management's task of assessing the competence and honesty of prospective employees 
B)  many systems professionals have direct and unrestricted access to the organization's programs and data 
C)  rapid changes in technology make staffing the systems environment challenging 
D)  systems professionals and their supervisors work at the same physical location

Question 16

Briefly explain how a SAS 70 report is used in assessing internal controls of outsourced facilities.

Accepted Answer

The internal controls over the outsource

Question 17

Which of the following is not true?

Accepted Answer

A) When management outsources their organization's IT functions,they also outsource responsibility for internal control. 
B) Once a client firm has outsourced specific IT assets,its performance becomes linked to the vendor's performance. 
C) IT outsourcing may affect incongruence between a firm's IT strategic planning and its business planning functions. 
D) The financial justification for IT outsourcing depends upon the vendor achieving economies of scale. 
A) When management outsources their organization's IT functions,they also outsource responsibility for internal control. 
B) Once a client firm has outsourced specific IT assets,its performance becomes linked to the vendor's performance. 
C) IT outsourcing may affect incongruence between a firm's IT strategic planning and its business planning functions. 
D) The financial justification for IT outsourcing depends upon the vendor achieving economies of scale.

Question 18

To fulfill the segregation of duties control objective,computer processing functions (like authorization of credit and billing)are separated.

Accepted Answer

A) True 
 B)False

Question 19

Both the SEC and the PCAOB require management to use the COSO framework for assessing internal control adequacy.

Accepted Answer

A) True 
 B)False

Question 20

An IT auditor expresses an opinion on the fairness of the financial statements.

Accepted Answer

A) True 
 B)False

Define operational fraud.

What are the components of audit risk?

What is a recovery operations center? What is its purpose?

The following are examples of commodity assets except

To ensure sound internal control,program coding and program processing should be separated.

Why should the tasks of systems development and maintenance be segregated from operations?

Which organizational structure is most likely to result in good documentation procedures?

Which statement is not true?

Why should new systems development activities be segregated from the program change (maintenance)function.

The most common access point for perpetrating computer fraud is at the data collection stage.

Explain why reduced security is an outsourcing risk.

Explain the role of a SAS 70 report in reviewing internal controls.

Does a qualified opinion on management's assessment of internal controls over the financial reporting system necessitate a qualified opinion on the financial statements? Explain.

are intentional mistakes while are unintentional mistakes.

Supervision in a computerized environment is more complex than in a manual environment for all of the following reasons except

Briefly explain how a SAS 70 report is used in assessing internal controls of outsourced facilities.

Which of the following is not true?

To fulfill the segregation of duties control objective,computer processing functions (like authorization of credit and billing)are separated.

Both the SEC and the PCAOB require management to use the COSO framework for assessing internal control adequacy.

An IT auditor expresses an opinion on the fairness of the financial statements.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics,fraud,and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part Ii: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

General Ledger,financial Reporting,and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct,deliver,and Maintain Systems Projects

IT Controls Part II: Security and Access

IT Controls Part III: Systems Development, program Changes, and Application Controls

Filters

Exam 15: IT Controls Part I: Sarbanes-Oxley and It Governance

Define operational fraud.

What are the components of audit risk?

What is a recovery operations center? What is its purpose?

The following are examples of commodity assets except

To ensure sound internal control,program coding and program processing should be separated.

Why should the tasks of systems development and maintenance be segregated from operations?

Which organizational structure is most likely to result in good documentation procedures?

Which statement is not true?

Why should new systems development activities be segregated from the program change (maintenance)function.

The most common access point for perpetrating computer fraud is at the data collection stage.

Explain why reduced security is an outsourcing risk.

Explain the role of a SAS 70 report in reviewing internal controls.

Does a qualified opinion on management's assessment of internal controls over the financial reporting system necessitate a qualified opinion on the financial statements? Explain.

__________________________ are intentional mistakes while __________________________ are unintentional mistakes.

Supervision in a computerized environment is more complex than in a manual environment for all of the following reasons except

Briefly explain how a SAS 70 report is used in assessing internal controls of outsourced facilities.

Which of the following is not true?

To fulfill the segregation of duties control objective,computer processing functions (like authorization of credit and billing)are separated.

Both the SEC and the PCAOB require management to use the COSO framework for assessing internal control adequacy.

An IT auditor expresses an opinion on the fairness of the financial statements.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics,fraud,and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part Ii: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

General Ledger,financial Reporting,and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct,deliver,and Maintain Systems Projects

IT Controls Part II: Security and Access

IT Controls Part III: Systems Development, program Changes, and Application Controls

Filters

are intentional mistakes while are unintentional mistakes.