Question 1

What is a disaster recovery plan? What are the key features?

Accepted Answer

A disaster recovery plan is a comprehens

Question 2

Segregation of duties in the computer-based information system includes

Accepted Answer

A)  separating the programmer from the computer operator 
B)  preventing management override 
C)  separating the inventory process from the billing process 
D)  performing independent verifications by the computer operator 
A)  separating the programmer from the computer operator 
B)  preventing management override 
C)  separating the inventory process from the billing process 
D)  performing independent verifications by the computer operator

Question 3

The least important item to store off-site in case of an emergency is

Accepted Answer

A)  backups of systems software 
B)  backups of application software 
C)  documentation and blank forms 
D)  results of the latest test of the disaster recovery program 
A)  backups of systems software 
B)  backups of application software 
C)  documentation and blank forms 
D)  results of the latest test of the disaster recovery program

Question 4

What is an auditor looking for when testing computer center controls?

Accepted Answer

When testing computer center controls, t

Question 5

To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.

Accepted Answer

A) True 
 B)False

Question 6

Section 404 requires management to make a statement identifying the control framework used to conduct their assessment of internal controls. Discuss the options in selecting a control framework.

Accepted Answer

The SEC has made specific reference as t

Question 7

Operations fraud includes

Accepted Answer

A)  altering program logic to cause the application to process data incorrectly 
B)  misusing the firm's computer resources 
C)  destroying or corrupting a program's logic using a computer virus 
D)  creating illegal programs that can access data files to alter, delete, or insert values 
A)  altering program logic to cause the application to process data incorrectly 
B)  misusing the firm's computer resources 
C)  destroying or corrupting a program's logic using a computer virus 
D)  creating illegal programs that can access data files to alter, delete, or insert values

Question 8

Statements on Auditing Standards recommendations must be followed by every member of the profession unless it can be shown why a standard does not apply in a given situation.

Accepted Answer

A) True 
 B)False

Question 9

A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.

Accepted Answer

A) True 
 B)False

Question 10

Which of the following is true?

Accepted Answer

A)  Core competency theory argues that an organization should outsource specific core assets. 
B)  Core competency theory argues that an organization should focus exclusively on its core business competencies 
C)  Core competency theory argues that an organization should not outsource specific commodity assets. 
D)  Core competency theory argues that an organization should retain certain specific non-core assets in-house. 
A)  Core competency theory argues that an organization should outsource specific core assets. 
B)  Core competency theory argues that an organization should focus exclusively on its core business competencies 
C)  Core competency theory argues that an organization should not outsource specific commodity assets. 
D)  Core competency theory argues that an organization should retain certain specific non-core assets in-house.

Question 11

Briefly outline transaction cost economics as it relates to IT outsourcing.

Accepted Answer

Transaction cost economics theory is in

Question 12

The major disadvantage of an empty shell solution as a second site backup is

Accepted Answer

A)  the host site may be unwilling to disrupt its processing needs to process the critical applications of the disaster stricken company 
B)  intense competition for shell resources during a widespread disaster 
C)  maintenance of excess hardware capacity 
D)  the control of the shell site is an administrative drain on the company 
A)  the host site may be unwilling to disrupt its processing needs to process the critical applications of the disaster stricken company 
B)  intense competition for shell resources during a widespread disaster 
C)  maintenance of excess hardware capacity 
D)  the control of the shell site is an administrative drain on the company

Question 13

Why should the tasks of systems development and maintenance be segregated from operations?

Accepted Answer

The segregation of systems development (

Question 14

Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal control adequacy.

Accepted Answer

A) True 
 B)False

Question 15

Which concept is not an integral part of an audit?

Accepted Answer

A)  evaluating internal controls 
B)  preparing financial statements 
C)  expressing an opinion 
D)  analyzing financial data 
A)  evaluating internal controls 
B)  preparing financial statements 
C)  expressing an opinion 
D)  analyzing financial data

Question 16

Why is inadequate documentation a chronic problem?

Accepted Answer

Poor-quality systems documentation is a

Question 17

Which of the following is true?

Accepted Answer

A)  In the CBIS environment, auditors gather evidence relating only to the contents of databases, not the reliability of the computer system. 
B)  Conducting an audit is a systematic and logical process that applies to all forms of information systems. 
C)  Substantive tests establish whether internal controls are functioning properly. 
D)  IT auditors prepare the audit report if the system is computerized. 
A)  In the CBIS environment, auditors gather evidence relating only to the contents of databases, not the reliability of the computer system. 
B)  Conducting an audit is a systematic and logical process that applies to all forms of information systems. 
C)  Substantive tests establish whether internal controls are functioning properly. 
D)  IT auditors prepare the audit report if the system is computerized.

Question 18

Changing the Hours Worked field in an otherwise legitimate payroll transaction to increase the amount of the paycheck is an example of data collection fraud.

Accepted Answer

A) True 
 B)False

Question 19

Define database management fraud.

Accepted Answer

Database management fraud incl

Question 20

COSO identifies two broad groupings of information system controls. What are they?

Accepted Answer

general; a

What is a disaster recovery plan? What are the key features?

Segregation of duties in the computer-based information system includes

The least important item to store off-site in case of an emergency is

What is an auditor looking for when testing computer center controls?

To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.

Section 404 requires management to make a statement identifying the control framework used to conduct their assessment of internal controls. Discuss the options in selecting a control framework.

Operations fraud includes

Statements on Auditing Standards recommendations must be followed by every member of the profession unless it can be shown why a standard does not apply in a given situation.

A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.

Which of the following is true?

Briefly outline transaction cost economics as it relates to IT outsourcing.

The major disadvantage of an empty shell solution as a second site backup is

Why should the tasks of systems development and maintenance be segregated from operations?

Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal control adequacy.

Which concept is not an integral part of an audit?

Why is inadequate documentation a chronic problem?

Which of the following is true?

Changing the Hours Worked field in an otherwise legitimate payroll transaction to increase the amount of the paycheck is an example of data collection fraud.

Define database management fraud.

COSO identifies two broad groupings of information system controls. What are they?

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part II: Security and Access

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters

Exam 15: IT Controls Part I: Sarbanes-Oxley and It Governance

What is a disaster recovery plan? What are the key features?

Segregation of duties in the computer-based information system includes

The least important item to store off-site in case of an emergency is

What is an auditor looking for when testing computer center controls?

To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.

Section 404 requires management to make a statement identifying the control framework used to conduct their assessment of internal controls. Discuss the options in selecting a control framework.

Operations fraud includes

Statements on Auditing Standards recommendations must be followed by every member of the profession unless it can be shown why a standard does not apply in a given situation.

A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.

Which of the following is true?

Briefly outline transaction cost economics as it relates to IT outsourcing.

The major disadvantage of an empty shell solution as a second site backup is

Why should the tasks of systems development and maintenance be segregated from operations?

Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal control adequacy.

Which concept is not an integral part of an audit?

Why is inadequate documentation a chronic problem?

Which of the following is true?

Changing the Hours Worked field in an otherwise legitimate payroll transaction to increase the amount of the paycheck is an example of data collection fraud.

Define database management fraud.

COSO identifies two broad groupings of information system controls. What are they?

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part II: Security and Access

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters