The breadth and depth of knowledge required to audit it and


1. One reason why IT auditing evolved from traditional auditing was that

a. Auditors realized that computers had impacted their ability to perform the attestation function
b. Computers and information processing were not a key resource
c. Professional associations such as AICPA and ISACA did not recognize the need
d. Government did not recognize the need

2. IT auditing may involve

a. Organizational IT audits
b. Application IT audits
c. Development/implementation IT audits
d. All of the above

3. The breadth and depth of knowledge required to audit IT and systems are extensive and may include

a. Application of risk-oriented audit approaches
b. Reporting to management and performing follow-up review to insure action taken
c. Assessment of security and privacy issues that can put the organization at risk
d. All of the above

4. COBIT stands for

a. A computer language
b. A federal agency
c. Control Objective for Information and Related Technology
d. None of the above

5. ISACA stands for

a. Information Systems Security Association
b. Institute of Internal Auditors
c. Information Systems Audit and Control Association
d. International Association for Computer Educators

6. ISO is

a. A government organization
b. A private company
c. The International Organization for Standardization
d. None of the above

7. The federal government plan for improving security on the Internet is called

a. FIP 102 Computer Security and Accreditation
b. National Strategy for Securing Cyberspace
c. Computer Abuse Act of 1984
d. Privacy Act of 1974

8. The Sarbanes-Oxley Act of 2002

a. Does not affect the attestation function
b. Applies only to the Big Four accounting firms
c. Requires auditor rotation
d. Does not apply to small accounting/audit firms

9. Which is the most recent federal law that addresses computer security or privacy

a. Computer Fraud and Abuse Act
b. Computer Security Act
c. Homeland Security Act
d. Electronic Communications Privacy Act

10. Which act has a provision where punishment can be up to life in prison if electronic hackers are found guilty of causing death to others through their actions?

a. Computer Fraud and Abuse Act
b. Freedom of information Act
c. Communications Decency Act
d. Homeland Security Act

11. According to a recent CSI and FBI study

a. 90 percent of respondents have detected computer security breaches within the last 12 months
b. 74 percent cited their Internet connection as the frequent point of attack
c. 80 percent acknowledged financial losses due to computer security breaches
d. All of the above

12. Cyberlaw is

a. State law
b. Federal law
c. Law governing use of the computer and the Internet
d. International law

13. Software Piracy costs the computer industry more than

a. $1 billion per year
b. $4 billion per year
c. $9 billion per year
d. More than $10 billion dollars per year

14. The CFAA covers

a. Fraudulent trespass
b. Intentional destructive trespass
c. Reckless destructive trespass
d. All of the above

15. The Sarbanes-Oxley Act requires that the board of an organization must

a. Register public accounting firms
b. Establish or adopt, by rule, auditing, quality control, ethics, independence, and other standards related to preparation of the audit
reports for issuers
c. Conduct inspections of accounting firms
d. All of the above

16. The Cyber Security Enhancement Act as incorporated into the Homeland Security Act of 2002

a. Demands life sentences for those hackers who recklessly endanger lives
b. Does not require ISPs to hand over records
c. Does not outlaw publications such as details of PGP
d. None of the above

17. Key areas to look at in IT contracts are

a. Vendor contract terms that limit vendor liability
b. Contract objectives and performance measurements to ensure objectives have been met
c. Review and inclusion in future contracts specific clauses for protecting customer interests
d. All of the above

18. A federal agency that protects consumers and has increased its monitoring and review of the Internet for consumer fraud and identity theft is the

a. NSA
b. CIA
c. FTC
d. None of the above

19. The National Strategy for Securing Cyberspace

a. Applies only to defense area
b. Applies only to medical records
c. Provides a framework for protecting the nation's infrastructures that is essential to the economy, security, and the way of life
d. None of the above

20. This Act is the first-ever federal privacy standard to protect patient's medical records

a. Encrypted Communications Privacy Act of 1996
b. Privacy Act of 1974
c. HIPAA of 1996
d. All of the above

21. Which of the following is not one of the 10 top reasons for the start up of IT audit:

a. Auditing around the computer was becoming unsatisfactory for the purposes of database reliance
b. Accessibility of personal computers for office and home use
c. Very little advancement in technology
d. The growth of corporate hackers

22. Professional associations that have Standards of Practice:

a. IIA
b. ISACA
c. AICPA
d. All the above

23. A federal agency that develops and issues government auditing standards is

a. GSA
b. GAO
c. Federal Bureau of Investigation (FBI)
d. Federal Trade Commission (FTC)

24. A special condition where an auditor must be free of any bias or influence, and have

a. IT skills
b. Good writing skills
c. Professional development
d. Independence

25. Which federal law was developed and passed by the U.S. lawmakers in reaction to the recent financial frauds such as Enron:

a. FCPA
b. SEC Act
c. Sarbanes-Oxley Act
d. Computer Fraud and Abuse Act

26. In the authors' opinion, an auditor must have

a. High ethical standards
b. Limited training
c. Poor communication skills
d. Poor time management skills

27. GAAS was developed and issued by

a. NIST
b. AICPA
c. FTC
d. NSA

28. Certifications that may be helpful to an IT auditor:

a. CIA
b. CFE
c. CISSP
d. All of the above

29. An auditor who works for IBM directly and is on its audit staff is considered to be

a. An external auditor
b. An internal auditor
c. A consultant
d. None of the above

30. Computer forensic specialists are experts who

a. Investigate under extreme secrecy so that other individuals do not know exactly what they are doing or what information they have gathered
b. May testify in court where an independent opinion is needed on complex technical issues
c. Have an extensive background working with computers and dealing with technical issues, and are, of course, familiar with gathered information and the methods used to acquire that information
d. All of the above

31. Which audit area involves definition of audit scope, initial contacts and communication with auditees, and audit team selection?

a. Fact gathering
b. Audit tests
c. Audit preparation
d. Audit objectives

32. Which audit area involves a formal plan for reviewing and testing each significant audit subject area disclosed during fact gathering?

a. Audit objectives
b. Audit program
c. Audit tests
d. Use of audit tools

33. W hich IT audit a rea involves formal statements that describe a course of action that should be implemented to restore or provide accuracy, efficiency, or adequate control of audit subject?

a. Audit tests
b. Findings of the audit reports
c. Recommendations of an audit report
d. Conclusion of an audit report

34. At the minimum, an audit plan should include all but

a. Definition of scope
b. Objectives stated
c. An orderly, structured approach
d. A lack of flexibility in approach

35. The activities of a preliminary review may include

a. General data gathering
b. Identifying financial application areas
c. Preparing the audit plan
d. All of the above

36. The first step in conducting fieldwork and implementing audit methodology is

a. Design audit procedures
b. Define audit objectives
c. Evaluate results
d. Build a detailed understanding of area being audited

37. The purpose of follow up is to

a. Determine if the audit recommendations have been implemented
b. Determine the progress made in implementing the audit recommendations
c. Assess any potential savings/value added as a result of the recommendations
d. All of the above

38. The advantage of tying the audit universe to organization objectives is that it

a. Links the entire audit process to business objectives
b. Improves management's understanding of the audit process
c. Develops the communication plan for the audit
d. None of the above

39. Audit risk assessment is an important step in the audit process because

a. It leverages the abilities of audit staff and by minimizing redundant activity
b. It provides a framework for communicating the audit results
c. It provides a framework for allocating audit resources to achieve maximum benefit
d. None of the above

40. Auditing is a cyclical process because

a. Performing audit tests is an iterative process
b. Audit results are used in subsequent risk assessments
c. The audit universe is aligned to the business cycle
d. All of the above

41. Audit productivity tools can be used in

a. Planning and tracking
b. Documentation and presentations
c. Communications and data transfer
d. All of the above

42. Generalized audit software can

a. Validate calculations
b. Select specific records for examination
c. Analyze and compare files
d. All of the above

43. The task of examining a spreadsheet for reasonableness checks and comparison with known outputs is

a. Documentation
b. Extent of training
c. Verification of logic
d. Support commitment

44. Which is not a database integrity control?

a. Value constraints
b. Biometrics
c. Backup and recovery protection
d. Referential integrity

45. A testing approach used to validate processing by setting up a fictitious company or branch in an application for testing transaction processing is called

a. Snapshot
b. SARF
c. Integrated test facility
d. Transaction tagging

46. A technique used to follow a selected transaction through the entire application to verify the integrity, validity, and reliability is called

a. Snapshot
b. Transaction tagging
c. SCARF
d. Test data

47. Which of the following are categories of computer audit functions?

a. Items of audit interest
b. Data analysis
c. Systems validation
d. All of the above

48. The histogram analysis technique allows the auditor to

a. Apply judgment in identifying and selecting appropriate testing techniques
b. Validate transmission of data
c. Prepare the audit plan
d. All of the above

49. Which automated technique can apply a sampling methodology to the collection of transactions or records?

a. Test data
b. Snapshot
c. SARF
d. None of the above

50. Computer forensic tools are increasingly used to

a. Support law enforcement
b. Support computer security investigations
c. Support computer audit investigations
d. All of the above

Request for Solution File

Ask an Expert for Answer!!
Accounting Basics: The breadth and depth of knowledge required to audit it and
Reference No:- TGS01030414

Expected delivery within 24 Hours