Interested to Buy Any Domain ? << Click Here >> for more details...
The use of statistical sampling procedures helps minimize:
A. sampling risk.
B. detection risk.
C. inherent risk.
D. control risk.
- 1 Answers
- 11722 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Detection risk is the risk that the IS auditor uses an
inadequate test procedure and concludes that material errors
do not exist, when in fact they do. Using statistical
sampling, an IS auditor can quantify how closely the sample
should represent the population and quantify the probability
of error. Sampling risk is the risk that incorrect
assumptions will be made about the characteristics of a
population from which a sample is selected. Assuming there
are no related compensating controls, inherent risk is the
risk that an error exists, which could be material or
significant when combined with other errors found during the
audit. Statistical sampling will not minimize this. Control
risk is the risk that a material error exists, which will
not be prevented or detected on a timely basis by the system
of internal controls. This cannot be minimized using
statistical sampling.
| Is This Answer Correct ? | 13 Yes | 2 No |
Which of the following is a form of an Internet attack? A. Searching for software design errors B. Guessing user passwords based on their personal information C. Breaking the deadman's door to gain entry D. Planting a trojan horse
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Which of the following group/individuals should assume overall direction and responsibility for costs and timetables of system development projects? A. User management B. Project steering committee C. Senior management D. Systems development management
Which of the following reports should an IS auditor use to check compliance with a service level agreement (SLA) requirement for uptime? A. Utilization reports B. Hardware error reports C. System logs D. Availability reports
Which of the following is a substantive audit test? A. Verifying that a management check has been performed regularly B. Observing that user IDs and passwords are required to sign on the computer C. Reviewing reports listing short shipments of goods received D. Reviewing an aged trial balance of accounts receivable
What data should be used for regression testing? A. Different data than used in the previous test B. The most current production data C. The data used in previous tests D. Data produced by a test data generator
The information that requires special precaution to ensure integrity is termed? A. Public data B. Private data C. Personal data D. Sensitive data
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: A. users may prefer to use contrived data for testing. B. unauthorized access to sensitive data may result. C. error handling and credibility checks may not be fully proven. D. full functionality of the new process is not necessarily tested.
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
What type of transmission requires modems? A. Encrypted B. Digital C. Analog D. Modulated
Cisco Certifications 
