IS auditors are MOST likely to perform compliance tests of
internal controls if, after their initial evaluation of the
controls, they conclude that:
A. a substantive test would be too costly.
B. the control environment is poor.
C. inherent risk is low.
D. control risks are within the acceptable limits.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
IS auditors perform tests of controls (compliance testing)
to assess whether control risks are within acceptable
limits. The results of the compliance testing would
influence the IS auditor's decisions as to the extent of
tests of balance (substantive testing). If compliance
testing confirms that the control risks are within an
acceptable level, then the extent of substantive testing
would be reduced. During the testing phase of an audit, an
IS auditor does not know whether the controls identified
operate effectively. Tests of controls, therefore, evaluate
whether specific, material controls are, in fact reliable.
Performing test of controls may conclude that the control
environment is poor, but it is not the objective of
compliance testing. Inherent risks cannot be determined by
performing a test of controls.
Is This Answer Correct ? | 6 Yes | 3 No |
Answer / guest
D. control risks are within the acceptable limits.
Is This Answer Correct ? | 3 Yes | 1 No |
Neural networks are effective in detecting fraud because they can: A. discover new trends since they are inherently linear. B. solve problems where large and general sets of training data are not obtainable. C. attack problems that require consideration of a large number of input variables. D. make assumptions about the shape of any curve relating variables to the output.
Which of the following tasks is normally performed by a clerk in the control group? A. Maintenance of an error log B. Authorization of transactions C. Control of noninformation systems assets D. Origination of changes to master files
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
Which of the following is a concern when data is transmitted through secure socket layer (SSL) encryption implemented on a trading partner's server? A. Organization does not have control over encryption. B. Messages are subjected to wire tapping. C. Data might not reach the intended recipient. D. The communication may not be secure.
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.
Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious? A. Sensitive data can be read by operators. B. Data can be amended without authorization. C. Unauthorized report copies can be printed. D. Output can be lost in the event of system failure.
The corporate office of a company having branches worldwide, developed a control self-assessment program (CSA) for all its offices. Which of the following is the MOST important requirement for a successful CSA? A. Skills of the workshop facilitator B. Simplicity of the questionnaire C. Support from the audit department D. Involvement of line managers
In a data warehouse, data quality is achieved by: A. cleansing. B. restructuring. C. source data credibility. D. transformation.
IS auditors, in performing detailed network assessments and access control reviews should FIRST: A. determine the points of entry. B. evaluate users access authorization. C. assess users identification and authorization. D. evaluate the domain-controlling server configuration.
Following a reorganization of a company's legacy database, it was discovered that records were accidentally deleted. Which of the following controls would have MOST effectively detected this occurrence? A. Range check B. Table lookups C. Run-to-run totals D. One-for-one checking
Which of the following is a threat? A. Lack of security B. Loss of goodwill C. Power outage D. Information services