Answer / guest

Answer: A

According to a recent ISACA benchmarking survey most
internal audit departments report directly to an audit
committee. However, many organizations also choose to have
the internal audit department either jointly or solely
report to the chief financial officer (CFO). In this same
survey, the IS audit function almost exclusively reports
directly to the director of internal audit. The IS auditor
who reports to the head of an operational department would
have the appearance of a compromised independence.
Generally, an IS auditor should report one level above the
reporting level of the auditee. Reporting to the CFO may not
have an impact on the content of audit findings, which
should normally be business-oriented and relevant as an
auditor is expected to understand the business being
audited. Taking effective action on an audit's
recommendations should be the responsibility of senior
management and will not be enhanced by the fact that the
audit department reports to the CFO. Follow-up of the
implementation of audit recommendations is conducted by the
auditor and/or by the administration department and would
not be enhanced by reporting to the CFO.

Answer / guest

D. result in more effective action being taken on the
recommendations.

An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include: A. defining the conceptual schema. B. defining security and integrity checks. C. liaising with users in developing data model. D. mapping data model with the internal schema.

1 Answers  

---

An IS auditor is assigned to perform a post implementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: A. implemented a specific control during the development of the application system. B. designed an embedded audit module exclusively for auditing the application system. C. participated as a member of the application system project team, but did not have operational responsibilities. D.provided consulting advice concerning application system best practices.

2 Answers  

---

An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.

1 Answers  

---

When assessing the portability of a database application, the IS auditor should verify that: A. a structured query language (SQL) is used. B. information import and export procedures with other systems exist. C. indexes are used. D. all entities have a significant name and identified primary and foreign keys.

1 Answers  

---

Which of the following is MOST effective in controlling application maintenance? A. Informing users of the status of changes B. Establishing priorities on program changes C. Obtaining user approval of program changes D. Requiring documented user specifications for changes

1 Answers  

---

---

The reason for having controls in an IS environment: A. remains unchanged from a manual environment, but the implemented control features may be different. B. changes from a manual environment, therefore the implemented control features may be different. C. changes from a manual environment, but the implemented control features will be the same. D. remains unchanged from a manual environment and the implemented control features will also be the same.

2 Answers  

---

Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source

2 Answers  

---

E-cash is a form of electronic money that: A. can be used over any computer network. B. utilizes reusable e-cash coins to make payments. C. does not require the use of an Internet digital bank. D. contains unique serial numbering to track the identity of the buyer.

1 Answers  

---

What type of transmission requires modems? A. Encrypted B. Digital C. Analog D. Modulated

1 Answers  

---

A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.

2 Answers  

---

When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.

1 Answers  

---

A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and: A. dials back to the user machine based on the user id and password using a telephone number from its database. B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection. C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database. D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database.

1 Answers  

---