The BEST time to perform a control self-assessment involving
line management, line staff and the audit department is at
the time of:
A. compliance testing.
B. the preliminary survey.
C. substantive testing.
D. the preparation of the audit report.
Answer / guest
Answer: B
Control self-assessment is a process in which the auditor
can get the auditees together, understand the business
process, define the controls and generate an assessment of
how well the controls are working. This is accomplished
ideally during the preliminary data gathering phase. Choices
A, C, D are audit steps that are performed after a control
self-assessment has been completed.
Is This Answer Correct ? | 4 Yes | 0 No |
Data edits are an example of: A. preventive controls. B. detective controls. C. corrective controls. D. compensating controls.
Which of the following has the LEAST effect on controlling physical access? A. Access to the work area is restricted through a swipe card. B. All physical assets have an identification tag and are properly recorded. C. Access to the premises is restricted and all visitors authorized for entry. D. Visitors are issued a pass and escorted in and out by a concerned employee.
An organization has an integrated development environment (IDE), where the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an integrated development environment? A. Controls the proliferation of multiple versions of programs B. Expands the programming resources and aids available C. Increases program and processing integrity D. Prevents valid changes from being overwritten by other changes
Peer reviews to detect software errors during a program development activity are called: A. emulation techniques. B. structured walk-throughs. C. modular program techniques. D. top-down program construction.
The general ledger setup function in an enterprise resource package (ERP) allows for setting accounting periods. Access to this function has been permitted to users in finance, the warehouse and order entry. The MOST likely reason for such broad access is the: A. need to change accounting periods on a regular basis.. B. requirement to post entries for a closed accounting period. C. lack of policies and procedures for the proper segregation of duties. D. need to create/modify the chart of accounts and its allocations.
Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called: A. feedback error control. B. block sum check. C. forward error control. D. cyclic redundancy check.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
Which of the following tasks is performed by the same person in a well-controlled information processing facility/computer center? A. Security administration and management B. Computer operations and system development C. System development and change management D. System development and systems maintenance
Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it: A. has been approved by line management. B. does not vary from the IS department's preliminary budget. C. complies with procurement procedures. D. supports the business objectives of the organization.
Which of the following types of firewalls provide the GREATEST degree and granularity of control? A. Screening router B. Packet filter C. Application gateway D. Circuit gateway