Interested to Buy Any Domain ? << Click Here >> for more details...
The use of statistical sampling procedures helps minimize:
A. sampling risk.
B. detection risk.
C. inherent risk.
D. control risk.
- 1 Answers
- 11717 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Detection risk is the risk that the IS auditor uses an
inadequate test procedure and concludes that material errors
do not exist, when in fact they do. Using statistical
sampling, an IS auditor can quantify how closely the sample
should represent the population and quantify the probability
of error. Sampling risk is the risk that incorrect
assumptions will be made about the characteristics of a
population from which a sample is selected. Assuming there
are no related compensating controls, inherent risk is the
risk that an error exists, which could be material or
significant when combined with other errors found during the
audit. Statistical sampling will not minimize this. Control
risk is the risk that a material error exists, which will
not be prevented or detected on a timely basis by the system
of internal controls. This cannot be minimized using
statistical sampling.
| Is This Answer Correct ? | 13 Yes | 2 No |
Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site
During an audit of the tape management system at a data center, an IS auditor discovered that parameters are set to bypass or ignore the labels written on tape header records. The IS auditor also determined that effective staging and job setup procedures were in place. In this situation, the IS auditor should conclude that the: A. tape headers should be manually logged and checked by the operators. B. staging and job setup procedures are not appropriate compensating controls. C. staging and job setup procedures compensate for the tape label control weakness. D. tape management system parameters must be set to check all labels.
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A. Acceptance testing is to be managed by users. B. A quality plan is not part of the contracted deliverables. C. Not all business functions will be available on initial implementation. D. Prototyping is being used to confirm that the system meets business requirements.
Which of the following is a benefit of using callback devices? A. Provide an audit trail B. Can be used in a switchboard environment C. Permit unlimited user mobility D. Allow call forwarding
During a review of the controls over the process of defining IT service levels, an IS auditor would MOST likely interview the: A. systems programmer. B. legal staff. C. business unit manager. D. application programmer.
When planning an audit of a network set up, the IS auditor should give highest priority to obtaining which of the following network documentation? A. Wiring and schematic diagram B. Users list and responsibilities C. Applications list and their details D. Backup and recovery procedures
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? A. Review software migration records and verify approvals. B. Identify changes that have occurred and verify approvals. C. Review change control documentation and verify approvals. D. Ensure that only appropriate staff can migrate changes into production.
A programmer managed to gain access to the production library, modified a program that was then used to update a sensitive table in the payroll database and restored the original program. Which of the following methods would MOST effectively detect this type of unauthorized changes? A. Source code comparison B. Executable code comparison C. Integrated test facilities (ITF) D. Review of transaction log files
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
Which of the following is a role of an IS steering committee? A. Initiate computer applications. B. Ensure efficient use of data processing resources. C. Prepare and monitor system implementation plans. D. Review the performance of the systems department.
Neural networks are effective in detecting fraud because they can: A. discover new trends since they are inherently linear. B. solve problems where large and general sets of training data are not obtainable. C. attack problems that require consideration of a large number of input variables. D. make assumptions about the shape of any curve relating variables to the output.
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.
Cisco Certifications 
