The role of IT auditor in complying with the Management
Assessment of Internal Controls (Section 404 of the
Sarbanes-Oxley Act) is:
A. planning internal controls
B. documenting internal controls
C. designing internal controls
D. implementing internal controls
- 1 Answers
- 4514 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Choice (B) is the correct answer. The role of the IT auditor
is to document, understand, and test the internal controls
in computer systems. Planning, designing, and implementing
internal controls is part of operating management's
responsibility. This responsibility does not change whether
complying with Sarbanes-Oxley Act or not. Compliance efforts
are ongoing and include documenting internal controls on a
quarterly basis. Organizations need to identify and document
all electronic and manual processes related to the financial
reporting process.
| Is This Answer Correct ? | 7 Yes | 0 No |
hello all i want to do cisa certification but dont have knowledge of auditing. i m fresher and ccna certified. so, please advice me how should i prepare .and having cisa certification is it easy to get a job. please reply as soon as possible.
Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source
Information for detecting unauthorized input from a terminal would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same? A. A substantive test of program library controls B. A compliance test of program library controls C. A compliance test of the program compiler controls D. A substantive test of the program compiler controls
Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program? A. A system downtime log B. Vendors' reliability figures C. Regularly scheduled maintenance log D. A written preventive maintenance schedule
To identify the value of inventory that has been kept for more than eight weeks, an IS auditor would MOST likely use: A. test data. B. statistical sampling. C. an integrated test facility. D. generalized audit software.
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by: A. establishing outbound traffic filtering. B. enabling broadcast blocking. C. limiting allowable services. D. network performance monitoring.
The MOST appropriate person to chair the steering committee for a system development project with significant impact on a business area would be the: A. business analyst. B. chief information officer. C. project manager. D. executive level manager.
An IS auditor reviewing back-up procedures for software need only determine that: A. object code libraries are backed up. B. source code libraries are backed up. C. both object and source codes libraries are backed up. D. program patches are maintained at the originating site.
Which of the following is a detective control? A. Physical access controls B. Segregation of duties C. Backup procedures D. Audit trails
Which of the following is the MOST important objective of data protection? A. Identifying persons who need access to information B. Ensuring the integrity of information C. Denying or authorizing access to the IS system D. Monitoring logical accesses
Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway
Cisco Certifications 
