Which of the following types of risks assumes an absence of
compensating controls in the area being reviewed?
A. Control risk
B. Detection risk
C. Inherent risk
D. Sampling risk
- 1 Answers
- 12690 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The risk that an error exists that could be material or
significant when combined with other errors encountered
during the audit, there being no related compensating
controls, is the inherent risk. Control risk is the risk
that a material error exists that will not be prevented or
detected on a timely basis by the system of internal
controls. Detection risk is the risk when an IS auditor uses
an inadequate test procedure and concludes that material
errors do not exist, when they do. Sampling risk is the risk
that incorrect assumptions are made about the
characteristics of a population from which a sample is taken.
| Is This Answer Correct ? | 17 Yes | 1 No |
Which of the following is the MOST critical for the successful implementation and maintenance of a security policy? A. Assimilation of the framework and intent of a written security policy by all appropriate parties B. Management support and approval for the implementation and maintenance of a security policy C. Enforcement of security rules by providing punitive actions for any violation of security rules D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
The information that requires special precaution to ensure integrity is termed? A. Public data B. Private data C. Personal data D. Sensitive data
In an audit of a business continuity plan, which of the following findings is of MOST concern? A. There is no insurance for the addition of assets during the year. B. BCP manual is not updated on a regular basis. C. Testing of the backup of data has not been done regularly. D. Records for maintenance of access system have not been maintained.
When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that: A. a clear business case has been approved by management. B. corporate security standards will be met. C. users will be involved in the implementation plan. D. the new system will meet all required user functionality.
Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks? A. Gateway B. Protocol converter C. Front-end communication processor D. Concentrator/multiplexor
Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should: A. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings. B. not include the finding in the final report because the audit report should include only unresolved findings. C. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit. D. include the finding in the closing meeting for discussion purposes only.
Which of the following BEST describes an integrated test facility? A. A technique that enables the IS auditor to test a computer application for the purpose of verifying correct processing B. The utilization of hardware and/or software to review and test the functioning of a computer system C. A method of using special programming options to permit printout of the path through a computer program taken to process a specific transaction D. A procedure for tagging and extending transactions and master records that are used by an IS auditor for tests
Capacity monitoring software is used to ensure: A. maximum use of available capacity. B. that future acquisitions meet user needs. C. concurrent use by a large number of users. D. continuity of efficient operations.
Which of the following is critical to the selection and acquisition of the correct operating system software? A. Competitive bids B. User department approval C. Hardware-configuration analysis D. Purchasing department approval
Which of the following group/individuals should assume overall direction and responsibility for costs and timetables of system development projects? A. User management B. Project steering committee C. Senior management D. Systems development management
Functionality is a characteristic associated with evaluating the quality of software products throughout their lifecycle, and is BEST described as the set of attributes that bear on the: A. existence of a set of functions and their specified properties. B. ability of the software to be transferred from one environment to another. C. capability of software to maintain its level of performance under stated conditions. D. relationship between the performance of the software and the amount of resources used.
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:
Cisco Certifications 
