Interested to Buy Any Domain ? << Click Here >> for more details...
In a risk-based audit approach, an IS auditor, in addition
to risk, would be influenced by:
A. the availability of CAATs.
B. management's representation.
C. organizational structure and job responsibilities.
D. the existence of internal and operational controls
- 2 Answers
- 10769 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
The existence of internal and operational controls will have
a bearing on the IS auditor's approach to the audit. In a
risk-based approach the IS auditor is not just relying on
risk, but also on internal and operational controls as well
as knowledge of the company and the business. This type of
risk assessment decision can help relate the cost-benefit
analysis of the control to the known risk, allowing
practical choices. The nature of available testing
techniques and management's representations, have little
impact on the risk-based audit approach. Although
organizational structure and job responsibilities need to be
considered, they are not directly considered unless they
impact internal and operational controls.
| Is This Answer Correct ? | 9 Yes | 0 No |
Answer / antoine
D. the existence of internal and operational controls
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following provides the GREATEST assurance of message authenticity? A. The pre-hash code is derived mathematically from the message being sent. B. The pre-hash code is encrypted using the sender's private key. C. Encryption of the pre-hash code and the message using the secret key. D. Sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority.
The interface that allows access to lower or higher level network services is called: A. firmware. B. middleware. C. X.25 interface. D. utilities.
Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it: A. has been approved by line management. B. does not vary from the IS department's preliminary budget. C. complies with procurement procedures. D. supports the business objectives of the organization.
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when: A. a firewall exists. B. a secure web connection is used. C. the source of the executable is certain. D. the host website is part of your organization.
The quality assurance group is typically responsible for: A. ensuring that the output received from system processing is complete. B. monitoring the execution of computer processing tasks. C. ensuring that programs and program changes and documentation adhere to established standards. D. designing procedures to protect data against accidental disclosure, modification or destruction.
Failure to adequately define or manage the requirements for a system can result in a number of risks. The GREATEST risk is: A. inadequate user involvement. B. inadequate allocation of resources. C. scope creep. D. an incorrect estimation of the critical path.
Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)? A. Offsite storage of backup data B. Up-to-date list of key disaster recovery contacts C. Availability of a replacement data center D. Clearly defined recovery time objective (RTO)
Which of the following types of risks assumes an absence of compensating controls in the area being reviewed? A. Control risk B. Detection risk C. Inherent risk D. Sampling risk
Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
Which of the following types of transmission media provide the BEST security against unauthorized access? A. Copper wire B. Twisted pair C. Fiber-optic cables D. Coaxial cables
The device that connects two networks at the highest level of the ISO-OSI framework ( i.e., application layer) is a A. Gateway B. Router C. Bridge D. Brouter
When reviewing a service level agreement for an outsourced computer center an IS auditor should FIRST determine that: A. the cost proposed for the services is reasonable. B. security mechanisms are specified in the agreement. C. the services in the agreement are based on an analysis of business needs. D. audit access to the computer center is allowed under the agreement.
Cisco Certifications 
