Quizz The Audit Process

Read the Review and answer the Questions below 

Quick Review


1.   An IS auditor is planning an audit project and needs to know which areas represent the highest risk. What is the best approach for identifying these risk areas?

A.   Perform the audit; control failures will identify the areas of highest risk.

B.   Perform the audit and then perform a risk assessment.

C.   Perform a risk assessment first, and then concentrate control tests in high-risk areas identified in the risk assessment.

D.   Increase sampling rates in high-risk areas.

2.   An auditor has detected potential fraud while testing a control objective. What should the auditor do next?

A.   Notify the audit committee.

B.   Conduct a formal investigation.

C.   Report the fraud to law enforcement.

D.   Report the suspected fraud to management.

3.   The possibility that a process or procedure will be unable to prevent or detect serious errors and wrongdoing is known as

A.   Detection risk

B.   Inherent risk

C.   Sampling risk

D.   Control risk

4.   The categories of risk treatment are

A.   Risk reduction, risk transfer, risk avoidance, and risk acceptance

B.   Risk avoidance, risk transfer, and risk mitigation

C.   Risk avoidance, risk reduction, risk transfer, risk mitigation, and risk acceptance

D.   Risk avoidance, risk treatment, risk mitigation, and risk acceptance

5.   An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?

A.   Discovery testing

B.   Statistical testing

C.   Compliance testing

D.   Substantive testing

6.   An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. Which evidence is best and why?

A.   The change log is best because it is subjective.

B.   The written analysis is best because it interprets the change log.

C.   The change log is best because it is objective and unbiased.

D.   The written analysis is best because it is objective.

7.   Under which circumstances should an auditor use subjective sampling?

A.   When the population size is low

B.   When the auditor believes that specific transactions represent higher risk than most others

C.   When the risk of exceptions is low

D.   When statistical sampling cannot be performed

8.   An IS auditor has discovered a high-risk exception during control testing. What is the best course of action for the IS auditor to take?

A.   Immediately perform mitigation.

B.   Include the exception in the report and mark the test as a control failure.

C.   Immediately inform the auditee of the situation.

D.   Immediately inform the audit committee of the situation.

9.   What is the appropriate role of an IS auditor in a control self-assessment?

A.   The IS auditor should participate as a subject matter expert.

B.   The IS auditor should act as facilitator.

C.   The IS auditor should not be involved.

D.   The IS auditor should design the control self-assessment.

10.   Which of the following would not be useful evidence in an IS audit?

A.   Personnel handbook

B.   Organization mission statement and objectives

C.   Organization chart

D.   Organization history

11.   An auditor has discovered that automated work papers were configured with read/write permissions for database administrators. What actions should the auditor take?

A.   Simply continue to rely on the automated work papers.

B.   Note an exception and continue to rely on these automated work papers.

C.   Recommend that permissions on automated work papers be changed so that no personnel have write access and so that this data may be relied upon in the future.

D.   Notify the board of directors or the audit committee.

12.   During an audit, an auditor has discovered a process that is being performed consistently and effectively, but the process lacks procedure documentation. What action should the auditor take?

A.   Document the process.

B.   Find that the process is effective but recommend that it be documented.

C.   Write the procedure document for the auditee and include it in audit evidence.

D.   Find that the process is ineffective.

13.   During audit planning, an auditor has discovered that a key business process in the auditee organization has been outsourced to an external service provider. Which option should the auditor consider?

A.   Audit the external service provider or rely on an SSAE 16 audit report if one is available.

B.   Audit the external service provider.

C.   Determine that the business process is not effective.

D.   Request that the external service provider submit its internal audit work papers.

14.   Why should an auditor prefer bank statements over a department’s own business records that list bank transactions?

A.   Bank statements can be provided in electronic format.

B.   Bank statements contain data not found in internal records.

C.   Bank statements are usually easier to obtain.

D.   Bank statements are independent and objective.

15.   Which of the following statements is true about ISACA audit standards and guidelines?

A.   ISACA audit standards are mandatory, while ISACA audit guidelines are optional.

B.   ISACA audit standards are optional, while ISACA audit guidelines are mandatory.

C.   ISACA audit standards and guidelines are mandatory.

D.   ISACA audit standards and guidelines are optional.