Click anywhere on the flashcard to reveal the answer.
Who should approve the audit charter of an organization?
The actions of an IS auditor are primarily influenced by
The audit charter
What is the first step in risk-based audit planning?
Identifying areas of high risk
What is a major benefit of risk-based audit planning?
The utilization of resources for high-risk areas
What is the objective of encryption?
To ensure the integrity and confidentiality of transactions
What is the objective of non-repudiation?
Non-repudiation ensures that a transaction is enforceable and that the claimed sender cannot later deny generating and sending the message.
Segregation of duties is an example of which type of control?
Controls that enable a risk or deficiency to be corrected before a loss occurs are known as what?
Controls that directly mitigate a risk or lack of controls directly acting upon a risk are known as what?
What does the level of protection of information assets depend on?
The criticality of assets
What is audit risk?
Audit risk is the sum total of inherent risk, control risk, and detection risk.
What is risk the product of?
Probability and impact
Who is responsible for managing risk to an acceptable level?
What is the absence of proper security measures known as?
What is the advantage of the bottom-up approach for the development of organizational policies?
Policies are created on the basis of risk analysis.
What is the risk that exists before controls are applied known as?
Inherent risk/gross risk (after the implementation of controls, it is known as residual risk/net risk).
What is the first step of an audit project?
To develop an audit plan
What is the primary objective of performing risk assessment prior to the audit?
Allocate audit resources to areas of high risk.
Which sampling technique should be used when the probability of error must be objectively quantified?
Which sampling method is most useful when testing for compliance?
What should audit findings be supported by?
Sufficient and appropriate audit evidence
What is the most important reason to obtain sufficient audit evidence?
To provide a reasonable basis for drawing a conclusion
What is the most important advantage of using CAAT to gather audit evidence?
Computer Assisted Audit Techniques (CAAT) provides assurance about data reliability
What is the first step of conducting data analytics?
The first step is to determine the objective and scope of analytics.
Which is the most effective online audit technique when an audit trail is required?