True or false?
Proper segregation of duties prohibits a system analyst from performing quality-assurance
functions. True or false?
Who is accountable for maintaining appropriate security…
Who is accountable for maintaining appropriate security measures over information assets?
What type of approach to the development of organizatio…
What type of approach to the development of organizational policies is often driven by risk
assessment?
A primary benefit derived from an organization employin…
A primary benefit derived from an organization employing control self-assessment (CSA)
techniques is that it can:
What type of risk results when an IS auditor uses an in…
What type of risk results when an IS auditor uses an inadequate test procedure and concludes that
material errors do not exist when errors actually exist?
The use of statistical sampling procedures helps minimize:
The use of statistical sampling procedures helps minimize:
After an IS auditor has identified threats and potentia…
After an IS auditor has identified threats and potential impacts, the auditor should:
How does the process of systems auditing benefit from u…
How does the process of systems auditing benefit from using a risk-based approach to audit
planning?
What is the PRIMARY purpose of audit trails?
What is the PRIMARY purpose of audit trails?
how valuable are prior audit reports as evidence?
As compared to understanding an organization’s IT process from evidence directly collected, how
valuable are prior audit reports as evidence?