After an IS auditor has identified threats and potentia…
After an IS auditor has identified threats and potential impacts, the auditor should:
How does the process of systems auditing benefit from u…
How does the process of systems auditing benefit from using a risk-based approach to audit
planning?
What is the PRIMARY purpose of audit trails?
What is the PRIMARY purpose of audit trails?
how valuable are prior audit reports as evidence?
As compared to understanding an organization’s IT process from evidence directly collected, how
valuable are prior audit reports as evidence?
True or false?
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial
evaluation of the controls, they conclude that control risks are within the acceptable limits. True or
false?
What is the primary objective of a control self-assessm…
What is the primary objective of a control self-assessment (CSA) program?
A control that detects transmission errors by appending…
A control that detects transmission errors by appending calculated bits onto the end of each
segment of data is known as a:
Which of the following is a data validation edit and co…
Which of the following is a data validation edit and control?
In a public key infrastructure (PKI), the authority res…
In a public key infrastructure (PKI), the authority responsible for the identification and authentication
of an applicant for a digital certificate (i.e., certificate subjects) is the:
which of the following would be of GREATEST concern?
Company.com has contracted with an external consulting firm to implement a commercial financial
system to replace its existing in-house developed system. In reviewing the proposed development
approach, which of the following would be of GREATEST concern?