The IS auditor should:
During a security audit of IT processes, an IS auditor found that there were no documented security
procedures. The IS auditor should:
Next, the IS auditor should:
In the course of performing a risk analysis, an IS auditor has identified threats and
potential impacts. Next, the IS auditor should:
Which of the following should be of MOST concern to an IS auditor?
Which of the following should be of MOST concern to an IS auditor?
Which of the following would normally be the MOST reliable evidence for an auditor?
Which of the following would normally be the MOST reliable evidence for an auditor?
which of the following?
When evaluating the collective effect of preventive, detective or corrective controls within a
process, an IS auditor should be aware of which of the following?
Which audit technique provides the BEST evidence of the segregation of duties in an IS department?
Which audit technique provides the BEST evidence of the segregation of duties in an IS department?
To determine the extent of the duplication, the IS auditor would use:
During a review of a customer master file, an IS auditor discovered numerous customer name
duplications arising from variations in customer first names. To determine the extent of the
duplication, the IS auditor would use:
Which of the following would be the BEST population to take a sample from when testing program changes?
Which of the following would be the BEST population to take a sample from when testing program
changes?
An integrated test facility is considered a useful audit tool because it:
An integrated test facility is considered a useful audit tool because it:
Data flow diagrams are used by IS auditors to:
Data flow diagrams are used by IS auditors to: