Though management has stated otherwise, an IS auditor has reasons to believe that the
organization is using software that is not licensed. In this situation, the IS auditor should:

While reviewing sensitive electronic work papers, the IS auditor noticed that they were not
encrypted. This could compromise the:

The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is
to:

After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS
auditor should:

Which of the following should an IS auditor use to detect duplicate invoice records within an invoice
master file?

Which of the following would be the MOST effective audit technique for identifying segregation of
duties violations in a new enterprise resource planning (ERP) implementation?

Which of the following would an IS auditor use to determine if unauthorized modifications were
made to production programs?

During a change control audit of a production system, an IS auditor finds that the change
management process is not formally documented and that some migration procedures failed. What
should the IS auditor do next?

During the collection of forensic evidence, which of the following actions would MOST likely result in
the destruction or corruption of evidence on a compromised system?

An IS auditor who was involved in designing an organization’s business continuity plan (BCP) has
been assigned to audit the plan. The IS auditor should: