What should an IS auditor do if he or she observes that…
What should an IS auditor do if he or she observes that project-approval procedures do not exist?
True or false?
Proper segregation of duties prohibits a system analyst from performing quality-assurance functions.
True or false?
Who is accountable for maintaining appropriate security…
Who is accountable for maintaining appropriate security measures over information assets?
What type of approach to the development of organizatio…
What type of approach to the development of organizational policies is often driven by risk assessment?
A primary benefit derived from an organization employin…
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it
can:
What type of risk results when an IS auditor uses an in…
What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material
errors do not exist when errors actually exist?
The use of statistical sampling procedures helps minimize:
The use of statistical sampling procedures helps minimize:
After an IS auditor has identified threats and potentia…
After an IS auditor has identified threats and potential impacts, the auditor should:
How does the process of systems auditing benefit from u…
How does the process of systems auditing benefit from using a risk-based approach to audit planning?
What is the PRIMARY purpose of audit trails?
What is the PRIMARY purpose of audit trails?