CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 184
1. When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware of which of the following?
A) The point at which controls are exercised as data flow through the system
B) Only preventive and detective controls are relevant
C) Corrective controls can only be regarded as compensating
D) Classification allows an IS auditor to determine which controls are missing
2. Which audit technique provides the BEST evidence of the segregation of duties in an IS department?
A) Discussion with management
B) Review of the organization chart
C) Observation and interviews
D) Testing of user access rights
3. During a review of a customer master file, an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication, the IS auditor would use:
A) test data to validate data input.
B) test data to determine system sort capabilities.
C) generalized audit software to search for address field duplications.
D) generalized audit software to search for account field duplications.
4. Which of the following would be the BEST population to take a sample from when testing program changes?
A) Test library listings
B) Source program listings
C) Program change requests
D) Production library listings
5. An integrated test facility is considered a useful audit tool because it:
A) is a cost-efficient approach to auditing application controls.
B) enables the financial and IS auditors to integrate their audit tests.
C) compares processing output with independently calculated data.
D) provides the IS auditor with a tool to analyze a large range of information
A) The point at which controls are exercised as data flow through the system
B) Only preventive and detective controls are relevant
C) Corrective controls can only be regarded as compensating
D) Classification allows an IS auditor to determine which controls are missing
2. Which audit technique provides the BEST evidence of the segregation of duties in an IS department?
A) Discussion with management
B) Review of the organization chart
C) Observation and interviews
D) Testing of user access rights
3. During a review of a customer master file, an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication, the IS auditor would use:
A) test data to validate data input.
B) test data to determine system sort capabilities.
C) generalized audit software to search for address field duplications.
D) generalized audit software to search for account field duplications.
4. Which of the following would be the BEST population to take a sample from when testing program changes?
A) Test library listings
B) Source program listings
C) Program change requests
D) Production library listings
5. An integrated test facility is considered a useful audit tool because it:
A) is a cost-efficient approach to auditing application controls.
B) enables the financial and IS auditors to integrate their audit tests.
C) compares processing output with independently calculated data.
D) provides the IS auditor with a tool to analyze a large range of information
1. Right Answer: A
Explanation: An IS auditor should focus on when controls are exercised as data flow through a computer system. Choice B is incorrect since corrective controls may also be relevant. Choice C is incorrect, since corrective controls remove or reduce the effects of errors or irregularities and are exclusively regarded as compensating controls. Choice D is incorrect and irrelevant since the existence and function of controls is important, not the classification.
2. Right Answer: C
Explanation: By observing the IS staff performing their tasks, an IS auditor can identify whether they are performing any incompatible operations, and by interviewing the IS staff, the auditor can get an overview of the tasks performed. Based on the observations and interviews the auditor can evaluate the segregation of duties. Management may not be aware of the detailed functions of each employee in the IS department; therefore, discussion with the management would provide only limited information regarding segregation of duties. An organization chart would not provide details of the functions of the employees. Testing of user rights would provide information about the rights they have within the IS systems, but would not provide complete information about the functions they perform.
3. Right Answer: C
Explanation: Since the name is not the same {due to name variations), one method to detect duplications would be to compare other common fields, such as addresses. A subsequent review to determine common customer names at these addresses could then be conducted. Searching for duplicate account numbers would not likely find duplications, since customers would most likely have different account numbers for each variation. Test data would not be useful to detect the extent of any data characteristic, but simply to determine how the data were processed.
4. Right Answer: D
Explanation: The best source from which to draw any sample or test of system information is the automated system. The production libraries represent executables that are approved and authorized to process organizational data. Source program listings would be timeintensive. Program change requests are the documents used to initiate change; there is no guarantee that the request has been completed for all changes. Test library listings do not represent the approved and authorized executables.
5. Right Answer: C
Explanation: An integrated test facility is considered a useful audit tool because it uses the same programs to compare processing using independently calculated data. This involves setting up dummy entities on an application system and processing test or production data against the entity as a means of verifying processing accuracy.
Explanation: An IS auditor should focus on when controls are exercised as data flow through a computer system. Choice B is incorrect since corrective controls may also be relevant. Choice C is incorrect, since corrective controls remove or reduce the effects of errors or irregularities and are exclusively regarded as compensating controls. Choice D is incorrect and irrelevant since the existence and function of controls is important, not the classification.
2. Right Answer: C
Explanation: By observing the IS staff performing their tasks, an IS auditor can identify whether they are performing any incompatible operations, and by interviewing the IS staff, the auditor can get an overview of the tasks performed. Based on the observations and interviews the auditor can evaluate the segregation of duties. Management may not be aware of the detailed functions of each employee in the IS department; therefore, discussion with the management would provide only limited information regarding segregation of duties. An organization chart would not provide details of the functions of the employees. Testing of user rights would provide information about the rights they have within the IS systems, but would not provide complete information about the functions they perform.
3. Right Answer: C
Explanation: Since the name is not the same {due to name variations), one method to detect duplications would be to compare other common fields, such as addresses. A subsequent review to determine common customer names at these addresses could then be conducted. Searching for duplicate account numbers would not likely find duplications, since customers would most likely have different account numbers for each variation. Test data would not be useful to detect the extent of any data characteristic, but simply to determine how the data were processed.
4. Right Answer: D
Explanation: The best source from which to draw any sample or test of system information is the automated system. The production libraries represent executables that are approved and authorized to process organizational data. Source program listings would be timeintensive. Program change requests are the documents used to initiate change; there is no guarantee that the request has been completed for all changes. Test library listings do not represent the approved and authorized executables.
5. Right Answer: C
Explanation: An integrated test facility is considered a useful audit tool because it uses the same programs to compare processing using independently calculated data. This involves setting up dummy entities on an application system and processing test or production data against the entity as a means of verifying processing accuracy.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment