CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 189
1. Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?
A) Test data run
B) Code review
C) Automated code comparison
D) Review of code migration procedures
2. Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should:
A) include the statement of management in the audit report.
B) identify whether such software is, indeed, being used by the organization.
C) reconfirm with management the usage of the software.
D) discuss the issue with senior management since reporting this could have a negative impact on the organization.
3. While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the:
A) audit trail of the versioning of the work papers.
B) approval of the audit phases.
C) access rights to the work papers.
D) confidentiality of the work papers.
4. The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:
A) comply with regulatory requirements.
B) provide a basis for drawing reasonable conclusions.
C) ensure complete audit coverage.
D) perform the audit according to the defined scope.
5. After initial investigation, an IS auditor has reasons to believe that fraud may be present.The IS auditor should:
A) expand activities to determine whether an investigation is warranted
B) report the matter to the audit committee.
C) report the possibility of fraud to top management and ask how they would like to be proceed.
D) consult with external legal counsel to determine the course of action to be taken.
A) Test data run
B) Code review
C) Automated code comparison
D) Review of code migration procedures
2. Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should:
A) include the statement of management in the audit report.
B) identify whether such software is, indeed, being used by the organization.
C) reconfirm with management the usage of the software.
D) discuss the issue with senior management since reporting this could have a negative impact on the organization.
3. While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the:
A) audit trail of the versioning of the work papers.
B) approval of the audit phases.
C) access rights to the work papers.
D) confidentiality of the work papers.
4. The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:
A) comply with regulatory requirements.
B) provide a basis for drawing reasonable conclusions.
C) ensure complete audit coverage.
D) perform the audit according to the defined scope.
5. After initial investigation, an IS auditor has reasons to believe that fraud may be present.The IS auditor should:
A) expand activities to determine whether an investigation is warranted
B) report the matter to the audit committee.
C) report the possibility of fraud to top management and ask how they would like to be proceed.
D) consult with external legal counsel to determine the course of action to be taken.
1. Right Answer: C
Explanation: An automated code comparison is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is an automated procedure. Test data runs permit the auditor to verify the processing of preselected transactions, but provide no evidence about unexercised portions of a program. Code review is the process of reading program source code listings to determine whether the code contains potential errors or inefficient statements. A code review can be used as a means of code comparison but it is inefficient. The review of code migration procedures would not detect program changes.
2. Right Answer: B
Explanation: When there is an indication that an organization might be using unlicensed software, the IS auditor should obtain sufficient evidence before including it in the report. With respect to this matter, representations obtained from management cannot be independently verified. If the organization is using software that is not licensed, the auditor, to maintain objectivity and independence, must include this in the report.
3. Right Answer: D
Explanation: Encryption provides confidentiality for the electronic work papers. Audit trails, audit phase approvals and access to the work papers do not, of themselves, affect the confidentiality but are part of the reason for requiring encryption.
4. Right Answer: B
Explanation: The scope of an IS audit is defined by its objectives. This involves identifying control weaknesses relevant to the scope of the audit. Obtaining sufficient and appropriate evidence assists the auditor in not only identifying control weaknesses but also documenting and validating them.Complying with regulatory requirements, ensuring coverage and the execution of audit are all relevant to an audit but are not the reason why sufficient and relevant evidence is required.
5. Right Answer: A
Explanation: An IS auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. The IS auditor should notify the appropriate authorities within the organization only if it has determined that the indicators of fraud are sufficient to recommend an investigation. Normally, the IS auditor does not have authority to consult with external legal counsel.
Explanation: An automated code comparison is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is an automated procedure. Test data runs permit the auditor to verify the processing of preselected transactions, but provide no evidence about unexercised portions of a program. Code review is the process of reading program source code listings to determine whether the code contains potential errors or inefficient statements. A code review can be used as a means of code comparison but it is inefficient. The review of code migration procedures would not detect program changes.
2. Right Answer: B
Explanation: When there is an indication that an organization might be using unlicensed software, the IS auditor should obtain sufficient evidence before including it in the report. With respect to this matter, representations obtained from management cannot be independently verified. If the organization is using software that is not licensed, the auditor, to maintain objectivity and independence, must include this in the report.
3. Right Answer: D
Explanation: Encryption provides confidentiality for the electronic work papers. Audit trails, audit phase approvals and access to the work papers do not, of themselves, affect the confidentiality but are part of the reason for requiring encryption.
4. Right Answer: B
Explanation: The scope of an IS audit is defined by its objectives. This involves identifying control weaknesses relevant to the scope of the audit. Obtaining sufficient and appropriate evidence assists the auditor in not only identifying control weaknesses but also documenting and validating them.Complying with regulatory requirements, ensuring coverage and the execution of audit are all relevant to an audit but are not the reason why sufficient and relevant evidence is required.
5. Right Answer: A
Explanation: An IS auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. The IS auditor should notify the appropriate authorities within the organization only if it has determined that the indicators of fraud are sufficient to recommend an investigation. Normally, the IS auditor does not have authority to consult with external legal counsel.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment