Quiz

Question 1

In performing an IS audit exercise for a company for the first time, which of the following information should IS auditor review first?

Solution

The company’s background and its audit areas

Question 2

Which of the following is NOT a major phase of the general audit procedure

Solution

Win an Audit Engagement

Question 3

Which of the following areas would likely be audited when you are auditing a financial reporting system (i.e., the system that generates financial statements)?

1. User list and corresponding access rights of such system

2. The time required to generate the financial statement

3. Approval flow and approval matrix for posting an accounting journal

4. System change controls

Solution

1, 2 e 4

Question 4

During the “Fieldwork and Documentation” phase, if the audit client asks the IS auditors to share the observations they have obtained, can the IS auditors provide such information to the audit client?

Solution

It depends – observations cannot be shared as if it is about a crime that the IS auditors should first inform the regulator / law enforcing organisation

Question 5

Which of the following is the best way to review whether the system users have changed their password in accordance to the password policy in the past 12 months during the relevant compliance testing?

Solution

Review the global security setting of the system and check whether it is configured in accordance to the company password policy

Question 6

What is “Substantive Testing”?

Solution

Audit procedure to collect evidence and evaluate the integrity of detail data, programming code and/or change requests

Question 7

Under what circumstance IS auditors must perform “Substantive Testing”?

Solution

No program change policy is in place

Question 8

When IS auditors collect evidence, which of the following is the most trustworthy source?

Solution

Security configurations of the system downloaded by the IS auditor

Question 9

When should IS auditors perform “Re-performance”?

Solution

When reviewing the control of an critical function of a system, where any failure of such control can possibly lead to a great financial impact

Question 10

An IS auditor needs to obtain samples of documents from the audit client, such as program change request forms, to review the internal control of the audit client over the past 12 months. What would be the most appropriate action that the IS auditor should do in terms of sampling?

Solution

IS auditor to determine the number of samples required, randomly pick the required samples based on the full set of documents from the last 12 months, and request the audit client to provide accordingly