Online Courses
IS Auditing, Controls and Assurance
Online Courses
IS Auditing, Controls and Assurance
  • Information Systems Auditing, Controls and Assurance
  • Introduction to Information Systems (IS) Auditing
    • Risk in Information Systems (IS)
    • Risk Management Process
    • Identify Internal Controls
    • Quiz
  • General IS Audit Procedures
    • Understant the audit areas/subjects
    • Compliance Testing and Substantive Testing
    • Practice Quiz
    • Evidence
    • ISACA Outlines Five Steps to Planning an Effective IS Audit Program
    • Quiz
  • Business Application Development and the Roles of IS Auditors
    • What is business application development process / Systems Development Life Cycle (SDLC)?
      • SDLC Models
    • Feasibility and Requirements
    • Design and Selection
    • Development and Configuration
    • Configuration - Input/Output Controls
    • Implementation
    • Post-Implementation Review
    • Risks Associate with Application Development
    • Role of IS Auditor in SDLC
    • Quiz
  • IS Maintenance and Control
    • IS Maintenance Practices
    • Change Management
    • Documentation
    • Emergency Changes
    • IS Controls
    • Quiz
Powered by GitBook
On this page
  • Question 1
  • Question 2
  • Question 3
  • Question 4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10
  1. Introduction to Information Systems (IS) Auditing

Quiz

Question 1

What is risk?

Solution

The happening of an event is uncertain, with possibility to bring positive and/or negative impacts

Question 2

In the lecture video 1.2, Prof. Dias mentioned that internal man-made threat is more serious than an external man-made threat. Why is it so?

Solution

Internal man-made threat is relatively more difficult to be prevented as if a staff is intended to steal the digital assets which he / she is being granted with corresponding access rights to such digital assets according to his/her roles

Question 3

When determine the risk level of an event, which two elements of such event should be assessed?

Solution

“Impact” and “Probability”

Question 4

When making decisions to mitigate a risk, which of the following statement is NOT correct?

Solution

Risk can ultimately be eliminated by putting in the maximum level of controls

Question 5

After the remaining risk is being transferred to third party after the completion of risk mitigation exercise, which of the following statement is correct?

Solution

The same risk level remains, however the impact posses by the relevant event will be compensated by the third party

Question 6

When is the best time to conduct risk re-evaluation against an activity?

Solution

When any of these conditions happen, risk re-evaluation should be conducted

Question 7

Which of the following is a detective control to address unauthorized network access?

Solution

Reviewing of system access log regularly

Question 8

Preventive controls could prevent a risk being realized. Should we only implement preventive controls?

Solution

No – none of the preventive, detective and corrective controls could solely help to mitigate risk effectively, and not everything risk can be prevented or detected so implementing a combination of these types of controls would provide the best protection to the organisation

Question 9

What is the control category of “data backup and restoration”?

Solution

Both preventive and corrective

Question 10

Your company is looking into the feasibility of building the data center near the coast and your supervisor would like you to conduct a risk assessment exercise. How would you get started?

Solution

Use the risk matrix to calculate the impact and probability of the risk

PreviousIdentify Internal ControlsNextUnderstant the audit areas/subjects

Last updated 8 months ago