IS Auditing, Controls and Assurance

Quiz

Question 1

What is risk?

Solution

The happening of an event is uncertain, with possibility to bring positive and/or negative impacts

Question 2

In the lecture video 1.2, Prof. Dias mentioned that internal man-made threat is more serious than an external man-made threat. Why is it so?

Solution

Internal man-made threat is relatively more difficult to be prevented as if a staff is intended to steal the digital assets which he / she is being granted with corresponding access rights to such digital assets according to his/her roles

Question 3

When determine the risk level of an event, which two elements of such event should be assessed?

Solution

“Impact” and “Probability”

Question 4

When making decisions to mitigate a risk, which of the following statement is NOT correct?

Solution

Risk can ultimately be eliminated by putting in the maximum level of controls

Question 5

After the remaining risk is being transferred to third party after the completion of risk mitigation exercise, which of the following statement is correct?

Solution

The same risk level remains, however the impact posses by the relevant event will be compensated by the third party

Question 6

When is the best time to conduct risk re-evaluation against an activity?

Solution

When any of these conditions happen, risk re-evaluation should be conducted

Question 7

Which of the following is a detective control to address unauthorized network access?

Solution

Reviewing of system access log regularly

Question 8

Preventive controls could prevent a risk being realized. Should we only implement preventive controls?

Solution

No – none of the preventive, detective and corrective controls could solely help to mitigate risk effectively, and not everything risk can be prevented or detected so implementing a combination of these types of controls would provide the best protection to the organisation

Question 9

What is the control category of “data backup and restoration”?

Solution

Both preventive and corrective

Question 10

Your company is looking into the feasibility of building the data center near the coast and your supervisor would like you to conduct a risk assessment exercise. How would you get started?

Solution

Use the risk matrix to calculate the impact and probability of the risk

PreviousIdentify Internal ControlsNextUnderstant the audit areas/subjects

Last updated