Information Systems Audit
Final Test Solutions
Course Introduction
Information Systems Audit introduces students to the principles, practices, and standards involved in auditing information systems within organizations. The course covers the role of IT auditing in risk management, governance, compliance, and control environments, with a focus on frameworks such as COBIT and ISO standards. Students learn techniques for evaluating the effectiveness, security, and integrity of information systems through practical case studies, audit planning, evidence collection, and reporting. Additionally, the course addresses emerging technologies, regulatory requirements, and ethical considerations, preparing students to identify vulnerabilities and recommend improvements to safeguard organizational assets.
Recommended Textbook
Information Technology Auditing 3rd Edition by James A. Hall
Available Study Resources on Quizplus
12 Chapters
1295 Verified Questions
1295 Flashcards
Source URL: https://quizplus.com/study-set/351
Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
103 Verified Questions
103 Flashcards
Source URL: https://quizplus.com/quiz/5812
Sample Questions
Q1) When duties cannot be segregated,the most important internal control procedure is A) supervision
B) independent verification
C) access controls
D) accounting records
Answer: A
Q2) Distinguish between errors and irregularities.Which do you think concern the auditors the most?
Answer: Errors are unintentional mistakes; while irregularities are intentional misrepresentations to perpetrate a fraud or mislead the users of financial statements.Errors are a concern if they are numerous or sizable enough to cause the financial statements to be materially misstated.Processes which involve human actions will contain some amount of human error.Computer processes should only contain errors if the programs are erroneous,or if systems operating procedures are not being closely and competently followed.Errors are typically much easier to uncover than misrepresentations,thus auditors typically are more concerned whether they have uncovered any and all irregularities.
Q3) Locking petty cash in a safe is an example of __________________________.
Answer: access controls
To view all questions and flashcards with answers, click on the resource link above.
Page 3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
99 Verified Questions
99 Flashcards
Source URL: https://quizplus.com/quiz/5813
Sample Questions
Q1) Adequate backups will protect against all of the following except
A) natural disasters such as fires
B) unauthorized access
C) data corruption caused by program errors
D) system crashes
Answer: B
Q2) Some systems professionals have unrestricted access to the organization's programs and data.
A)True
B)False
Answer: True
Q3) All of the following are control risks associated with the distributed data processing structure except
A) lack of separation of duties
B) system incompatibilities
C) system interdependency
D) lack of documentation standards
Answer: C
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: Security Part I: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5814
Sample Questions
Q1) In a telecommunications environment,line errors can be detected by using an echo check.
A)True
B)False
Answer: True
Q2) A ping signal is used to initiate
A) URL masquerading
B) digital signature forging
C) Internet protocol spoofing
D) a smurf attack
E) none of the above is true
Answer: D
Q3) A formal log-on procedure is the operating system's last line of defense against unauthorized access.
A)True
B)False
Answer: False
Q4) What can be done to defeat a DDoS Attack?
Answer: Intrusion Prevention Systems (IPS)that employ deep packet inspection (DPI)are a countermeasure to DDoS attacks.
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: IT Security Part II: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
101 Verified Questions
101 Flashcards
Source URL: https://quizplus.com/quiz/5815
Sample Questions
Q1) What is the flat-file model?
Q2) A join builds a new table by creating links. A)True
B)False
Q3) Replicated databases create considerable data redundancy,which is in conflict with the database concept.Explain the justification of this approach.
Q4) What are four ways in which database management systems provide a controlled environment to manage user access and the data resources?
Q5) In the relational database model
A) relationships are explicit
B) the user perceives that files are linked using pointers
C) data is represented on two-dimensional tables
D) data is represented as a tree structure
Q6) The data dictionary describes all of the data elements in the database. A)True B)False
Q7) The database management system controls access to program files. A)True
B)False
6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/5816
Sample Questions
Q1) When implementing a new system,the costs associated with transferring data from one storage medium to another is an example of
A) a recurring cost
B) a data conversion cost
C) a systems design cost
D) a programming cost
Q2) Explain the five stages of the systems development life cycle?
Q3) The payback method is often more useful than the net present value method for evaluating systems projects because the effective lives of information system tend to be short and shorter payback projects are often desirable.
A)True
B)False
Q4) Describe a risk associated with the phased cutover procedure for data conversion.
Q5) Explain how application version numbers can be used as a audit toll for assessing program change controls.
Q6) List four types of facts that should be gathered during an analysis of a system.
Q7) Explain the role of accountants in the conceptual design stage.
Q8) What is the purpose of the auditor's review of SDLC documentation?
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Overview of Transaction Processing and Financial Reporting Systems
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5817
Sample Questions
Q1) Which statement is not correct? The general ledger master file
A) is based on the firm's chart of account
B) contains a record for control accounts
C) is an output of the Financial Reporting System (FRS)
D) supplies information for management decision making
Q2) Individuals with access authority to general ledger accounts should not prepare journal vouchers.
A)True
B)False
Q3) Real-time processing would be most beneficial in handling a firm's
A) fixed asset records
B) retained earning information
C) merchandise inventory
D) depreciation records
Q4) Which type of graphical documentation represents systems at different levels of detail?
A) data flow diagram
B) document flowchart
C) system flowchart
D) program flowchart
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Computer-Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/5818
Sample Questions
Q1) If all of the inputs have been validated before processing,then what purpose do run-to-run controls serve?
Q2) Which of the following is not an input control?
A) Range check
B) Limit check
C) Spooling check
D) Validity check
E) They are all input controls
Q3) A reasonableness check determines if a value in one field is reasonable when considered along with data in other fields of the record
A)True
B)False
Q4) Use of the integrated test facility poses no threat to organizational data files.
A)True
B)False
Q5) Name three types of transcription error.
Q6) What are the three categories of processing control?
Q7) Explain input controls.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Data Structures and CAATTs for Data Extraction
Available Study Resources on Quizplus for this Chatper
89 Verified Questions
89 Flashcards
Source URL: https://quizplus.com/quiz/5819
Sample Questions
Q1) What are the three physical components of a VSAM file?
Q2) When a large portion of the file is to be processed in one operation such as payroll,sequential data structures are an inefficient method of organizing a file.
A)True
B)False
Q3) Which term is not associated with the relational database model?
A) tuple
B) attribute
C) collision
D) relation
Q4) VSAM file structures are most effective where rapid access to individual records is a priority need.
A)True
B)False
Q5) Explain the basic results that come from the restrict,project,and join functions.
Q6) Give an advantage and a disadvantage of the sequential data structure
Q7) When is a table in third normal form (3NF)?
Q8) Explain how linkages between relational tables are accomplished.
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/5820
Sample Questions
Q1) For each of the following documents,describe its purpose,the functional area preparing it,and the key data included: remittance advice,remittance list,deposit slip.
Q2) Goods are shipped to a customer,but the shipping department does not notify billing and the customer never receives an invoice.Describe a specific internal control procedure that would detect this error.
Q3) What is the purpose(s)of the stock release document?
Q4) Integrated accounting systems automatically transfer data between modules. A)True
B)False
Q5) List two points in the sales processing system when authorization is required.
Q6) The bill of lading is a legal contract between the buyer and the seller. A)True
B)False
Q7) In real-time processing systems,routine credit authorizations are automated. A)True
B)False
Q8) What is the purpose of the credit memo?
To view all questions and flashcards with answers, click on the resource link above. Page 11
Q9) State two specific functions or jobs that should be segregated in the cash receipts system.
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
144 Verified Questions
144 Flashcards
Source URL: https://quizplus.com/quiz/5821
Sample Questions
Q1) Proper segregation of duties requires that the responsibility approving a payment be separated from posting to the cash disbursements journal.
A)True
B)False
Q2) Why should employees clocking on and off the job be supervised.
Q3) Describe an internal control procedure that would prevent an employee from punching the time clock for another,absent employee.
Q4) Where is access control exercised in the purchasing/cash disbursement functions?
Q5) An important reconciliation in the payroll system is
A) general ledger compares the labor distribution summary from cost accounting to the disbursement voucher from accounts payable
B) personnel compares the number of employees authorized to receive a paycheck to the number of paychecks prepared
C) production compares the number of hours reported on job tickets to the number of hours reported on time cards
D) payroll compares the labor distribution summary to the hours reported on time cards
Q6) List specific jobs that should be segregated in the cash disbursements system.
To view all questions and flashcards with answers, click on the resource link above.
Page 12
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
85 Verified Questions
85 Flashcards
Source URL: https://quizplus.com/quiz/5822
Sample Questions
Q1) Collusion among employees in the commission of a fraud is difficult to prevent but easy to detect.
A)True
B)False
Q2) Business ethics involves
A) how managers decide on what is right in conducting business
B) how managers achieve what they decide is right for the business
C) both a and b
D) none of the above
Q3) Explain the Pay and Return scheme.
Q4) Defalcation is another word for financial fraud.
A)True
B)False
Q5) Ethical issues and legal issues are essentially the same.
A)True
B)False
Q6) What are the six broad classes of physical control activities defined by SAS 78?
Q7) Explain the problems associated with Questionable Executive Compensation Schemes
Q8) According to common law,there are five conditions that must be present for an act to be deemed fraudulent.Name and explain each. Page 13
To view all questions and flashcards with answers, click on the resource link above.
Page 14
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
92 Verified Questions
92 Flashcards
Source URL: https://quizplus.com/quiz/5823
Sample Questions
Q1) Which of the following is usually not part of an ERP's OLAP applications?
A) logistics
B) decision support systems
C) ad hoc analysis
D) what-if analysis
Q2) Day-to-day transactions are stored in the operational database.
A)True
B)False
Q3) Most ERPs are based on which network model?
A) peer to peer
B) client-server
C) ring topology
D) bus topology
Q4) The primary goal of installing an ERP system is reducing system maintenance costs.
A)True
B)False
Q5) Distinguish between the two-tier and three-tier client server model.Describe when each would be used?
Q6) What is the "Big-Bang" approach?
Page 15
To view all questions and flashcards with answers, click on the resource link above.