Information Systems Auditing Final
Exam
Course Introduction
Information Systems Auditing explores the principles, methodologies, and practices used to assess the integrity, security, and reliability of information systems within organizations. The course covers risk assessment, internal controls, audit planning, evidence gathering, and the evaluation of compliance with policies and regulations. Students gain practical knowledge about auditing tools and techniques, with a focus on identifying vulnerabilities and ensuring alignment with organizational goals and legal requirements. By the end of the course, students will be equipped to conduct effective audits of information systems, support IT governance, and contribute to the protection of critical digital assets.
Recommended Textbook
Information Technology Auditing 3rd Edition by James A. Hall
Available Study Resources on Quizplus
12 Chapters
1295 Verified Questions
1295 Flashcards
Source URL: https://quizplus.com/study-set/351 Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
103 Verified Questions
103 Flashcards
Source URL: https://quizplus.com/quiz/5812
Sample Questions
Q1) A clerk reorders 250 items when the inventory falls below 25 items.This is an example of __________________________.
Answer: general authorization
Q2) Explain how general controls impact transaction integrity and the financial reporting process.
Answer: Consider an organization with poor database security controls.In such a situation,even data processed by systems with adequate built in application controls may be at risk.An individual who can circumvent database security,may then change,steal,or corrupt stored transaction data.Thus,general controls are needed to support the functioning of application controls,and both are needed to ensure accurate financial reporting.
Q3) When planning the audit,information is gathered by all of the following methods except
A) completing questionnaires
B) interviewing management
C) observing activities
D) confirming accounts receivable
Answer: D
To view all questions and flashcards with answers, click on the resource link above.
3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
99 Verified Questions
99 Flashcards
Source URL: https://quizplus.com/quiz/5813
Sample Questions
Q1) How is pre SOX IT governance different from post SOX IT governance?
Answer: Prior to SOX,the common practice regarding IT investments was to defer all decisions to corporate IT professionals.Modern IT governance,however,follows the philosophy that all corporate stakeholders,including boards of directors,top management,and departmental users (i.e.accounting and finance)be active participants in key IT decisions.Such broad-based involvement reduces risk and increases the likelihood that IT decisions will be in compliance with user needs,corporate policies,strategic initiatives,and internal control requirements under SOX.
Q2) Which of the following disaster recovery techniques may be least optimal in the case of a disaster?
A)empty shell
B)mutual aid pact
C)internally provided backup
D)they are all equally beneficial.
Answer: B
Q3) An often-cited benefit of IT outsourcing is improved core business performance.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: Security Part I: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5814
Sample Questions
Q1) What are network protocols? What functions do they perform?
Answer: Network protocols are the rules and standards governing the design of hardware and software that permit users of networks manufactured by different vendors to communicate and share data.Protocols perform a number of different functions.
a. They facilitate the physical connection between network devices.
b. They synchronize the transfer of data between physical devices.
c. They provide a basis for error checking and measuring network performance.
d. They promote compatibility among network devices.
e. They promote network designs that are flexible,expandable,and cost-effective.
Q2) In a hierarchical topology,network nodes communicate with each other via a central host computer.
A)True
B)False
Answer: True
Q3) Electronic data interchange customers may be given access to the vendor's data files.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: IT Security Part II: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
101 Verified Questions
101 Flashcards
Source URL: https://quizplus.com/quiz/5815
Sample Questions
Q1) The data manipulation language
A) defines the database to the database management system
B) transfers data to the buffer area for manipulation
C) enables application programs to interact with and manipulate the database
D) describes every data element in the database
Q2) Explain the three views of a database.
Q3) To the user,data processing procedures for routine transactions,such as entering sales orders,appear to be identical in the database environment and in the traditional environment.
A)True
B)False
Q4) In a direct access file system
A) backups are created using the grandfather-father-son approach
B) processing a transaction file against a maser file creates a backup file
C) files are backed up immediately before an update run
D) if the master file is destroyed, it cannot be reconstructed
Q5) How does the database approach solve the problem of data redundancy?
Q6) What is a database lockout?
Q7) What is DML?
Page 6
Q8) What are two types of distributed databases?
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/5816
Sample Questions
Q1) Examples of recurring costs include
A) software acquisition
B) data conversion
C) personnel costs
D) systems design.
Q2) What are program version numbers and how are the used?
Q3) Which statement is not correct? The structured design approach
A) is a top-down approach
B) is documented by data flow diagrams and structure diagrams
C) assembles reusable modules rather than creating systems from scratch
D) starts with an abstract description of the system and redefines it to produce a more detailed description of the system
Q4) A commercial software system that is completely finished,tested,and ready for implementation is called a
A) backbone system
B) vendor-supported system
C) benchmark system
D) turnkey system
Page 7
Q5) What are three problems that account for most system failures?
Q6) What is a systems selection report?
To view all questions and flashcards with answers, click on the resource link above.
Page 8
Chapter 6: Overview of Transaction Processing and Financial Reporting Systems
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5817
Sample Questions
Q1) Describe the key activities in the revenue,conversion,and expenditure cycles.
Q2) The coding scheme most appropriate for a chart of accounts is
A) sequential code
B) block code
C) group code
D) mnemonic code
Q3) Each account in the chart of accounts has a separate record in the general ledger master file.
A)True
B)False
Q4) Which method of processing does not use the destructive update approach?
A) batch processing using direct access files
B) real-time processing
C) batch processing using sequential files
D) all of the above use the destructive update approach
Q5) Batch processing of accounts common to many concurrent transactions reduces operational efficiency.
A)True
B)False
Q6) Discuss three audit implications of XBRL Page 9
To view all questions and flashcards with answers, click on the resource link above.
Page 10
Chapter 7: Computer-Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/5818
Sample Questions
Q1) The white box tests of program controls are also known as auditing through the computer.
A)True
B)False
Q2) What is meant by auditing around the computer versus auditing through the computer? Why is this so important?
Q3) Describe parallel simulation.
Q4) The integrated test facility (ITF)is an automated approach that permits auditors to test an application's logic and controls during its normal operation.
A)True
B)False
Q5) Incorrectly recording sales order number 123456 as 124356 is an example of a transcription error
A)True
B)False
Q6) Explain input controls.
Q7) The firm allows no more than 10 hours of overtime a week.An employee entered "15" in the field.Which control will detect this error?
Page 11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Data Structures and CAATTs for Data Extraction
Available Study Resources on Quizplus for this Chatper
89 Verified Questions
89 Flashcards
Source URL: https://quizplus.com/quiz/5819
Sample Questions
Q1) Explain the following three types of pointers: physical address pointer,relative address pointer,and logical key pointer.
Q2) A transitive dependency
A)is a database condition that is resolved through special monitoring software.
B)is a name given to one of the three anomalies that result from unnormalized database tables.
C)can exist only in a table with a composite primary key.
D)cannot exist in tables that are normalized at the 2NF level.
E)is none of the above.
Q3) Explain how a separate linking file works in a network model.
Q4) GAS can be used with simple data structures but not complex structures
A)True
B)False
Q5) What is the update anomaly?
Q6) What is the relationship between a database table and a user view?
Q7) The deletion anomaly in unnormalized databases
A) is easily detected by users
B) may result in the loss of important data
C) complicates adding records to the database
D) requires the user to perform excessive updates
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/5820
Sample Questions
Q1) What is a bill of lading?
Q2) Another name for the stock release form is the picking ticket.
A)True
B)False
Q3) What specific internal control procedure would detect the misplacement of a sales invoice after preparation and not mailed to the customer? The invoice was never found.
Q4) A remittance advice is
A) used to increase (debit) an account receivable by the cash received
B) is a turn-around document
C) is retained by the customer to show proof of payment
D) none of the above
Q5) The customer open order file is used to
A) respond to customer queries
B) fill the customer order
C) ship the customer order
D) authorize customer credit
Q6) The principal source document in the sales order system is the sales order.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
144 Verified Questions
144 Flashcards
Source URL: https://quizplus.com/quiz/5821
Sample Questions
Q1) Which of the following situations represents a serious control weakness?
A) Timekeeping is independent of the payroll department.
B) Paychecks are distributed by the employees immediate supervisor.
C) Time cards are reconciled with job tickets.
D) Personnel is responsible for updating employee records, including creation of records for new hires.
Q2) The cash disbursement clerk performs all of the following tasks except
A) reviews the supporting documents for completeness and accuracy
B) prepares checks
C) signs checks
D) marks the supporting documents paid
Q3) Work-in-process records are updated by payroll personnel.
A)True
B)False
Q4) In a merchandising firm,authorization for the payment of inventory is the responsibility of
A) inventory control
B) purchasing
C) accounts payable
D) cash disbursements
Page 14
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
85 Verified Questions
85 Flashcards
Source URL: https://quizplus.com/quiz/5822
Sample Questions
Q1) The text discusses many questions about personal traits of executives which might help uncover fraudulent activity.What are three?
Q2) Explain the pass through fraud.
Q3) A shell company fraud involves
A) stealing cash from an organization before it is recorded
B) Stealing cash from an organization after it has been recorded
C) manufacturing false purchase orders, receiving reports, and invoices
D) A clerk pays a vendor twice for the same products and cashes the reimbursement check issued by the vendor.
Q4) All of the following are factors in the fraud triangle except
A) Ethical behavior of an individual
B) Pressure exerted on an individual at home and job related
C) Materiality of the assets
D) Opportunity to gain access to assets
Q5) Why are the computer ethics issues of privacy,security,and property ownership of interest to accountants?
Q6) Distinguish between errors and irregularities.Which are of greatest concern to auditors?
Q7) Explain the problems associated with inappropriate accounting practices.
Page 15
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
92 Verified Questions
92 Flashcards
Source URL: https://quizplus.com/quiz/5823
Sample Questions
Q1) Drill-down capability is an OLAP feature of data mining tools.
A)True
B)False
Q2) Supply-chain management software is a type of program that supports efforts relative to moving goods from the raw material stage to the customer.
A)True
B)False
Q3) Day-to-day transactions are stored in the operational database.
A)True
B)False
Q4) Separating the data warehouse from the operations databases occurs for all of the following reasons except
A) to make the management of the databases more economical
B) to increase the efficiency of data mining processes
C) to integrate legacy system data into a form that permits entity-wide analysis
D) to permit the integration of data from diverse sources
Q5) In two-tier architecture,the database and application functions are separated. A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 16