Auditing Information Systems
Solved Exam Questions
Course Introduction
Auditing Information Systems explores the principles, practices, and standards involved in assessing and ensuring the integrity, confidentiality, and availability of information systems within organizations. The course covers audit processes, risk assessment methodologies, internal control frameworks, and regulatory compliance in IT environments. Students will learn techniques for evaluating information system security, identifying vulnerabilities, and recommending improvements. Real-world case studies and hands-on exercises provide experience in planning, executing, and reporting on IT audits, preparing students for roles in IT governance, risk management, and assurance services.
Recommended Textbook
Information Technology Auditing 4th Edition by James Hall
Available Study Resources on Quizplus
12 Chapters
1122 Verified Questions
1122 Flashcards
Source URL: https://quizplus.com/study-set/1104
Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21726
Sample Questions
Q1) Which of the following is the best reason to separate duties in a manual system?
A) to avoid collusion between the programmer and the computer operator
B) to ensure that supervision is not required
C) to prevent the record keeper from authorizing transactions
D) to enable the firm to function more efficiently
Answer: C
Q2) Which of the following indicates a strong internal control environment?
A) the internal audit group reports to the audit committee of the board of directors
B) there is no segregation of duties between organization functions
C) there are questions about the integrity of management
D) adverse business conditions exist in the industry
Answer: A
Q3) Not permitting the computer programmer to enter the computer room is an example of _______________________________.
Answer: segregation of duties
Q4) Using cameras to monitor the activities of cashiers is an example of
Answer: supervision
To view all questions and flashcards with answers, click on the resource link above.
3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
91 Verified Questions
91 Flashcards
Source URL: https://quizplus.com/quiz/21727
Sample Questions
Q1) What is an auditor looking for when testing computer center controls?
Answer: When testing computer center controls, the auditor is trying to determine that the physical security controls are adequate to protect the organization from physical exposures, that insurance coverage on equipment is adequate, that operator documentation is adequate to deal with operations and failures, and that the disaster recovery plan is adequate and feasible.
Q2) Which organizational structure is most likely to result in good documentation procedures?
A) separate systems development from systems maintenance
B) separate systems analysis from application programming
C) separate systems development from data processing
D) separate database administrator from data processing
Answer: A
Q3) Certain duties that are deemed incompatible in a manual system may be combined in a computer-based information system environment.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/21728
Sample Questions
Q1) The audit trail for electronic data interchange transactions is stored on magnetic media.
A)True
B)False
Answer: True
Q2) In an electronic data interchange environment, customers routinely
A) access the vendor's accounts receivable file with read/write authority
B) access the vendor's price list file with read/write authority
C) access the vendor's inventory file with read-only authority
D) access the vendor's open purchase order file with read-only authority
Answer: C
Q3) An IP Address:
A) defines the path to a facility or file on the web.
B) is the unique address that every computer node and host attached to the Internet must have.
C) is represented by a 64-bit data packet.
D) is the address of the protocol rules and standards that governing the design of internet hardware and software.
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
Page 5
Chapter 4: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21729
Sample Questions
Q1) Which of the following is not a test of access controls?
A) biometric controls
B) encryption controls
C) backup controls
D) inference controls
Q2) Which backup technique is most appropriate for sequential batch systems?
A) grandparent-parent-child approach
B) staggered backup approach
C) direct backup
D) remote site, intermittent backup
Q3) What is the flat-file model?
Q4) One purpose of a database system is the easy sharing of data. But this ease of sharing can also jeopardize security. Discuss at least three forms of access control designed to reduce this risk.
Q5) What is the partitioned database approach and what are its advantages?
Q6) Why are the hierarchical and network models called navigational databases?
Q7) In the relational model, a data element is called a relation.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 6
Q8) The __________________________ authorizes access to the database.
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
94 Verified Questions
94 Flashcards
Source URL: https://quizplus.com/quiz/21730
Sample Questions
Q1) A cost-benefit analysis is a part of the detailed
A) operational feasibility study
B) schedule feasibility study
C) legal feasibility study
D) economic feasibility study
Q2) What are program version numbers and how are the used?
Q3) Examples of one-time costs include all of the following except
A) hardware acquisition
B) insurance
C) site preparation
D) programming
Q4) When the nature of the project and the needs of the user permit, most organizations will seek a pre-coded commercial software package rather than develop a system in-house.
A)True
B)False
Q5) Discuss the three groups that participate in systems development.
Q7) List four types of facts that should be gathered during an analysis of a system. Page 7
Q6) Why is the payback method often more useful than the net present value method for evaluating systems projects?
To view all questions and flashcards with answers, click on the resource link above.
Page 8
Chapter 6: Transaction Processing and Financial Reporting
Systems Overview
Available Study Resources on Quizplus for this Chatper
98 Verified Questions
98 Flashcards
Source URL: https://quizplus.com/quiz/21731
Sample Questions
Q1) The general journal is used to record recurring transactions that are similar in nature. A)True
B)False
Q2) All of the following can provide evidence of an economic event except A) source document
B) turn-around document
C) master document
D) product document
Q3) Real time processing is used for routine transactions in large numbers.
A)True
B)False
Q4) The block code is the coding scheme most appropriate for a chart of accounts. A)True B)False
Q5) Explain the purpose and contents of the general ledger master file.
Q6) Document flowcharts are used to represent systems at different levels of detail. A)True B)False
Q7) Give an example of how cardinality relates to business policy.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 7: Computer Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
82 Verified Questions
82 Flashcards
Source URL: https://quizplus.com/quiz/21732
Sample Questions
Q1) Which test is not an example of a white box test?
A) determining the fair value of inventory
B) ensuring that passwords are valid
C) verifying that all pay rates are within a specified range
D) reconciling control totals
Q2) Tracing is a method used to verify the logical operations executed by a computer application.
A)True
B)False
Q3) Describe and contrast the test data method with the integrated test facility.
Q4) Explain the three methods used to correct errors in data entry.
Q5) A check digit is a method of detecting data coding errors.
A)True
B)False
Q6) Discuss the three categories of input of input controls.
Q7) Name three types of transcription errors.
Q8) A run-to-run control is an example of an output control.
A)True
B)False
Q9) Discuss what is involved in creating test data. Page 10
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 8: Data Structures and Caatts for Data Extraction
Available Study Resources on Quizplus for this Chatper
81 Verified Questions
81 Flashcards
Source URL: https://quizplus.com/quiz/21733
Sample Questions
Q1) View integration combines the data needs to all users into a single-entity wide schema.
A)True
B)False
Q2) The deletion anomaly is the least important of the problems affecting unnormalized databases.
A)True
B)False
Q3) Which characteristic is associated with the database approach to data management?
A) data sharing
B) multiple storage procedures
C) data redundancy
D) excessive storage costs
Q4) In the relational database model all of the following are true except A) data is presented to users as tables
B) data can be extracted from specified rows from specified tables
C) a new table can be built by joining two tables
D) only one-to-many relationships can be supported
Q5) What are the six phases of view modeling?
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
97 Verified Questions
97 Flashcards
Source URL: https://quizplus.com/quiz/21734
Sample Questions
Q1) Warehouse stock records are the formal accounting records for inventory.
A)True
B)False
Q2) Customers should be billed for back-orders when
A) the customer purchase order is received
B) the backordered goods are shipped
C) the original goods are shipped
D) customers are not billed for backorders because a backorder is a lost sale
Q3) The shipping notice
A) is mailed to the customer
B) is a formal contract between the seller and the shipping company
C) is always prepared by the shipping clerk
D) informs the billing department of the quantities shipped
Q4) The clerk who opens the mail routinely steals remittances. Describe a specific internal control procedure that would prevent or detect this fraud.
Q5) What makes point-of-sale systems different from revenue cycles of manufacturing firms?
Q6) What specific internal control procedure would prevent an increase in sales returns since salesmen were placed on commission?
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21735
Sample Questions
Q1) In a merchandising firm, authorization for the payment of inventory is the responsibility of
A) inventory control
B) purchasing
C) accounts payable
D) cash disbursements
Q2) The blind copy of the purchase order that goes to the receiving department contains no item descriptions.
A)True
B)False
Q3) Ideally, payroll checks are written on a special bank account used only for payroll.
A)True
B)False
Q4) The major risk exposures associated with the receiving department include all of the following except
A) goods are accepted without a physical count
B) there is no inspection for goods damaged in shipment
C) inventories are not secured on the receiving dock
D) the audit trail is destroyed
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
90 Verified Questions
90 Flashcards
Source URL: https://quizplus.com/quiz/21736
Sample Questions
Q1) Internal efficiency is cited as one reason for separating the data warehouse from the operational database. Explain.
Q2) Extracting data for a data warehouse
A) cannot be done from flat files.
B) should only involve active files.
C) requires that the files be out of service. D) follows the cleansing of data.
Q3) The role model assigns specific access privileges directly to individuals.
A)True
B)False
Q4) The big-bang approach involves converting from old legacy systems to the new ERP in one implementation step.
A)True
B)False
Q5) Describe the two-tier client server model.
Q6) If a chosen ERP cannot handle a specific company process bolt-on software may be available.
A)True
B)False
Q7) What is the client-server model?
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
84 Verified Questions
84 Flashcards
Source URL: https://quizplus.com/quiz/21737
Sample Questions
Q1) Give two examples of employee fraud and explain how the theft might occur.
Q2) Describe the factors that constitute the fraud triangle. Why is it important to auditors?
Q3) Which characteristic is not associated with software as intellectual property?
A) uniqueness of the product
B) possibility of exact replication
C) automated monitoring to detect intruders
D) ease of dissemination
Q4) What are some conclusions to be drawn from the ACFE fraud study regarding losses from fraud?
Q5) Name three types of program fraud.
Q6) Computer fraud can take on many forms, including each of the following except
A) theft or illegal use of computer-readable information
B) theft, misuse, or misappropriation of computer equipment
C) theft, misuse, or misappropriation of assets by altering computer-readable records and files
D) theft, misuse, or misappropriation of printer supplies
Q7) Explain the problems associated with lack of auditor independence.
Q8) Explain the shell company fraud.
Q9) Contrast management fraud with employee fraud. Page 16
To view all questions and flashcards with answers, click on the resource link above.
Page 17