Enterprise Information Systems Audit
Test Questions
Course Introduction
Enterprise Information Systems Audit explores the principles, methodologies, and practices involved in evaluating and ensuring the integrity, security, and effectiveness of information systems within organizations. The course provides students with an understanding of the audit process, including risk assessment, internal controls, compliance requirements, and the use of auditing tools and techniques. Emphasis is placed on understanding frameworks such as COBIT, ISO standards, and regulatory environments, as well as the challenges of auditing in complex enterprise environments. Students will develop the skills necessary to plan, execute, and report on audits of information systems, and to identify and mitigate risks to organizational information assets.
Recommended Textbook
Information Technology Auditing 3rd Edition by James A. Hall
Available Study Resources on Quizplus 12 Chapters
1295 Verified Questions
1295 Flashcards
Source URL: https://quizplus.com/study-set/351 Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
103 Verified Questions
103 Flashcards
Source URL: https://quizplus.com/quiz/5812
Sample Questions
Q1) Which of the following indicates a strong internal control environment?
A) the internal audit group reports to the audit committee of the board of directors
B) there is no segregation of duties between organization functions
C) there are questions about the integrity of management
D) adverse business conditions exist in the industry
Answer: A
Q2) Sequentially numbering all sales invoices is an example of __________________________.
Answer: accounting records
Q3) Segregation of duties is an example of an internal control procedure.
A)True
B)False
Answer: True
Q4) Section 404 requires that corporate management (including the CEO)certify their organization's internal controls on a quarterly and annual basis.
A)True
B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
99 Verified Questions
99 Flashcards
Source URL: https://quizplus.com/quiz/5813
Sample Questions
Q1) What is a disaster recovery plan? What are the key features?
Answer: A disaster recovery plan is a comprehensive statement of all actions to be taken before,during,and after a disaster,along with documented,tested procedures that will ensure the continuity of operations.The essential features are: providing second site backup,identifying critical applications,backup and off-site storage procedures,creating a disaster recovery team,and testing the disaster recovery plan.
Q2) Auditors examine the physical environment of the computer center as part of their audit.Many characteristics of computer centers are of interest to auditors.What are they? Discuss.
Answer: The characteristics of computer centers that are of interest of auditors include: physical location because it affects the risk of disaster-it should be away from man-made and natural hazards; construction of the computer center should be sound; access to the computer center should be controlled; air-conditioning should be adequate given the heat generated by electronic equipment and the failure that can result from over-heating; fire suppression systems are critical; and adequate power supply is needed to ensure service.
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Security Part I: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5814
Sample Questions
Q1) Explain a Smurf Attack.
Answer: A smurf attack involves three parties: the perpetrator,the intermediary,and the victim.It is accomplished by exploiting an internet maintenance tool called a ping,which is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network. The perpetrator of a smurf attack uses a program to create a ping message packet that contains the forged IP address of the victim's computer (IP spoofing)rather than that of the actual source computer.The ping message is then sent to the intermediary,which is actually an entire sub network of computers.By sending the ping to the network's IP broadcast address,the perpetrator ensures that each node on the intermediary network receives the echo request automatically.Consequently,each intermediary node sends echo responses to the ping message,which are returned to the victim's IP address not the source computer's.The resulting flood of echoes can overwhelm the victim's computer and cause network congestion that makes it unusable for legitimate traffic.
Q2) Explain how smurf attacks can be controlled.
Answer: The targeted organization can program their firewall to ignore all communication from the attacking site,once the attackers IP address is determined.
To view all questions and flashcards with answers, click on the resource link above.
Page 5
Chapter 4: IT Security Part II: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
101 Verified Questions
101 Flashcards
Source URL: https://quizplus.com/quiz/5815
Sample Questions
Q1) Which statement is false?
A) The DBMS is special software that is programmed to know which data elements each user is authorized to access.
B) User programs send requests for data to the DBMS.
C) During processing, the DBMS periodically makes backup copies of the physical database.
D) The DBMS does not control access to the database.
Q2) In the database method of data management,access authority is maintained by systems programming.
A)True
B)False
Q3) Ownership of data in traditional legacy systems often leads to data redundancy.This in turn leads to several data management problems.What are they? How does the database approach solve them?
Q4) What is a replicated database and what are the advantages of this approach?
Q5) What is a legacy system?
Q6) What is a database authorization table?
Q7) What is the internal view of a database?
Q8) How does the database approach solve the problem of data redundancy?
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/5816
Sample Questions
Q1) When determining the operational feasibility of a new system,the expected ease of transition from the old system to the new system should be considered.
A)True
B)False
Q2) Which statement is not correct? The structured design approach
A) is a top-down approach
B) is documented by data flow diagrams and structure diagrams
C) assembles reusable modules rather than creating systems from scratch
D) starts with an abstract description of the system and redefines it to produce a more detailed description of the system
Q3) System documentation is designed for all of the following groups except
A) systems designers and programmers
B) end users
C) accountants
D) all of the above require systems documentation
Q4) What is a systems selection report?
Q5) Mixing technologies from many vendors improves technical feasibility.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Overview of Transaction Processing and Financial Reporting Systems
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5817
Sample Questions
Q1) How are computer system flowcharts and program flowcharts related?
Q2) Sequential storage means
A) data is stored on tape
B) access is achieved through an index
C) access is direct
D) reading record 100 requires first reading records 1 to 99
Q3) Discuss three audit implications of XBRL
Q4) Why is the audit trail necessary?
Q5) Most organizations have replaced the general journal with a _______________________________.
Q6) The type of transaction most suitable for batch processing is
A) airline reservations
B) credit authorization
C) payroll processing
D) adjustments to perpetual inventory
Q7) For a given field size,a system that uses alphabetic codes can represent far more situations than a system with that uses numeric codes.
A)True
B)False
Q8) What is destructive update? Page 8
To view all questions and flashcards with answers, click on the resource link above.
Page 9
Chapter 7: Computer-Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/5818
Sample Questions
Q1) Which of the following is an example of input control test?
A) sequence check
B) zero value check
C) spooling check
D) range check
Q2) Which statement is not correct? The goal of batch controls is to ensure that during processing
A) transactions are not omitted
B) transactions are not added
C) transactions are free from clerical errors
D) an audit trail is created
Q3) All of the following are advantages of the test data technique except
A) auditors need minimal computer expertise to use this method
B) this method causes minimal disruption to the firm's operations
C) the test data is easily compiled
D) the auditor obtains explicit evidence concerning application functions
Q4) Incorrectly recording sales order number 123456 as 124356 is an example of a transcription error
A)True
B)False
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Data Structures and CAATTs for Data Extraction
Available Study Resources on Quizplus for this Chatper
89 Verified Questions
89 Flashcards
Source URL: https://quizplus.com/quiz/5819
Sample Questions
Q1) VSAM file structures are most effective where rapid access to individual records is a priority need.
A)True
B)False
Q2) In the relational database model
A) relationships are explicit
B) the user perceives that files are linked using pointers C) data is represented on two-dimensional tables
D) data is represented as a tree structure
Q3) An inventory record contains part number,part name,part color,and part weight.These individual items are called A)fields.
B)stored files. C)bytes.
D)occurrences.
Q4) What are the key control implications of the absence of database normalization?
Q5) Why are the hierarchical and network models called navigational databases?
Q6) A network model does not allow children files to have multiple parent files.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/5820
Sample
Questions
Q1) What role does each of the following departments play in the sales order processing subsystem: sales,credit,and shipping? Be complete.
Q2) The warehouse is responsible for updating the inventory subsidiary ledger. A)True B)False
Q3) What are the key segregation of duties related to computer programs that process accounting transactions.
Q4) The printer ran out of preprinted sales invoice forms and several sales invoices were not printed.The best internal control to detect this error is A) a batch total of sales invoices to be prepared compared to the actual number of sales invoices prepared
B) sequentially numbered sales invoices
C) visual verification that all sales invoices were prepared
D) none of the above will detect this error
Q5) What specific internal control procedure would prevent an increase in sales returns since salesmen were placed on commission?
Q6) How is independent verification carried out in a manual revenue system?
Q7) What is the purpose(s)of the stock release document?
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
144 Verified Questions
144 Flashcards
Source URL: https://quizplus.com/quiz/5821
Sample Questions
Q1) What are the key authorization issues in purchasing and cash disbursements?
Q2) What is(are)the purpose(s)of maintaining a valid vendor file?
Q3) What is the purpose of a receiving report?
Q4) When a cash disbursement in payment of an accounts payable is recorded
A) the liability account is increased
B) the income statement is changed
C) the cash account is unchanged
D) the liability account is decreased
Q5) The receiving report is prepared by the vendor to provide evidence that the purchase order was received.
A)True
B)False
Q6) Why should the copy of a purchase order,which is sent to receiving,be a "blind" copy?
Q7) Accounting records that provide the audit trail for payroll include all of the following except
A) time cards
B) job tickets
C) payroll register
D) accounts payable register
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
85 Verified Questions
85 Flashcards
Source URL: https://quizplus.com/quiz/5822
Sample Questions
Q1) What fraud detection responsibilities (if any)are imposed on auditors by the Sarbanes-Oxley Act?
Q2) Computer programs are intellectual property.
A)True
B)False
Q3) Cash larceny involves stealing cash from an organization before it is recorded on the organization's books and records.
A)True
B)False
Q4) Explain why collusion between employees and management in the commission of a fraud is difficult to both prevent and detect.
Q5) The fraud triangle represents a geographic area in Southeast Asia where international fraud is prevalent.
A)True
B)False
Q6) According to common law,there are five conditions that must be present for an act to be deemed fraudulent.Name and explain each.
Q7) Explain the problems associated with lack of director independence
Page 14
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
92 Verified Questions
92 Flashcards
Source URL: https://quizplus.com/quiz/5823
Sample Questions
Q1) What is the "Big-Bang" approach?
Q2) What are the basic stages of the data warehousing process?
Q3) In two-tier architecture,the database and application functions are separated.
A)True
B)False
Q4) Data in a data warehouse are in a stable state.Explain how this can hamper data mining analysis? What can an organization do to alleviate this problem?
Q5) The primary goal of installing an ERP system is achieving business process reengineering to improve customer service,reduce production time,increase productivity,and improve decision-making.
A)True
B)False
Q6) Which of the following is usually not part of an ERP's core applications?
A) OLTP applications
B) sales and distribution applications
C) business planning applications
D) OLAP applications
Q7) What is the client-server model?
Q8) Why does data need to be "cleansed"?
To view all questions and flashcards with answers, click on the resource link above. Page 15