Information Systems Auditing
Midterm Exam
Course Introduction
Information Systems Auditing introduces students to the concepts, principles, and techniques used to assess and ensure the integrity, confidentiality, and availability of information systems. The course covers the audit process, including planning, conducting, and reporting on audits of information systems, as well as examining internal controls, compliance with regulatory requirements, and risk management practices. Students learn to identify potential security breaches, evaluate IT governance, and recommend improvements to safeguard organizational data and assets. Practical case studies and hands-on activities are incorporated to provide real-world experience in evaluating and auditing information technology environments.
Recommended Textbook
Information Technology Auditing 4th Edition by James Hall
Available Study Resources on Quizplus
12 Chapters
1122 Verified Questions
1122 Flashcards
Source URL: https://quizplus.com/study-set/1104 Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21726
Sample Questions
Q1) A qualified opinion on management's assessment of internal controls over the financial reporting system necessitates a qualified opinion on the financial statements?
A)True
B)False
Answer: False
Q2) Which of the following is true?
A) In the CBIS environment, auditors gather evidence relating only to the contents of databases, not the reliability of the computer system.
B) Conducting an audit is a systematic and logical process that applies to all forms of information systems.
C) Substantive tests establish whether internal controls are functioning properly.
D) IT auditors prepare the audit report if the system is computerized.
Answer: B
Q3) Segregation of duties is an example of an internal control procedure.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 3: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/21728
Sample Questions
Q1) A formal log-on procedure is the operating system's first line of defense. Explain how this works.
Answer: When the user logs on, he or she is presented with a dialog box requesting the user's ID and password. The system compares the ID and password to a database of valid users. If the system finds a match, then the log-on attempt is authenticated. If, however, the password or ID is entered incorrectly, the log-on attempt fails and a message is returned to the user. The message should not reveal whether the password or the ID caused the failure. The system should allow the user to reenter the log-on information. After a specified number of attempts (usually no more than five), the system should lock out the user from the system.
Q2) List three methods of controlling unauthorized access to telecommunication messages.
Answer: call-back devices, data encryption, message sequence numbering, message authentication codes, message transaction logs, and request-response technique
Q3) Polling is one technique used to control data collisions.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21729
Sample Questions
Q1) All of the following tests of controls will provide evidence that access to the data files is limited except
A) inspecting biometric controls
B) reconciling program version numbers
C) comparing job descriptions with access privileges stored in the authority table
D) attempting to retrieve unauthorized data via inference queries
Q2) An important feature associated with the traditional approach to data management is the ability to produce ad hoc reports.
A)True
B)False
Q3) Users access the database
A) by direct query
B) by developing operating software
C) by constantly interacting with systems programmers
D) all of the above
Q4) What is a database lockout?
Q5) In a distributed data processing system, a database can be centralized or distributed. What are the options? Explain.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
94 Verified Questions
94 Flashcards
Source URL: https://quizplus.com/quiz/21730
Sample Questions
Q1) Routine maintenance activities require all of the following controls except A) documentation updates
B) testing
C) formal authorization
D) internal audit approval
Q2) Project feasibility includes all of the following except
A) technical feasibility
B) conceptual feasibility
C) operational feasibility
D) schedule feasibility
Q3) When preparing a cost-benefit analysis, design costs incurred in the systems planning, systems analysis and conceptual design phases of the Systems Development Life Cycle are relevant costs.
A)True
B)False
Q4) Aspects of project feasibility include all of the following except
A) technical feasibility
B) economic feasibility
C) logistic feasibility
D) schedule feasibility
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Transaction Processing and Financial Reporting
Systems Overview
Available Study Resources on Quizplus for this Chatper
98 Verified Questions
98 Flashcards
Source URL: https://quizplus.com/quiz/21731
Sample Questions
Q1) All of the following can provide evidence of an economic event except A) source document
B) turn-around document
C) master document
D) product document
Q2) How may batch processing be used to improve operational efficiency?
Q3) The most important advantage of an alphabetic code is that
A) meaning is readily conveyed to users
B) sorting is simplified
C) the capacity to represent items is increased
D) missing documents can be identified
Q4) Real-time processing would be most beneficial in handling a firm's
A) fixed asset records
B) retained earnings information
C) merchandise inventory
D) depreciation records
Q5) What information is provided by a record layout diagram?
Q6) An inverted triangle with the letter "N" represents a file in "name" order.
A)True
B)False Page 8
To view all questions and flashcards with answers, click on the resource link above.
Page 9
Chapter 7: Computer Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
82 Verified Questions
82 Flashcards
Source URL: https://quizplus.com/quiz/21732
Sample Questions
Q1) The integrated test facility (ITF) is an automated approach that permits auditors to test an application's logic and controls during its normal operation.
A)True
B)False
Q2) The employee entered "40" in the "hours worked per day" field. Which check would detect this unintentional error?
A) numeric/alphabetic data check
B) sign check
C) limit check
D) missing data check
Q3) Which of the following is an example of an input error correction technique?
A) immediate correction
B) rejection of batch
C) creation of error file
D) all are examples of input error correction techniques
Q4) Input controls are intended to detect errors in transaction data after processing.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
97 Verified Questions
97 Flashcards
Source URL: https://quizplus.com/quiz/21734
Sample Questions
Q1) Which document triggers the revenue cycle?
A) the sales order
B) the customer purchase order
C) the sales invoice
D) the journal voucher
Q2) In point of sale systems, authorization takes the form of validation of credit card charges.
A)True
B)False
Q3) The packing slip is also known as the shipping notice.
A)True
B)False
Q4) How is independent verification carried out in a manual revenue system?
Q5) A cash prelist is
A) a document that records sales returns and allowances
B) a document returned by customers with their payments
C) the source of information used to prepare monthly statements
D) none of the above
Q6) What is the purpose of the credit memo?
Q7) Describe the key tasks in the sales order process.
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21735
Sample Questions
Q1) Because of time delays between receiving inventory and making the journal entry
A) liabilities are usually understated
B) liabilities are usually overstated
C) liabilities are usually correctly stated
D) none of the above
Q2) Why should the copy of a purchase order, which is sent to receiving, be a "blind" copy?
Q3) Inventory control should be located in the warehouse.
A)True
B)False
Q4) Describe internal control procedures that would (1) detect that a vendor overcharged for goods delivered, (2) prevent payment for an invoice for goods that were never delivered and (3) prevent issuing two checks in payment of the same invoice.
Q5) Time cards are used by cost accounting to allocate direct labor charges to work in process.
A)True
B)False
Q6) Differentiate between a purchase requisition and a purchase order.
Q7) What are the steps taken in the cash disbursement system?
Page 13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
90 Verified Questions
90 Flashcards
Source URL: https://quizplus.com/quiz/21736
Sample Questions
Q1) Which statement is true?
A) ERPs are infinitely scalable.
B) Performance problems usually stem from technical problems, not business process reengineering.
C) The better ERP can handle any problems an organization can have.
D) ERP systems can be modified using bolt-on software.
Q2) Almost all ERP implementations involve an outside consultant.
A)True
B)False
Q3) Why do ERP systems need bolt-on software? Give an example.
Q4) How are OLTP and OLAP different? Give examples of their use.
Q5) Describe the two-tier client server model.
Q6) What is data mining?
Q7) Data cleansing involves all of the following except
A) filtering out or repairing invalid data
B) summarizing data for ease of extraction
C) transforming data into standard business terms
D) formatting data from legacy systems
Page 14
Q8) What is meant by the OLAP term "slicing and dicing"?
Q9) Define OLAP and give some examples.
To view all questions and flashcards with answers, click on the resource link above.
Page 15
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
84 Verified Questions
84 Flashcards
Source URL: https://quizplus.com/quiz/21737
Sample Questions
Q1) Which ethical principle states that the benefit from a decision must outweigh the risks, and that there is no alternative decision that provides the same or greater benefit with less risk?
A) minimize risk
B) justice
C) informed consent
D) proportionality
Q2) Explain the characteristics of management fraud.
Q3) __________________________ are intentional mistakes while __________________________ are unintentional mistakes.
Q4) The objective of SAS 99 is to seamlessly blend the auditor's consideration of fraud into all phases of the audit process.
A)True
B)False
Q5) Changing the Hours Worked field in an otherwise legitimate payroll transaction to increase the amount of the paycheck is an example of data collection fraud.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 16