Information Systems Auditing Review Questions
Course Introduction
Information Systems Auditing focuses on the principles, practices, and methodologies involved in evaluating and ensuring the integrity, confidentiality, and availability of information systems within organizations. The course covers key topics such as audit planning, risk assessment, internal controls, compliance with legal and regulatory requirements, and the use of technology in auditing processes. Students will learn to assess information system vulnerabilities, evaluate the effectiveness of security measures, and provide recommendations for strengthening controls. Through case studies and real-world scenarios, participants gain practical skills in conducting audits, analyzing system risks, and preparing audit reports to support organizational governance and accountability.
Recommended Textbook
Information Technology Auditing 3rd Edition by James A. Hall
Available Study Resources on Quizplus 12 Chapters
1295 Verified Questions
1295 Flashcards
Source URL: https://quizplus.com/study-set/351
Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
103 Verified Questions
103 Flashcards
Source URL: https://quizplus.com/quiz/5812
Sample Questions
Q1) IT auditing is a small part of most external and internal audits.
A)True
B)False
Answer: False
Q2) Segregation of duties is an example of an internal control procedure.
A)True
B)False
Answer: True
Q3) An accounting system that maintains an adequate audit trail is implementing which internal control procedure?
A) access controls
B) segregation of functions
C) independent verification
D) accounting records
Answer: D
Q4) Not permitting the computer programmer to enter the computer room is an example of _______________________________.
Answer: segregation of duties
Q5) Locking petty cash in a safe is an example of __________________________. Answer: access controls
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
99 Verified Questions
99 Flashcards
Source URL: https://quizplus.com/quiz/5813
Sample Questions
Q1) An advantage of distributed data processing is that individual end user groups set specific IT standards without concern for the broader corporate needs.
A)True
B)False
Answer: False
Q2) Describe the components of a disaster recovery plan.
Answer: Every disaster recovery plan should: designate a second site backup identify critical applications perform backup and off-site storage procedures create a disaster recovery team test the disaster recovery plan
Q3) Briefly explain the core-competency theory.
Answer: Core competency theory argues that an organization should focus exclusively on its core business competencies,while allowing outsourcing vendors to efficiently manage the non-core areas such as the IT functions.
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Security Part I: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5814
Sample Questions
Q1) The standard format for an e-mail address is DOMAIN NAME@USER NAME. A)True
B)False Answer: False
Q2) A smurf attack involves three participants: a zombie,an intermediary,and the victim.
A)True
B)False
Answer: False
Q3) IP spoofing is a form of masquerading to gain unauthorized access to a Web server.
A)True
B)False Answer: True
Q4) The message authentication code is calculated by the sender and the receiver of a data transmission.
A)True
B)False Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: IT Security Part II: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
101 Verified Questions
101 Flashcards
Source URL: https://quizplus.com/quiz/5815
Sample Questions
Q1) _________________________ occurs when a specific file is reproduced for each user who needs access to the file.
Q2) How does the database approach solve the problem of data redundancy?
Q3) A recovery module suspends all data processing while the system reconciles its journal files against the database.
A)True
B)False
Q4) Ownership of data in traditional legacy systems often leads to data redundancy.This in turn leads to several data management problems.What are they? How does the database approach solve them?
Q5) What are the four primary elements of the database approach?
Q6) Which procedure will prevent two end users from accessing the same data element at the same time?
A) data redundancy
B) data replication
C) data lockout
D) none of the above
Q7) Describe an environment in which a firm should use a partitioned database.
Q8) What is DML?
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/5816
Sample Questions
Q1) Evaluators of the detailed feasibility study should not include
A) the internal auditor
B) the project manager
C) a user representative
D) the system designer
Q2) Explain the five stages of the systems development life cycle?
Q3) Routine maintenance activities require all of the following controls except
A) documentation updates
B) testing
C) formal authorization
D) internal audit approval
Q4) One-time costs include operating and maintenance costs.
A)True
B)False
Q5) A tangible benefit
A) can be measured and expressed in financial terms
B) might increase revenues
C) might decrease costs
D) all of the above
Q6) Outline the six controllable activities that relate to new systems development Page 7
To view all questions and flashcards with answers, click on the resource link above.
Page 8
Chapter 6: Overview of Transaction Processing and Financial Reporting Systems
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5817
Sample Questions
Q1) Operational inefficiencies occur because
A) accounts both common and unique to many concurrent transactions need to be updated in real time.
B) accounts common to many concurrent transactions need to be updated in real time.
C) accounts unique to many concurrent transactions need to be updated in real time.
D) None of the above are true statements
Q2) . Explain two types of coding schemes and give examples of their use.
Q3) The type of transaction most suitable for batch processing is
A) airline reservations
B) credit authorization
C) payroll processing
D) adjustments to perpetual inventory
Q4) All of the following can provide evidence of an economic event except A) source document
B) turn-around document
C) master document
D) product document
Q5) How are computer system flowcharts and program flowcharts related?
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 7: Computer-Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/5818
Sample Questions
Q1) What control issue is related to reentering corrected error records into a batch processing system? What are the two methods for doing this?
Q2) The results of a parallel simulation are compared to the results of a production run in order to judge the quality of the application processes and controls.
A)True
B)False
Q3) The black box approach to testing computer applications require a detailed knowledge of the the program logic being tested.
A)True
B)False
Q4) The white box tests of program controls are also known as auditing through the computer.
A)True
B)False
Q5) In a computerized environment,all input controls are implemented after data is input.
A)True B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 8: Data Structures and CAATTs for Data Extraction
Available Study Resources on Quizplus for this Chatper
89 Verified Questions
89 Flashcards
Source URL: https://quizplus.com/quiz/5819
Sample Questions
Q1) The two fundamental components of data structures are organization and access method.
A)True
B)False
Q2) A table is in third normal form when it is A) free of repeating group data
B) free of transitive dependencies
C) free of partial dependencies
D) free of deletion anomalies
E) none of the above.
Q3) When is a table in third normal form (3NF)?
Q4) Explain the three types of anomalies associated with database tables that have not been normalized.
Q5) Outline some of the key advantages of GAS.
GAS allows auditors to access electronically coded data files of their clients,both simple and complex structures,and to perform various operations on their contents.GAS is popular for the following reasons:
Q6) A network model does not allow children files to have multiple parent files.
A)True
B)False
11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/5820
Sample Questions
Q1) What are the key segregation of duties related to computer programs that process accounting transactions.
Q2) State two specific functions or jobs that should be segregated in the cash receipts system.
Q3) Which situation indicates a weak internal control structure?
A) the mailroom clerk authorizes credit memos
B) the record keeping clerk maintains both accounts receivable and accounts payable subsidiary ledgers
C) the warehouse clerk obtains a signature before releasing goods for shipment
D) the accounts receivable clerk prepares customer statements every month
Q4) Which document is included with a shipment sent to a customer?
A) sales invoice
B) stock release form
C) packing slip
D) shipping notice
Q5) A clerk embezzles customer payments on account and covers up the theft by making an adjustment to the accounts receivable ledger.Describe a specific internal control procedure that would prevent this fraud.
Q6) What is automation and why is it used?
12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
144 Verified Questions
144 Flashcards
Source URL: https://quizplus.com/quiz/5821
Sample Questions
Q1) Timekeeping is part of the personnel function.
A)True
B)False
Q2) Authorization for a cash disbursement occurs in the cash disbursement department upon receipt of the supplier's invoice.
A)True
B)False
Q3) Which of the following situations represents a serious control weakness?
A) Timekeeping is independent of the payroll department.
B) Paychecks are distributed by the employees immediate supervisor.
C) Time cards are reconciled with job tickets.
D) Personnel is responsible for updating employee records, including creation of records for new hires.
Q4) Permitting warehouse staff to maintain the only inventory records violates separation of duties.
A)True
B)False
Q5) What is a personnel action form?
Q6) Differentiate between a purchase requisition and a purchase order.
Q7) Outline the key steps taken in the purchasing system?
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
85 Verified Questions
85 Flashcards
Source URL: https://quizplus.com/quiz/5822
Sample Questions
Q1) Defalcation is another word for financial fraud.
A)True
B)False
Q2) When certain customers made cash payments to reduce their accounts receivable,the bookkeeper embezzled the cash and wrote off the accounts as uncollectible.Which control procedure would most likely prevent this irregularity?
A) segregation of duties
B) accounting records
C) accounting system
D) access controls
Q3) According to common law,there are five conditions that must be present for an act to be deemed fraudulent.Name and explain each.
Q4) What fraud detection responsibilities (if any)are imposed on auditors by the Sarbanes-Oxley Act?
Q5) Explain the problems associated with inappropriate accounting practices.
Q6) What is scavenging?
Q7) Describe the factors that constitute the fraud triangle.Why is it important to auditors?
Q8) What is check tampering?
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
92 Verified Questions
92 Flashcards
Source URL: https://quizplus.com/quiz/5823
Sample Questions
Q1) If a chosen ERP cannot handle a specific company process bolt-on software may be available.
A)True
B)False
Q2) The primary goal of installing an ERP system is achieving business process reengineering to improve customer service,reduce production time,increase productivity,and improve decision-making.
A)True
B)False
Q3) What is the client-server model?
Q4) Why must an organization expect the implementation of an ERP to disrupt operations?
Q5) OLAP includes decision support,modeling,information retrieval,and what-if analysis. A)True B)False
Q6) What is the "Big-Bang" approach?
Q7) Why does the data warehouse need to be separate from the operational databases?
Q8) How are OLTP and OLAP different? Give examples of their use.
Q9) How can a firm acquire bolt-on software? What are the options? Page 15
To view all questions and flashcards with answers, click on the resource link above.
Page 16