IT Risk Management Exam Questions
Course Introduction
IT Risk Management introduces students to the principles and practices essential for identifying, assessing, and mitigating risks in information technology environments. The course covers key topics such as risk assessment methodologies, regulatory compliance, threat modeling, and the development of risk management frameworks. Students will explore various tools and techniques used to address vulnerabilities, protect assets, and ensure business continuity. Case studies and practical exercises provide real-world context for evaluating risks and developing strategic responses. Upon completion, students will have the skills to implement effective IT risk management processes within organizations to minimize potential impacts on operations and information security.
Recommended Textbook
Information Technology Auditing 3rd Edition by James A. Hall
Available Study Resources on Quizplus 12 Chapters
1295 Verified Questions
1295 Flashcards
Source URL: https://quizplus.com/study-set/351
Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
103 Verified Questions
103 Flashcards
Source URL: https://quizplus.com/quiz/5812
Sample Questions
Q1) Approving a price reduction because goods are damaged is an example of __________________________.
Answer: specific authorization
Q2) Segregation of duties is an example of an internal control procedure. A)True B)False
Answer: True
Q3) The Sarbanes-Oxley Act contains many sections.Which sections are the focus of this chapter?
Answer: The chapter concentrates on internal control and audit responsibilities pursuant to Sections 302 and 404.
Q4) Explain the purpose of the PCAOB.
Answer: The Sarbanes-Oxley Act creates a Public Company Accounting Oversight Board (PCAOB).The PCAOB is empowered to set auditing,quality control,and ethics standards,to inspect registered accounting firms,to conduct investigations,and to take disciplinary actions.
Q5) The text describes six internal control activities.List four of them and provide a specific example of each one.
Answer: 11ea1661_98c5_7eab_8def_0da0c74dc5ab_TB2116_00
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
99 Verified Questions
99 Flashcards
Source URL: https://quizplus.com/quiz/5813
Sample Questions
Q1) All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except
A) inspection of the second site backup
B) analysis of the fire detection system at the primary site
C) review of the critical applications list
D) composition of the disaster recovery team
Answer: B
Q2) In a computer-based information system,which of the following duties needs to be separated?
A) program coding from program operations
B) program operations from program maintenance
C) program maintenance from program coding
D) all of the above duties should be separated
Answer: D
Q3) Which of the following is not an essential feature of a disaster recovery plan?
A) off-site storage of backups
B) computer services function
C) second site backup
D) critical applications identified
Answer: B
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Security Part I: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5814
Sample Questions
Q1) All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except
A) verifying that only authorized software is used on company computers
B) reviewing system maintenance records
C) confirming that antivirus software is in use
D) examining the password policy including a review of the authority table
Answer: B
Q2) A star topology is appropriate
A) for a wide area network with a mainframe for a central computer
B) for centralized databases only
C) for environments where network nodes routinely communicate with each other
D) when the central database does not have to be concurrent with the nodes
Answer: A
Q3) Which of the following deal with transaction legitimacy?
A) transaction authorization and validation
B) access controls
C) EDI audit trail
D) all of the above
Answer: D
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: IT Security Part II: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
101 Verified Questions
101 Flashcards
Source URL: https://quizplus.com/quiz/5815
Sample Questions
Q1) Subschemas are used to authorize user access privileges to specific data elements. A)True
B)False
Q2) Data concurrency
A) is a security issue in partitioned databases
B) is implemented using timestamping
C) may result in data lockout
D) occurs when a deadlock is triggered.
Q3) A recovery module suspends all data processing while the system reconciles its journal files against the database.
A)True
B)False
Q4) Describe two tests of controls that would provide evidence that the database management system is protected against unauthorized access attempts.
Q5) Ownership of data in traditional legacy systems often leads to data redundancy.This in turn leads to several data management problems.What are they? How does the database approach solve them?
Q6) The __________________________ authorizes access to the database.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/5816
Sample Questions
Q1) Explain why the Systems Development Life Cycle is of interest to accountants.What is the accountant's role in the Systems Development Life Cycle?
Q2) Project feasibility includes all of the following except A) technical feasibility
B) conceptual feasibility
C) operational feasibility
D) schedule feasibility
Q3) The testing of individual program modules is a part of
A) software acquisition costs
B) systems design costs
C) data conversion costs
D) programming costs
Q4) Project planning includes all of the following except
A) specifying system objectives
B) preparing a formal project proposal
C) selecting hardware vendors
D) producing a project schedule
Q5) List three advantages and one disadvantage of commercial software.
Q7) What is a systems selection report? Page 7
Q6) Outline the six controllable activities that relate to new systems development
To view all questions and flashcards with answers, click on the resource link above.
Page 8
Chapter 6: Overview of Transaction Processing and Financial Reporting Systems
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5817
Sample Questions
Q1) Most organizations have replaced the general journal with a _______________________________.
Q2) In contrast to a real-time system,in a batch processing system
A) there is a lag between the time when the economic event occurs and the financial records are updated
B) relatively more resources are required
C) a greater resource commitment per unit of output is required
D) processing takes place when the economic event occurs
Q3) The order of the entries made in the ledger is by A) transaction number
B) account number
C) date
D) user
Q4) Give one advantages of real-time data collection.
Q5) A control account is a general ledger account which is supported by a subsidiary ledger.
A)True
B)False
Q7) Explain when it is appropriate to use special journals. Page 9
Q6) Give a specific example of a turn-around document.
To view all questions and flashcards with answers, click on the resource link above.
Page 10
Chapter 7: Computer-Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/5818
Sample Questions
Q1) After data is entered into the system,it is processed.Processing control exists to make sure that the correct things happen during processing.Discuss processing controls.
Q2) Input controls are programmed procedures that perform tests on master file data to ensure they are free from errors.
A)True
B)False
Q3) How does privacy relate to output control?
Q4) When auditors do not rely on a detailed knowledge of the application's internal logic,they are performing
A) black box tests of program controls
B) white box tests of program controls
C) substantive testing
D) intuitive testing
Q5) Which test is not an example of a white box test?
A) determining the fair value of inventory
B) ensuring that passwords are valid
C) verifying that all pay rates are within a specified range
D) reconciling control totals
Q6) What are the three categories of processing control?
11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Data Structures and CAATTs for Data Extraction
Available Study Resources on Quizplus for this Chatper
89 Verified Questions
89 Flashcards
Source URL: https://quizplus.com/quiz/5819
Sample Questions
Q1) Which of the following statements is not true?
A)Indexed random files are dispersed throughout the storage device without regard for physical proximity with related records.
B)Indexed random files use disk storage space efficiently.
C)Indexed random files are efficient when processing a large portion of a file at one time.
D)Indexed random files are easy to maintain in terms of adding records.
Q2) How does the embedded audit module support the auditor?
Q3) A customer name and an unpaid balance is an example of a one-to-many relationship.
A)True
B)False
Q4) Explain how a hashing structure works and why it is quicker than using an index.Give an example.If it so much faster,why isn't it used exclusively?
Q5) What is a transitive dependency?
Q6) How does the database approach solve the problem of data redundancy?
Q7) Explain the following three types of pointers: physical address pointer,relative address pointer,and logical key pointer.
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/5820
Sample Questions
Q1) State two specific functions or jobs that should be segregated in the cash receipts system.
Q2) Which journal is not used in the revenue cycle?
A) cash receipts journal
B) sales journal
C) purchases journal
D) general journal
Q3) Internal controls for handling sales returns and allowances do not include
A) computing bad debt expense using the percentage of credit sales
B) verifying that the goods have been returned
C) authorizing the credit memo by management
D) using the original sales invoice to prepare the sales returns slip
Q4) What is the purpose of the credit memo?
Q5) Another name for the stock release form is the picking ticket.
A)True
B)False
Q6) For each of the following documents,describe its purpose,the functional area preparing it,and the key data included: sales order,bill of lading,credit memo.
Q7) What is a bill of lading?
Page 13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
144 Verified Questions
144 Flashcards
Source URL: https://quizplus.com/quiz/5821
Sample Questions
Q1) Which department is responsible for approving changes in pay rates for employees?
A) payroll
B) treasurer
C) personnel
D) cash disbursements
Q2) What is the purpose of the purchase order?
Q3) A major risk exposure in the expenditure cycle is that accounts payable may be overstated at the end of the accounting year.
A)True
B)False
Q4) Why should the copy of a purchase order,which is sent to receiving,be a "blind" copy?
Q5) Before authorizing payment for goods purchased,accounts payable reconciles three documents related to the purchase.Name them and explain what each indicates.What control area of SAS 78 is being addressed?
Q6) What are the key segregation of duties issues in purchasing and cash disbursements?
Q7) Outline the key steps taken in the purchasing system?
Page 14
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
85 Verified Questions
85 Flashcards
Source URL: https://quizplus.com/quiz/5822
Sample Questions
Q1) Computer programs are intellectual property.
A)True
B)False
Q2) Business ethics involves
A) how managers decide on what is right in conducting business
B) how managers achieve what they decide is right for the business
C) both a and b
D) none of the above
Q3) Four principal types of corruption are discussed.Name all four and explain at least two.
Q4) Copyright laws and computer industry standards have been developed jointly and rarely conflict.
A)True
B)False
Q5) What is scavenging?
Q6) The trend toward distributed data processing increases the exposure to fraud from remote locations.
A)True
B)False
Q7) Explain the pass through fraud.
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
92 Verified Questions
92 Flashcards
Source URL: https://quizplus.com/quiz/5823
Sample Questions
Q1) What is the closed database architecture?
Q2) Organizations using ERP systems employ an internal control tool called a role. A)True
B)False
Q3) Define the term "core applications" and give some examples.
Q4) The primary goal of installing an ERP system is achieving business process reengineering to improve customer service,reduce production time,increase productivity,and improve decision-making.
A)True
B)False
Q5) How are OLTP and OLAP different? Give examples of their use.
Q6) Data warehousing processes does not include
A) modeling data
B) condensing data
C) extracting data
D) transforming data
Q7) The role model assigns specific access privileges directly to individuals.
A)True
B)False
Q8) Why does data need to be "cleansed"?
To view all questions and flashcards with answers, click on the resource link above. Page 16