Risk Management in Information Systems
Test Questions
Course Introduction
This course explores the principles and practices of risk management as applied to information systems. Students will learn to identify, assess, and mitigate risks associated with the use, processing, storage, and transmission of information in both private and public sector organizations. Topics include threat and vulnerability analysis, risk assessment methodologies, legal and regulatory requirements, security policies, business continuity planning, and incident response. Emphasis is placed on understanding risk management frameworks, implementing effective controls, and aligning information security strategies with organizational objectives to ensure the confidentiality, integrity, and availability of critical information assets.
Recommended Textbook
Information Technology Auditing 3rd Edition by James A. Hall
Available Study Resources on Quizplus
12 Chapters
1295 Verified Questions
1295 Flashcards
Source URL: https://quizplus.com/study-set/351 Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
103 Verified Questions
103 Flashcards
Source URL: https://quizplus.com/quiz/5812
Sample Questions
Q1) Distinguish between errors and irregularities.Which do you think concern the auditors the most?
Answer: Errors are unintentional mistakes; while irregularities are intentional misrepresentations to perpetrate a fraud or mislead the users of financial statements.Errors are a concern if they are numerous or sizable enough to cause the financial statements to be materially misstated.Processes which involve human actions will contain some amount of human error.Computer processes should only contain errors if the programs are erroneous,or if systems operating procedures are not being closely and competently followed.Errors are typically much easier to uncover than misrepresentations,thus auditors typically are more concerned whether they have uncovered any and all irregularities.
Q2) Approving a price reduction because goods are damaged is an example of
Answer: specific authorization
Q3) IT auditing is a small part of most external and internal audits.
A)True
B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above.
3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
99 Verified Questions
99 Flashcards
Source URL: https://quizplus.com/quiz/5813
Sample Questions
Q1) The least important item to store off-site in case of an emergency is
A) backups of systems software
B) backups of application software
C) documentation and blank forms
D) results of the latest test of the disaster recovery program
Answer: D
Q2) A widespread natural disaster is a risk associated with a ROC.
A)True
B)False
Answer: True
Q3) Which organizational structure is most likely to result in good documentation procedures?
A) separate systems development from systems maintenance
B) separate systems analysis from application programming
C) separate systems development from data processing
D) separate database administrator from data processing
Answer: A
Q4) What exposures do data consolidation in a CBIS environment pose?
Answer: In a CBIS environment,data consolidation exposes the data to computer fraud and losses from disaster.
Page 4
To view all questions and flashcards with answers, click on the resource link above.
Chapter 3: Security Part I: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5814
Sample Questions
Q1) Briefly define an operating system.
Answer: An integrated group of programs that supports the applications and facilitates their access to specified resources.
Q2) Explain a Distributed Denial of Service Attack.
Answer: A distributed denial of service (DDoS)attack may take the form of a SYN flood or smurf attack.The distinguishing feature of the DDoS is the sheer scope of the event.The perpetrator of a DDoS attack may employ a virtual army of so-called zombie or bot (robot)computers to launch the attack.Since vast numbers of unsuspecting intermediaries are needed,the attack often involves one or more Internet Relay Chat (IRC)networks as a source of zombies.The perpetrator accesses the IRC and uploads a malicious program such as a Trojan horse,which contains DDoS attack script.This program is subsequently downloaded to the PCs of the many thousands of people who visit the IRC site.The attack program runs in the background on the new zombie computers,which are now under the control of the perpetrator.Via the zombie control program the perpetrator can direct the DDoS to specific victims and turn on or off the attack at will.
Q3) What can be done to defeat a DDoS Attack?
Answer: Intrusion Prevention Systems (IPS)that employ deep packet inspection (DPI)are a countermeasure to DDoS attacks.
Page 5
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: IT Security Part II: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
101 Verified Questions
101 Flashcards
Source URL: https://quizplus.com/quiz/5815
Sample Questions
Q1) Which of the following is not a responsibility of the database management system?
A) provide an interface between the users and the physical database
B) provide security against a natural disaster
C) ensure that the internal schema and external schema are consistent
D) authorize access to portions of the database
Q2) In the relational database model
A) relationships are explicit
B) the user perceives that files are linked using pointers
C) data is represented on two-dimensional tables
D) data is represented as a tree structure
Q3) All of the following are advantages of a partitioned database except
A) increased user control by having the data stored locally
B) deadlocks are eliminated
C) transaction processing response time is improved
D) partitioning can reduce losses in case of disaster
Q4) In the relational model,a data element is called a relation.
A)True
B)False
Q5) The conceptual view of the database is often called ____________________.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/5816
Sample Questions
Q1) System documentation is designed for all of the following groups except A) systems designers and programmers
B) end users
C) accountants
D) all of the above require systems documentation
Q2) What are two purposes of the systems project proposal?
Q3) Define the feasibility measures that should be considered during project analysis and give an example of each.
Q4) During the detailed feasibility study of the project,the systems professional who proposed the project should be involved in performing the study.
A)True
B)False
Q5) Discuss the advantages and disadvantages of the three methods of converting to a new system: cold turkey cutover,phased cutover,and parallel operation cutover.
Q6) New system development activity controls must focus on the authorization,development,and implementation of new systems and its maintenance.Discuss at least five control activities that are found in an effective system development life cycle.
Page 7
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Overview of Transaction Processing and Financial Reporting Systems
Available Study Resources on Quizplus for this Chatper
143 Verified Questions
143 Flashcards
Source URL: https://quizplus.com/quiz/5817
Sample Questions
Q1) The most important advantage of an alphabetic code is that A) meaning is readily conveyed to users
B) sorting is simplified
C) the capacity to represent items is increased
D) missing documents can be identified
Q2) Why is the audit trail important?
Q3) Batch processing is best used when timely information is needed because this method processes data efficiently.
A)True
B)False
Q4) Auditors may prepare program flowcharts to verify the correctness of program logic.
A)True
B)False
Q5) Is a flowchart an effective documentation technique for identifying who or what performs a particular task? Explain.
Q6) What is XML?
Q7) Give a specific example of a turn-around document.
Q8) What is destructive update?
Q9) For what purpose are ER diagrams used? Page 8
To view all questions and flashcards with answers, click on the resource link above.
Page 9
Chapter 7: Computer-Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/5818
Sample Questions
Q1) Which test is not an example of a white box test?
A) determining the fair value of inventory
B) ensuring that passwords are valid
C) verifying that all pay rates are within a specified range
D) reconciling control totals
Q2) If all of the inputs have been validated before processing,then what purpose do run-to-run controls serve?
Q3) The password was "CANARY"; the employee entered "CAANARY." Which control will detect this error?
Q4) When using the test data method,the presence of multiple error messages indicates a flaw in the preparation of test transactions.
A)True
B)False
Q5) What is meant by auditing around the computer versus auditing through the computer? Why is this so important?
Q6) Name four input controls and describe what they test
Q7) Explain the three methods used to correct errors in data entry.
Q8) Describe two types of transposition error
Q9) How does privacy relate to output control?
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 8: Data Structures and CAATTs for Data Extraction
Available Study Resources on Quizplus for this Chatper
89 Verified Questions
89 Flashcards
Source URL: https://quizplus.com/quiz/5819
Sample Questions
Q1) Explain the three types of anomalies associated with database tables that have not been normalized.
Q2) A customer name and an unpaid balance is an example of a one-to-many relationship.
A)True
B)False
Q3) What are the three physical components of a VSAM file?
Q4) Comment on the following statement: "Legacy systems use flat file structures."
Q5) What are the key control implications of the absence of database normalization?
Q6) VSAM file structures are most effective where rapid access to individual records is a priority need.
A)True
B)False
Q7) EAM's allow auditors to identify significant transactions for substantive testing. A)True
B)False
Q8) Explain the following three types of pointers: physical address pointer,relative address pointer,and logical key pointer.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/5820
Sample Questions
Q1) What is the role of the shipping notice?
Q2) The customer open order file is used to A) respond to customer queries
B) fill the customer order
C) ship the customer order
D) authorize customer credit
Q3) Warehouse stock records are the formal accounting records for inventory.
A)True
B)False
Q4) What features of a reengineered cash receipts system contribute to improved control and reduced costs? What complicates the process?
Q5) The warehouse is responsible for updating the inventory subsidiary ledger. A)True
B)False
Q6) In most large organizations,the journal voucher file has replaced the formal general journal.
A)True
B)False
Q7) How is EDI more than technology? What unique control problems may it pose?
Q8) What is the purpose(s)of the stock release document?
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
144 Verified Questions
144 Flashcards
Source URL: https://quizplus.com/quiz/5821
Sample Questions
Q1) Most payroll systems for mid-size firms use real-time data processing.
A)True
B)False
Q2) The financial value of a purchase is determined by reviewing the A) packing slip
B) purchase requisition
C) receiving report
D) supplier's invoice
Q3) The major risk exposures associated with the receiving department include all of the following except
A) goods are accepted without a physical count
B) there is no inspection for goods damaged in shipment
C) inventories are not secured on the receiving dock
D) the audit trail is destroyed
Q4) What general ledger journal entries are triggered by the purchases system? From which departments do these journal entries arise?
Q5) What is a personnel action form?
Q6) What is a blind copy of a purchase order and what is its purpose?
Q7) What is the principle objective of the cash disbursement system?
Page 13
Q8) What is the purpose of the purchase requisition?
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
85 Verified Questions
85 Flashcards
Source URL: https://quizplus.com/quiz/5822
Sample Questions
Q1) Skimming involves
A) stealing cash from an organization before it is recorded
B) Stealing cash from an organization after it has been recorded
C) manufacturing false purchase orders, receiving reports, and invoices
D) A clerk pays a vendor twice for the same products and cashes the reimbursement check issued by the vendor.
Q2) For an action to be called fraudulent,all of the following conditions are required except
A) poor judgment
B) false representation
C) intent to deceive
D) injury or loss
Q3) Business ethics involves
A) how managers decide on what is right in conducting business
B) how managers achieve what they decide is right for the business
C) both a and b
D) none of the above
Q4) Why are the computer ethics issues of privacy,security,and property ownership of interest to accountants?
Q5) Distinguish between exposure and risk.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
92 Verified Questions
92 Flashcards
Source URL: https://quizplus.com/quiz/5823
Sample Questions
Q1) Data entered into the data warehouse must be normalized.
A)True
B)False
Q2) The implementation of an ERP creates an environment with a single point of failure,which places the organization at risk.
A)True
B)False
Q3) Data warehousing processes does not include
A) modeling data
B) condensing data
C) extracting data
D) transforming data
Q4) Separating the data warehouse from the operations databases occurs for all of the following reasons except
A) to make the management of the databases more economical
B) to increase the efficiency of data mining processes
C) to integrate legacy system data into a form that permits entity-wide analysis
D) to permit the integration of data from diverse sources
Q5) Why must a data warehouse include both detail and summary data?
Q6) What is SCM software?
To view all questions and flashcards with answers, click on the resource link above. Page 15