The document contains a list of multiple choice questions related to information systems auditing. The questions cover topics such as audit techniques, risk-based auditing, audit objectives, audit charters, evaluating controls, and audit reporting.

1. Domain-1
1. Whichtechnique wouldbesttestforexistence of dual control whenauditingthe wire
transfersystemsof a Bank?
a. Analysisof transactionlogs
b. Re-performance
c. Observations
d. Interviewingpersonnel
2. In a risk-basedISAudit,wherebothinherentand control riskhave beenassessedashigh,an
IS Auditorwouldmostlikelycompensate forthisscenariobyperformingadditional:
a. Stop-or-go-sampling
b. Substantive testing
c. Compliance testing
d. Discoverysampling
3. The primaryobjective of the auditinitiationmeetingwithanISAuditclientisto:
a. Discussthe scope of the audit
b. Identifyresource requirementsof the audit
c. Selectthe methodologyof the audit
d. Reviewrequestedevidenceprovidedbythe auditclient
4. The primarypurpose of the ISAuditcharter isto:
a. Create and detail the organizationstructure of the auditdepartmentwithinacompany
b. Illustrate the reportingresponsibilitiesof the ISauditfunctiontothe boardof directors
c. Detail the auditprocessesandproceduresperformedbythe ISAuditdepartment
d. Outline the responsibilityandauthorityof the ISAuditfunction.
5. Whichof the followingchoicesismostimportantforanIS Auditortounderstandwhen
auditingane-commerce environment?
a. The technologyarchitecture of the e-commerce environment
b. The policies,proceduresandpracticesthatformthe internal control environment
c. The nature andcriticalityof the businessprocesssupportedbythe e-commerce
application
d. Continuousmonitoringof control measuresforsystemavailabilityandreliability
6. Duringan IS Audit,whatisthe bestway foran IS Auditorto evaluate the implementationof
segregationof dutieswithinanITdepartment?
a. Discussitwiththe IT managers
b. Reviewthe jobdescriptionsof the ITfunctions
c. ResearchpastIS Auditreports
d. Evaluate the organizational structure.
7. A financial institutionwithmultiple branchofficeshasanautomatedcontrol thatrequires
the branch managerto approve transactionsmore thana certainamount.What type of
auditcontrol is this?
a. Detective
b. Preventive
c. Corrective
d. Directive
8. Duringthe course of an applicationsoftware review,anISauditoridentifiedminor
weaknessesinarelevantdatabase environmentthatisoutof scope forthe audit.The best
optionisto:
a. Include areviewof the database controlsaspart of the scope

2. b. Documentforfuture review
c. Work withdatabase administratorstocorrectthe issue
d. Formallyreportthe weaknessesasobserved.
9. A central antivirus systemdetermineswhethereachpersonal computerhasthe latest
signature filesandinstallsthe latestsignature filesbeforeallowingaPCto connectto the
network.Thisisan example of a:
a. Directive control
b. Corrective control
c. Compensatingcontrol
d. Detective control
10. Due to resource constraintsof the IS Auditteam, the auditplanas originally approved
cannot be completed.Assumingthatthe change incircumstancesiscommunicatedinthe
auditreport,whichcourse of action ismost acceptable?
a. Testthe adequacyof control design
b. Testthe operational effectivenessof controls
c. Focuson auditinghigh-riskareas
d. Relyonmanagementtestingof controls.
11. Whichof the followingchoicesbestensuresthe effectivenessof controlsrelatedtointerest
calculationinsideanaccountingsystem?
a. Re-performance
b. Processwalkthrough
c. Observation
d. Documentationreview
12. Whichof the followingchoiceswouldbe the bestsource of informationwhendevelopinga
risk-basedauditplan?
a. Processownersidentifykeycontrols
b. Systemcustodiansidentifyvulnerabilities
c. Peerauditorsunderstandpreviousauditresults
d. Seniormanagementidentifykeybusinessprocesses.
13. While auditingathird-partyservice provider,anISauditordiscoveredthataccessreviews
were notbeingperformedasrequiredbythe contract.The IS auditorshould:
a. Reportthe issue toIT management
b. Discussthe issue withthe service provider
c. Performa riskassessment
d. Performanaccess review
14. Whichof the followingisthe primaryrequirementinreportingresultsof anISaudit?The
reportis:
a. Preparedaccordingtoa predefinedandstandardtemplate
b. Backedby sufficientandappropriate auditevidence
c. Comprehensiveincoverage of enterprise processes
d. Reviewedandapprovedbyauditmanagement.
1a,2b,3a,4d,5c,6d,7,8,9b,10b,11a,12,13c,14b