•
Question 1
2 out of 2 points
Statement 1: The external auditor is an employee of the company being audited. Statement 2: The
internal auditor represents the interest of the general public.
Selected Answer:
Both statement are false
Answers:
Both statements are true
Both statement are false
Statement 1 is true but statement 2 is false
Statement 1 is false but statement 2 is true
•
Question 2
2 out of 2 points
Which of the following is a preventive control
Selected Answer:
Credit check before approving a sale on account
Answers:
Credit check before approving a sale on account
Bank reconciliation
Physical inventory count
Comparing the subsidiary ledger to the general ledger
•
Question 3
2 out of 2 points
It is the managementâ s responsibility to prepare the financial statements of the company
Selected Answer:
True
Answers:
True
False
•
Question 4
2 out of 2 points
The IT auditor is currently in the planning phase of the audit. Which of the following will he/she LEAST
likely consider evaluating?
Selected Answer:
Answers:
Amount of audit fee to be charged
Organizational structure
General controls of the IT infrastructure
Organizational policies
Amount of audit fee to be charged
•
Question 5
2 out of 2 points
Inherent risk
Selected
Answer:
Answers:
Is associated with the unique characteristics of the business or industry of the
client
Exists because all control structures are flawed in some ways
Is the likelihood that material misstatements exist in the financial statements of the
firm
Is the likelihood that auditor will not find material misstatements
Is associated with the unique characteristics of the business or industry of the
client
•
Question 6
2 out of 2 points
A physical inventory count at the end of the accounting period is an example of:
Selected Answer:
Detective control
Answers:
Preventive control
Detective control
Corrective control
None of the choices
•
Question 7
2 out of 2 points
Determine the correct order: (A) Substantive testing (B) Audit Planning (C) Audit Report (D) Test of
Controls.
Selected Answer:
B-D-A-C
Answers:
B-D-A-C
B-C-D-A
B-A-D-C
B-C-A-D
•
Question 8
2 out of 2 points
Which of the following types of audits focuses on the accuracy of financial information presented in
the financial statements of the company?
Selected Answer:
External audit
Answers:
External audit
IT audit
Fraud audit
Accuracy audit
•
Question 9
2 out of 2 points
The board of directors consists entirely of personal friends of the CEO. This indicates a weakness in
the:
Selected Answer:
Control environment
Answers:
Control environment
Accounting system
Control procedures
This is not a weakness
•
Question 10
2 out of 2 points
All of the following are components of the Five COSO Framework, EXCEPT:
Selected Answer:
Detective Controls
Answers:
Risk Assessment
Information and Communication
Monitoring Activities
Detective Controls
•
Question 11
2 out of 2 points
Any member of the board of directors can be part of the audit committee
Selected Answer:
Answers:
False
True
False
•
Question 12
2 out of 2 points
Which of the following suggests a weak internal control environment?
Selected
Answer:
Performance evaluations are prepared every three years
Answers:
Performance evaluations are prepared every three years
The audit committee meets quarterly with the external auditors
The firm has an up-to-date organizational chart
Monthly reports comparing actual performance to budget are distributed to
managers
•
Question 13
2 out of 2 points
All of the following are standards of field work EXCEPT:
Selected Answer:
The auditor must have independence of mental attitude
Answers:
Audit work must be adequately planned
The auditor must gain a sufficient understanding of the internal control structure
The auditor must obtain sufficient and competent evidence
The auditor must have independence of mental attitude
•
Question 14
2 out of 2 points
The audit committee has a fiduciary responsibility to the companyâ s stockholders
Selected Answer:
True
Answers:
True
False
•
Question 15
2 out of 2 points
Which of the following most accurately explains why audits only provide Reasonable Assurance?
Selected
Answer:
The cost of an internal control should be less that the benefit it provides
Answers:
The cost of an internal control should be less that the benefit it provides
The effectiveness of internal controls is a function of the industry environment
A well-designed system of internal controls will detect all fraudulent activities
The objectives achieved by an internal control system varies depending on the data
processing method
•
Question 16
2 out of 2 points
A well-designed purchase order is an example of:
Selected Answer:
Preventive control
Answers:
Preventive control
Detective control
Corrective control
None of the choices
•
Question 17
2 out of 2 points
Which of the following types of audits focuses on proving or disproving an occurrence of a
misstatement which was done intentionally by the perpetrator?
Selected Answer:
Fraud audit
Answers:
Fraud audit
Error audit
Detective audit
External audit
•
Question 18
2 out of 2 points
A bank reconciliation is an example of:
Selected Answer:
Detective control
Answers:
Preventive control
Detective control
Corrective control
None of the choices
•
Question 19
2 out of 2 points
Which of the following is NOT an internal control procedure?
Selected Answer:
All of the choices ARE internal control procedures
Answers:
Authorization
Independent verification
Accounting records
All of the choices ARE internal control procedures
•
Question 20
2 out of 2 points
Statement 1: A high control risk results from a well-established internal control system. Statement 2:
To have a low detection risk, substantive tests should be kept at a minimum.
Selected Answer:
Both statements are false
Answers:
Both statements are true
Both statements are false
Statement 1 is true but statement 2 is false
Statement 1 is false but statement 2 is true
•
Question 21
2 out of 2 points
Which of the following is NOT one of the categories of GAAS?
Selected Answer:
Specific standards
Answers:
Specific standards
General standards
Standards of field work
Reporting standards
•
Question 22
2 out of 2 points
In order to maintain independence, the internal auditors report to the audit committee rather than the
CEO of the company.
Selected Answer:
True
Answers:
True
False
•
Question 23
2 out of 2 points
IT Audit is a small part of external and internal auditing.
Selected Answer:
Answers:
False
True
False
•
Question 24
2 out of 2 points
All of the following are related to the CONTROL ACTIVITIES in a COSO Framework EXCEPT:
Selected Answer:
Answers:
Perform risk identification and analysis
Follow policies and procedures
Improve security
Plan business continuity and backups
Perform risk identification and analysis
•
Question 25
2 out of 2 points
A CISA certification is most aligned with the work of a/an
Selected Answer:
IT auditor
Answers:
External auditor
Internal auditor
IT auditor
None of the choices
•
Question 26
2 out of 2 points
Which of the following types of audits focuses on the internal controls and operational processes
which are embedded into technology?
Selected Answer:
IT audit
Answers:
IT audit
Internal audit
Operations audit
Financial audit
•
Question 27
2 out of 2 points
All of the following are general standards EXCEPT:
Selected
Answer:
Audit work must be adequately planned
Answers:
Audit work must be adequately planned
The auditor must have adequate technical training and proficiency
The auditor must have independence of mental attitude
The auditor must exercise due professional care in the conduct of the audit and in
the preparation of the report
•
Question 28
2 out of 2 points
All of the following are related to the CONTROL ENVIRONMENT in a COSO Framework EXCEPT:
Selected Answer:
Perform ongoing monitoring
Answers:
Exercise integrity and ethical values
Issue assignment of authority and responsibility
Create organizational structure
Perform ongoing monitoring
•
Question 29
2 out of 2 points
It is the managementâ s responsibility to implement and maintain the internal controls of the company
Selected Answer:
True
Answers:
•
True
False
Question 30
2 out of 2 points
All of the following are management assertions when it comes to audit EXCEPT:
Selected Answer:
Timeliness of information
Answers:
Valuation and Allocation
Presentation and Disclosure
Timeliness of information
All of the choices are management assertions
•
Question 31
2 out of 2 points
This is the probability that the auditor will give an inappropriate opinion
Selected Answer:
Audit risk
Answers:
Audit risk
Control risk
Inherent risk
Detection risk
•
Question 32
2 out of 2 points
Which of the following is NOT part of the PDC Model?
Selected Answer:
Preparatory control
Answers:
Preparatory control
Detective control
Corrective control
All the other choices are controls in the PDC Model
•
Question 33
2 out of 2 points
Which of the following is common in all types of audits?
Selected
Answer:
Auditor must maintain objectivity in his/her work
Answers:
Auditor must maintain objectivity in his/her work
Auditor must focus on the information system infrastructure of the company
Auditor must render an opinion on the fairness of the amounts presented in the
financial statements
Auditor must give recommendations to the company on how it may improve its
internal control system
•
Question 34
2 out of 2 points
*All of the following are related to the CONTROL ACTIVITIES in a COSO Framework EXCEPT:
Selected Answer:
Perform risk identification and analysis
Answers:
Follow policies and procedures
Improve security
Plan business continuity and backups
Perform risk identification and analysis
•
Question 35
2 out of 2 points
Which of the following aims to provide recommendations to the company for its overall improvement,
both financially and operationally.
Selected Answer:
Management consultancy
Answers:
Management consultancy
Assurance engagements
Accounting procedures
Fraud investigation
•
Question 36
2 out of 2 points
Which of the following statements is false
Selected Answer:
IT auditing is not related to financial auditing
Answers:
Auditors must maintain independence
IT auditors attest to the integrity of the computer system
IT auditing can be performed by internal auditors
IT auditing is not related to financial auditing
•
Question 37
2 out of 2 points
Which of the following does NOT refer to control risk?
Selected Answer:
The nature of the industry involves high risk
Answers:
The nature of the industry involves high risk
Errors are made due to employee fatigue
Fraud occurs because of collusion between two employees
Management instructs the bookkeeper to make fraudulent journal entries
•
Question 38
2 out of 2 points
It is the CEO of the company who hires and fires the external auditor of the company
Selected Answer:
False
True
Answers:
False
•
Question 39
2 out of 2 points
A company may have operations audit, compliance audit, and IT audit all at the same time.
Selected Answer:
True
Answers:
True
False
•
Question 40
2 out of 2 points
Attestation services require all of the following except:
Selected
Answer:
The engagement is designed to conduct risk assessment of the clientâ s systems to
verify their degree of SOX compliance
Answers:
The engagement is designed to conduct risk assessment of the clientâ s systems to
verify their degree of SOX compliance
Written assertions and a practitionerâ s written report
Formal establishment of measurement criteria
Engagement is limited to examination, review, and agreed-upon procedures
•
Question 41
2 out of 2 points
An audit can be completed even without communicating the results thereof.
Selected Answer:
Answers:
False
True
False
•
Question 42
2 out of 2 points
The IT Auditor traces a specific transaction from the start to the end of a business process. This is
called
Selected Answer:
Walkthrough
Answers:
Walkthrough
Stalking
Tracing
Following
•
Question 43
2 out of 2 points
All of the following are advisory services EXCEPT
Selected Answer:
Financial audit
Answers:
Business advice
Actuarial advice
Compliance services
Financial audit
•
Question 44
2 out of 2 points
Which of the following is NOT a type of work an auditor should engage in?
Selected
Answer:
Implementing and maintaining internal control systems
Answers:
Implementing and maintaining internal control systems
Gathering and evaluating data about a management assertion
Planning the audit by gaining knowledge about the companyâ s policies and
structure
Communicating the result of the audit through a report to the stakeholders
•
Question 45
2 out of 2 points
Internal controls are designed to do the following EXCEPT:
Selected Answer:
Overtake the competitors in market share
Answers:
Safeguard assets
Promote efficiency
Ensure accuracy and reliability
Overtake the competitors in market share
•
Question 46
2 out of 2 points
Which of the following suggests a strong internal control environment?
Selected Answer:
The internal audit group reports to the audit committee of the board of directors
Answers:
The internal audit group reports to the audit committee of the board of directors
There is no segregation of incompatible duties to save on salaries expense
Inefficient business processes and operations are utilized by the company
There are questions regarding the integrity of the management
•
Question 47
2 out of 2 points
The most cost-effective type of internal control is
Selected Answer:
Preventive control
Answers:
Preventive control
Control premium
Detective control
Corrective control
•
Question 48
2 out of 2 points
All of the following are management assertions when it comes to audit EXCEPT:
Selected Answer:
Neutrality
Answers:
Existence or Occurrence
Completeness
Neutrality
Rights and Obligations
•
Question 49
2 out of 2 points
An attestation is limited to all of the following EXCEPT:
Selected Answer:
Management consultancy
Answers:
Audit
Review
Agreed-upon procedures
Management consultancy
•
Question 50
2 out of 2 points
According to SAS 78, which of the following is NOT a physical control activity?
Selected Answer:
Application control
Answers:
Independent verification
Supervision
Access control
Application control
•
Question 1
2 out of 2 points
Which of the following is the most critical step in audit planning?
Selected Answer:
Perform a risk assessment
Answers:
Perform a risk assessment
Review findings from prior audits
Executive management's approval of the audit plan
Review information security policies and procedures
•
Question 2
2 out of 2 points
An advanced knowledge of risk assessment practices is required in order to develop an audit
program.
Selected Answer:
False
Answers:
True
False
•
Question 3
2 out of 2 points
In order to effectively conduct a risk-based audit plan, the auditor should ________.
Selected
Answer:
have a general overview of the organization's business objectives
Answers:
have a detailed understanding of the specific processes of the company
conduct a seminar or training for the employees of the business discussing the
factors affecting risks
replace the management for a day in order to fully grasp the processes of the
business
have a general overview of the organization's business objectives
•
Question 4
2 out of 2 points
The auditor is evaluating whether a specific control objective is being met by the internal control. The
auditor is most likely performing ______.
Selected Answer:
sampling control testing
Answers:
sampling control testing
compliance testing
substantive procedures
definition of audit scope and objectives
•
Question 5
2 out of 2 points
Statement 1: Audit workpapers are highly encouraged but are not required in the audit. Statement 2:
Audit workpapers have a specific format to be followed and is standard for all audit engagements.
Selected Answer:
Both statements are false
Answers:
Both statements are true
Both statements are false
Statement 1 is true, statement 2 is false
Statement 2 is true, statement 1 is false
•
Question 6
2 out of 2 points
The walkthrough done in audit planning aims to simply understand the business process and/or
control environment of the company, and not to detect fraud or error.
Selected Answer:
True
Answers:
True
False
•
Question 7
2 out of 2 points
Which of the following is NOT in violation of the ISACA Code of Professional Ethics?
Selected
Answer:
Answers:
Threatening to file a legal case for a legitimate offense committed by a comember.
Creating intimidating, hostile, or offensive environment for the benefit ISACA.
Threatening to file a legal case for a legitimate offense committed by a comember.
Sending of obscene letters, notes, invitations, photographs, or invitation to any
individual
Condoning discriminatory policies that create unequal opportunities to different
members
•
Question 8
2 out of 2 points
An assessment of risk should provide reasonable assurance that the audit will cover material items.
Selected Answer:
True
Answers:
True
False
•
Question 9
2 out of 2 points
Which of the following statement is MOST ACCURATE?
Selected
Answer:
Answers:
Residual risk should be decreased to an acceptably low level if the management is
risk averse
A management with a low appetite for risk can tolerate a lot of residual risk
A management described as being a risk taker wants to minimize residual risk as
much as possible
Residual risk should be decreased to an acceptably low level if the management is
risk averse
Being risk averse is always better than being a risk taker
•
Question 10
0 out of 2 points
Which of the following tools will most effectively assist the auditor in understanding the control
environment of the client?
Selected Answer:
CAATTs
Answers:
Audit Charter
CAATTs
Scoring System Method
Control Matrix
•
Question 11
2 out of 2 points
All risks are industry specific, such as server failure or data corruption.
Selected Answer:
Answers:
False
True
False
•
Question 12
2 out of 2 points
An staff-level employee has been given an administrative account to the system of the company. Due
to the difficult times during 2020-2021, this employee will have a tendency to disregard his
responsibilities to the company. What is the THREAT in this scenario?
Selected Answer:
the usage of the administrative account
Answers:
the usage of the administrative account
the administrative account itself
the difficult times during 2020-2021
the employee himself/herself
•
Question 13
2 out of 2 points
A certain system was identified by the auditor as high risk simply by having knowledge of the industry,
the nature of the system, the governing laws and regulations, and experiences from the last 10 years
of audit. The auditor MOST likely utilized ______ of assessing risk.
Selected Answer:
judgmental method
Answers:
scoring system method
judgmental method
haphazard method
external environment analysis method
•
Question 14
2 out of 2 points
The auditor is performing risk assessment and has already understood the business objectives and
identified the assets utilized to achieve this objective. Which of the following is most likely the next
step the auditor would take?
Selected Answer:
identify which assets are have the highest risk attached
Answers:
recommend internal controls that would help achieve this business objective
reassess the business objective and information assets
identify which controls are in place to protect the assets
identify which assets are have the highest risk attached
•
Question 15
2 out of 2 points
The audit workpaper contains, among other things, the activities done and findings discovered during
the testing phase of the audit.
Selected Answer:
True
Answers:
True
False
•
Question 16
2 out of 2 points
Which of the following is NOT an asset of the company
Selected
Answer:
information that is available in the website of a government agency responsible for
regulating the industry of the client
Answers:
information that is available in the website of a government agency responsible for
regulating the industry of the client
trade secrets of the client used in the production of its unique product offering
employee information and customer data it collects throughout all the transactions is
has processed in its economic life
all of the following are assets of the company
•
Question 17
2 out of 2 points
All deviations from the expected results and other issues discovered by the audit testing are NOT
automatically tagged as audit findings, but rather forwarded to the auditor for further validation.
Selected Answer:
True
Answers:
True
False
•
Question 18
2 out of 2 points
(1) conclude the audit (2) perform test of controls (3) gather information and plan (4) obtain
understanding of internal controls (5) perform substantive tests. Which of the following is the correct
order:
Selected Answer:
3-4-2-5-1
Answers:
4-3-2-5-1
4-3-5-2-1
3-4-2-5-1
3-4-5-2-1
•
Question 19
2 out of 2 points
Control objectives refer to the specific goals that must be accomplished by the audit.
Selected Answer:
Answers:
False
True
False
•
Question 20
2 out of 2 points
Risk acceptance was recommended as the risk treatment by the auditor who did not commit any
violation of the ISACA Code of Professional Ethics. What was MOST likely the reason for his/her
decision?
Selected Answer:
Cost to mitigate risk may be greater than the value of the asset
Answers:
Risk was not identified through the risk assessment procedures
Cost to mitigate risk may be greater than the value of the asset
Management and auditors are not in a good relationship with each other
The auditor is still waiting for the results of the work of other auditors and experts
•
Question 21
2 out of 2 points
It is a statement of the purpose of applying a control around an information system.
Selected Answer:
Control objective
Answers:
Information system objective
Business objective
Audit objective
Control objective
•
Question 22
2 out of 2 points
Which of the following is the LEAST feasible among risk treatments?
Selected Answer:
risk avoidance
Answers:
risk mitigation
risk acceptance
risk avoidance
risk transfer
•
Question 23
2 out of 2 points
The risk assessment is best prepared ahead of the substantive testing, preferably around 3 months
apart.
Selected Answer:
Answers:
False
True
False
•
Question 24
2 out of 2 points
Failure to comply with the ISACA Code of Ethics will result to automatic revocation of the certification
and automatically lead to disciplinary measures without further investigation.
Selected Answer:
Answers:
False
True
False
•
Question 25
2 out of 2 points
The company you are auditing is a bank which loans out cash to its clients. It is a requirement of the
bank that, should the loan not have any collateral, then a guarantor should co-sign with the debtor.
This is an example of a
Selected Answer:
risk transfer
Answers:
risk mitigation
risk acceptance
risk avoidance
risk transfer
•
Question 26
2 out of 2 points
Which of the following is most likely NOT in compliance with the ISACA Code of Professional Ethics?
Selected
Answer:
Answers:
The auditor accepted an audit engagement in which he/she has limited knowledge of,
so as not to make the client think that auditors are choosy.
The auditor performs his/her the audit procedures with objectivity and professional
care.
The auditor accepted an audit engagement in which he/she has limited knowledge of,
so as not to make the client think that auditors are choosy.
Decline in client offers that, if made public, would potentially discredit the profession.
Support the continuing professional education of the client by enhancing their
understanding of the IT infrastructure, IT governance, internal controls, and other
relevant matters.
•
Question 27
2 out of 2 points
All of the following are purposes of an audit program EXCEPT:
Selected Answer:
meeting generally accepted accounting principles
Answers:
formal documentation of audit procedures
creation of procedures that are easily repeatable
documentation of the type of testing to be used
meeting generally accepted accounting principles
•
Question 28
0 out of 2 points
Risk assessments should identify, quantify, and prioritize risk against criteria for risk acceptance and
objectives relevant to the organization.
Selected Answer:
False
Answers:
True
False
•
Question 29
0 out of 2 points
Which of the following is LEAST likely considered in a risk-based audit planning?
Selected Answer:
The chance that something negative will occur in the system
Answers:
The chance that something negative will occur in the system
The policies and procedures meant to mitigate risk
The process of managing the information system
The priorities set by the organization's management
•
Question 30
0 out of 2 points
An audit charter should _______.
Selected
Answer:
Answers:
clearly state audit objectives for and the delegation of authority to the maintenance
and review of internal controls
be dynamic and change to coincide with the changing nature of technology and the
audit profession
clearly state audit objectives for and the delegation of authority to the maintenance
and review of internal controls
document the audit procedures designed to achieve the planned audit objectives
outline the overall authority, scope, and responsibilities of the audit function
•
Question 31
2 out of 2 points
You are reviewing a software application that is built on the principles of service-oriented architecture.
What is the INITIAL STEP?
Selected
Answer:
Understanding services and their allocation to business processes by reviewing the
service repository documentation.
Answers:
Understanding services and their allocation to business processes by reviewing the
service repository documentation.
Sampling the use of service security standards as represented by the Security
Assertions Markup Language.
Reviewing the service level agreements established for all system providers.
Auditing the core service and its dependencies on other systems.
•
Question 32
2 out of 2 points
Which of the following is NOT an outcome of risk-based audit planning?
Selected Answer:
determines the amount of audit fee to be charged to the client
Answers:
assists in identifying threats within the IT environment
determines the amount of audit fee to be charged to the client
helps in defining the audit scope and audit objectives
streamlines the audit management in terms of assignments
•
Question 33
2 out of 2 points
Included in the audit charter are the following, EXCEPT:
Selected Answer:
audit fee charged by the auditor
Answers:
purpose and scope of the audit
reporting line of the auditor
authority of the auditor
audit fee charged by the auditor
•
Question 34
2 out of 2 points
You are an IT Auditor of a bank which utilizes electronic banking processes and electronic fund
transfer processes. The following are your roles, EXCEPT:
Selected
Answer:
Answers:
none of the choices
ensure that all equipment and communication linkages are tested to effectively and
reliably transmit and receive data
ensure that encryption standards are set
ensure that there are guidelines set for the receipt of data
none of the choices
•
Question 35
2 out of 2 points
An audit program only considers the capacity of the audit team and does not consider other factors.
Selected Answer:
Answers:
False
True
False
•
Question 36
2 out of 2 points
In order to comply with the professional ethics of an IS Auditor, the auditor must never refer to the
work of another auditor or expert.
Selected Answer:
Answers:
False
True
False
•
Question 37
2 out of 2 points
The auditor should recommend internal controls for all risks identified in the risk assessment phase of
the audit.
Selected Answer:
Answers:
False
True
False
•
Question 38
0 out of 2 points
The auditor is evaluating whether an issue discovered represents the whole population. The auditor is
most likely performing what phase of the audit execution?
Selected Answer:
testing controls
Answers:
acquiring data
testing controls
issue discovery and validation
document results
•
Question 39
0 out of 2 points
Which of the following is NOT an example of an overlapping control.
Selected
Answer:
Answers:
Workers are monitored by a supervisor and workers are required to submit a report
of the work they did during the day
Required simultaneous use of passwords and One Time Pin to prevent unauthorized
access to the system
Workers are monitored by a supervisor and workers are required to submit a report
of the work they did during the day
Transactions handled by the treasurer, who is also the accountant, is approved by
the CFO.
Payments to the suppliers should be signed by the CFO, COO, and CEO.
•
Question 40
2 out of 2 points
In all cases, the auditor may transfer all of the audit responsibilities to another auditor or expert.
Selected Answer:
Answers:
False
True
False
•
Question 41
2 out of 2 points
The role of the IS auditor is established in the ________
Selected Answer:
audit charter
Answers:
audit chart
audit contract
audit charter
audit committee
•
Question 42
2 out of 2 points
This specific business process involves buying and selling of goods online:
Selected Answer:
e-commerce
Answers:
e-commerce
electronic fund transfer
point of sale system
electronic data interchange
•
Question 43
2 out of 2 points
An information asset worth P100,000,000 is protected by an IT control system costing P10,000,000.
The control system protects approximately 80% of the asset per instance. From past experiences, the
control system fails to protect the asset at an average of 4 times per year. How much is the single loss
expectancy of this risk?
Selected Answer:
P20,000,000
Answers:
P20,000,000
P18,000,000
P80,000,000
P72,000,000
•
Question 44
0 out of 2 points
Generally speaking, the audit trail is easier to trace in a manual business process as compared to a
computerized business process.
Selected Answer:
False
Answers:
True
False
•
Question 45
2 out of 2 points
Risk is the mixture of ________
Selected Answer:
likelihood and magnitude
Answers:
threat and safety
likelihood and magnitude
rewards and returns
controls and exposure
•
Question 46
2 out of 2 points
Which of the following is LEAST LIKELY to be chosen as an evidence gathering technique?
Selected Answer:
documenting auditor's own opinion on the matter
Answers:
inquiry with company staff, managers, and owners
documenting auditor's own opinion on the matter
reperformance of the applied controls
use of audit logs and reports
•
Question 47
2 out of 2 points
Which of the following is NOT a step in audit planning?
Selected Answer:
Reperform the business process
Answers:
Develop an audit strategy
Understand the business objective
Reperform the business process
Assign the audit personnel
•
Question 48
2 out of 2 points
Which of the following is NOT a responsibility of the auditor in the business process of the company?
Selected
Answer:
Answers:
Designing the business process in order to minimize the risk exposure of the
company
Assessment of IT controls and control objectives implemented in the business
process
Understanding the role that IT plays in the business process
Designing the business process in order to minimize the risk exposure of the
company
Identifying the key controls in the control environment of the company
•
Question 49
2 out of 2 points
An information asset worth P100,000,000 is protected by an IT control system costing P10,000,000.
The control system protects approximately 80% of the asset per instance. From past experiences, the
control system fails to protect the asset at an average of 4 times per year. How much is the
annualized loss expectancy of this risk?
Selected Answer:
P80,000,000
Answers:
P20,000,000
P18,000,000
P80,000,000
P72,000,000
•
Question 50
0 out of 2 points
Statement 1: All threats should be answered by a control. Statement 2: All vulnerable assets should
be protected by a control.
Selected Answer:
statement 2 is true; statement 1 is false
Answers:
both statements are true
both statements are false
statement 1 is true; statement 2 is false
statement 2 is true; statement 1 is false