WGITA – IDI HANDBOOK ON IT AUDIT FOR SUPREME AUDIT INSTITUTIONS MCQ

INTRODUCTION

What has the ubiquitous computer brought with it?

  1. Vulnerabilities
  2. Security Vulnerabilities
  3. Flaw
  4. Issues

.Read the following statements carefully:
Statement I: The advent of information technology has changed the way we all work in many ways, and the audit profession is clearly no exception.
Statement II: The almost ubiquitous computer, whilst undoubtedly one of the most effective business tools, has not also brought with it vulnerabilities pertinent to the automated business environment.
Statement III: Assessing the adequacy of each control requires new methods of auditing.
Which of the above Statement(s) is/are correct:

  1. I and III.
  2. II and III only.
  3. II only.
  4. All Statements are Correct.

What does assessing the adequacy of each control require?

Answer: New methods of auditing

What types of networks do computers communicate over?

Answer: Public and private

What terms have replaced the term edp audit?

Answer: Information technology audit and information systems audit.

Q. What is required to provide assurance that adequate controls (general computer controls and/or application controls) have been designed and are operated to minimize the exposure to various?

Answer: An independent audit

INFORMATION TECHNOLOGY (IT) AUDIT

Q. Organizations have been increasingly relying on what of their activities and information management?

  1. Integration
  2. Systems
  3. Workflow
  4. Automation

Q. What is the process of deriving assurance on whether the development, implementation and maintenance of its systems meets business goals?

Answer: It audit

Q. What does it audit ensure that the systems meet business needs without compromising?

Answer: Security, privacy, cost, and other critical business elements.

Q.Read the following statements carefully:
Statement I: The mandate of an sai to conduct an audit of it systems is contained in issai 1-lima declaration.
Statement II: Some sais may also have not a specific mandate for conducting it audits.
Statement III: For example, if the sai has a mandate to audit a tax revenue function, the sai must audit the automated portion of the tax revenue function through a derivation of its original mandate.
Which of the above Statement(s) is/are correct:

  1. I and III.
  2. II and III only.
  3. II only.
  4. All Statements are Correct.

Q. What is the mandate of an sai for it audit derived from?

Answer: Overall mandate provided to the sai to conduct financial, compliance, performance audits or a combination of these

Q. Read the following statements carefully:
Statement I: The objective of it audits is to ensure that the it resources allow organisational goals to be achieved effectively and use resources efficiently.
Statement II: Review of the controls of the it systems to gain assurance about their adequacy and effectiveness.
Statement III: Evaluation of the performance of a system and its security, for example, a railway reservation system.
Which of the above Statement(s) is/are correct:

  1. I and III.
  2. II and III only.
  3. II only
  4. All Statements are Correct.

Q. Read the following statements carefully:
Statement I: Generally supreme audit institutions perform it audits in conjunction with a financial statements audit, a review of internal controls, and/or as performance audits of it systems or it applications.
Statement II: Compliance/ operational audits ; and forensic audits and information systems development projects audits.
Statement III: Irrespective of the type of audit, the it auditor would be required to assess the policies and procedures that guide the overall it environment of the audited entity, ensuring that the corresponding controls and enforcement mechanisms are in place.
Which of the above Statement(s) is/are correct:Rate Question

  1. I and III.
  2. II and III only.
  3. II only
  4. All Statements are Correct.

Q. Who performs it audits in conjunction with a financial statements audit, a review of internal controls, and/or as performance audits of it?

Answer: Generally supreme audit institutions

Q. What is the scoping of the it audit?

Answer: Setting or delineating the boundaries of the audit.

Q. What is the combination of methods, policies, and procedures that ensure protection of the organisations assets, accuracy and reliability of its records, and operational adherence to?

  1. Control
  2. Operation
  3. Power
  4. System

Q. What are the two categories of controls in an it context?

Answer: General controls and application controls.

Q. Application controls include data input validation, processing controls and

  1. Authentication
  2. Encryption
  3. Decryption
  4. Cryptography

Q. What are applications protected from?Rate Question

  1. Modifying
  2. Reprogramming
  3. None
  4. Reprogram

Q. Read the following statements carefully:
Statement I: The objective of it general controls is to ensure the appropriate development and implementation of applications, as well as of program and data files and of computer operations.
Statement II: The design and implementation of it general controls may have not a significant impact on the effectiveness of the application controls.
Statement III: The application controls operate on individual transactions and ensure that they are correctly input, processed and output.
Which of the above Statement(s) is/are correct:

  1. I and III.
  2. II and III only.
  3. II only.
  4. All Statements are Correct.

Q. Application controls operate on what?

Answer: Individual transactions

Q. What does the design and operating effectiveness of it general controls do?

Answer: Greatly influence the extent to which the application controls can be relied upon by the management to manage risks.

Q. Issai 1315 points out that even in small entities where information systems and business processes relevant to financial reporting are less sophisticated, their role is?Rate Question

  1. Significant
  2. Major
  3. Considerable
  4. Substantial

Q. Read the following statements carefully:
Statement I: The role of the auditor is to understand the potential business and it risks facing the audited entity, and in turn to assess whether the deployed controls are adequate to meet the control objective.
Statement II: As issai 1315 points out that even in small entities where information systems and business processes relevant to financial reporting are not less sophisticated, their role is significant.
Statement III: If general controls are weak, they severely diminish the reliability of controls associated with individual it applications.
Which of the above Statement(s) is/are correct:

  1. I and III.
  2. II and III only.
  3. II only.
  4. All Statements are Correct.

Q. Read the following statements carefully:
Statement I: Generally, the it auditor is called upon to test technology-related controls, whereas non-it auditors test financial, regulatory and compliance controls.
Statement II: As per issai fundamental principles of public sector auditing: auditors should obtain an understanding of the nature of the entity/programme to be audited.
Statement III: Every control area is based on a set of control objectives that an organisation puts in place in order to mitigate a control risk.
Which of the above Statement(s) is/are correct:

  1. I and III.
  2. II and III only.
  3. II only
  4. All Statements are Correct.

Q. What do non-IT auditors test?

Answer: Financial, regulatory and compliance controls.

Q. Risk of unauthorised modification can be a source of what?

  1. Theft
  2. Fraud
  3. Embezzlement
  4. Scam

Q. What is the most common way an sai gathers information?

  1. Report
  2. Questionnaire
  3. Survey
  4. Study

Q. What is usually used to gather information for a risk assessment framework?

  1. Report
  2. Study
  3. Survey
  4. Questionnaire

Q. What is not usually used to gather information for a risk assessment framework?
I. Study
II. Survey
III. Report
IV. Questionnaire
Which of the options given above is/are correct:

  1. II only.
  2. II, III and I only.
  3. III, I and IV only.
  4. All the above.

Q. Read the following statements carefully:
Statement I: Audit planning is a key part of any audit, including it audit.
Statement II: In most sais, planning for audits is not carried out at three levels – strategic planning, macro or annual planning, and micro or entity level planning.
Statement III: A strategic plan of the sai is a long-term (3-5 years) forecast of audit targets and objectives for the audit, including those of it systems and respective organisations under jurisdiction of an sai.
Which of the above Statement(s) is/are correct:

  1. I and III.
  2. II and III only.
  3. II only.
  4. All Statements are Correct.

Q. What does micro planning begin with?
I. Outlining
II. Summarizing
III. Highlighting
IV. Explaining
Which of the options given above is/are correct:Rate Question

  1. III and II only.
  2. I only.
  3. I, III and II only.
  4. IV only.

Q. What involves the development of a detailed audit plan for audit of the selected audit entity?

Answer: Micro planning

Q. What is an example of a public web portal?Rate Question

  1. Indiatimes.Com
  2. Zipslocal.Com
  3. International.Com
  4. India.Com

Leave a Reply