62 Questions
What are management assertions?
Specific attributes of the subject matter made by management
Which of the following is NOT a common management assertion?
Efficiency
Who is responsible for making management assertions?
Senior management
What do management assertions usually contain?
A list of specific attributes about the subject matter
What is the threat to objectivity when an IT auditor will not appropriately evaluate the results of previous judgments or services performed?
Self-review
Which threat to objectivity occurs when an IT auditor promotes an auditee’s position to the point that professional objectivity is compromised?
Advocacy
What is the condition that causes a weakness or diminished ability to execute audit objectives?
Impairment
Which threat to objectivity involves long or close relationship with the auditee, causing the IT auditor to be too sympathetic to the interests of the auditee?
Familiarity
In which situation should an IT auditor make an appropriate disclosure of the impairment to objectivity or independence?
When an impairment is identified during the audit
Under what condition should an IT auditor not perform nonaudit services or roles in areas where a current or future audit is planned and would likely be performed by the same IT auditor?
When engaging an alternative internal or external resource
What supports objectivity by ensuring that the IT auditor has autonomy and is not subject to conflicts of interest and undue influence exerted by the enterprise being audited?
Organizational Independence
What is the crime of using dishonest methods to take something valuable from a person or enterprise?
Fraud
What does an IT auditor need to do if they determine that objectivity is threatened during an audit?
Eliminate or reduce any impairment to an acceptable level or decline or terminate the audit.
What should be included in the audit report if an IT auditor cannot decline or terminate the audit due to objectivity threats?
An appropriate disclosure of the impairment to objectivity or independence.
When should an IT auditor's involvement in nonaudit services be approved by the chief audit executive and those formally charged with governance and oversight of the audit function?
When engaging an alternative internal or external resource is not feasible.
What does an IT auditor consider throughout the execution of an IT audit?
Accuracy, integrity, and availability
What is the purpose of reviewing management assertions for an IT audit?
To ascertain their sufficiency, validity, and relevance
What should an IT auditor do if they feel that management will not be able to fulfill its responsibility to provide required information for the subject matter?
Inform IT audit management and those charged with governance of the audit function of the identified issue
What is a code of professional ethics used to define and guide in the IT audit profession?
Individual and organizational behavior of employees
What should the scope of an IT audit permit at a minimum?
Conclusion to be drawn on the subject matter
What should be recorded to ensure compliance according to the text?
Only required fields
What is an important aspect an IT auditor should have a reasonable expectation of while conducting an IT audit?
Completion in accordance with appropriate professional standards
What does an IT auditor ensure about information, evidence, and other data required for an audit?
They exist and are accessible
What should an IT auditor do if management assertions developed are inconsistent with good practice?
Inform IT audit management of the inconsistency
What should amounts, dates, and other data related to recorded activities be according to the text?
Recorded appropriately
What is an important consideration before beginning an audit according to the text?
Sufficient understanding of management's responsibilities
What are some of the assertions considered by an IT auditor throughout an IT audit according to the text?
Sufficiency and validity
What does ISACA require of its members and certification holders?
To maintain high standards of conduct and character
What is meant by 'due professional care' for an IT auditor?
Exercising diligence under specific circumstances
How should an IT auditor approach matters requiring professional judgment?
With skepticism, diligence, integrity, and care
What should an IT auditor do to maintain professional competency?
Obtain training directed toward new audit techniques and technologies
What should an IT auditor consider when planning audits?
Competence and conflicts of interest
Why is it important for IT auditors to maintain their competencies?
To comply with developments in professional standards
What should an IT auditor do with information obtained in the course of carrying out duties?
Maintain privacy and confidentiality
What is one of the audit concepts addressed in the Code of Professional Ethics?
Objectivity
What does due professional care require an IT auditor to consider?
Incompetence and conflicts of interest
What should an IT auditor do to achieve audit objectives?
Demonstrate sufficient understanding and competency
What is meant by 'objectivity' in the context of IT auditing?
The ability to exercise judgment with impartiality
What are the three key elements in Cressey's fraud triangle?
Opportunity, motivation, rationalization
Which element of the fraud triangle refers to the perceived financial or other need of the fraudster?
Rationalization
What does rationalization refer to in the context of the fraud triangle?
The way the fraudster internally justifies the crime
What is created by abuse of position and authority, poor internal controls, and poor management oversight?
Opportunity
Which element of the fraud triangle does an IT auditor have the most control over?
Opportunity
What is responsible for establishing, implementing, and maintaining an internal control system that leads to the deterrence and/or timely detection of fraud?
Management
When considering IT assets, what can limit opportunities to commit fraud?
Logical access and segregation of duties
What should management do if an act is alleged, suspected, or detected?
Participate in the investigation process
What is an irregularity according to the text?
A violation of established management policy or regulatory requirement
What is important for enterprises to have in place to identify irregularities and illegal acts quickly?
Awareness, prevention and detection mechanisms
What can directly impact an enterprise's finances and reputation?
Irregularities and illegal acts
Who is responsible for disclosing to an IT auditor any irregularities or illegal acts?
Management
What is the term for the suppression or omission of the effects of transactions from records or documents?
Fraudulent financial reporting
Which of the following is an example of an act that involves noncompliance with laws and regulations?
Unauthorized disclosure of data subject to privacy laws
What is an IT auditor responsible for in relation to irregularities or illegal acts?
Assessing the risk of irregularities or illegal acts
During an IT audit, what may be an indication of persons committing irregularities or illegal acts?
Increase in complaints from customers
What should an IT auditor do after discovering instances or indicators of fraud during regular assurance work?
Communicate the need for a detailed investigation to appropriate authorities
Which action should an IT auditor take if a major fraud is identified?
Communicate it in a timely manner to the audit committee
In relation to an identified act, what should an IT auditor do after receiving direction from informed parties?
Determine subsequent actions such as reporting to enterprise management or internal fraud investigators
What does 'skimming' refer to in the context of irregularities and fraud?
Misappropriation of cash before it is recorded in financial records
What is the role of an IT auditor when performing an audit?
Assessing the risk of irregularities or illegal acts
What should an IT auditor do if they discover instances or indicators of fraud during regular assurance work?
Communicate the need for a detailed investigation to appropriate authorities
What should an IT auditor do after receiving direction from informed parties about an identified act?
Perform limited additional procedures to determine the effect of the act and whether additional acts took place
What actions should an IT auditor take if a major fraud is identified?
Communicate it in a timely manner to the audit committee for appropriate action
Test your knowledge about threats to objectivity that IT auditors may face, including self-interest and self-review. Explore the circumstances and relationships that can create threats to an IT auditor's objectivity.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free