IT Auditor Objectivity Threats

62 Questions

What are management assertions?

Specific attributes of the subject matter made by management

Which of the following is NOT a common management assertion?

Efficiency

Who is responsible for making management assertions?

Senior management

What do management assertions usually contain?

A list of specific attributes about the subject matter

What is the threat to objectivity when an IT auditor will not appropriately evaluate the results of previous judgments or services performed?

Self-review

Which threat to objectivity occurs when an IT auditor promotes an auditee’s position to the point that professional objectivity is compromised?

Advocacy

What is the condition that causes a weakness or diminished ability to execute audit objectives?

Impairment

Which threat to objectivity involves long or close relationship with the auditee, causing the IT auditor to be too sympathetic to the interests of the auditee?

Familiarity

In which situation should an IT auditor make an appropriate disclosure of the impairment to objectivity or independence?

When an impairment is identified during the audit

Under what condition should an IT auditor not perform nonaudit services or roles in areas where a current or future audit is planned and would likely be performed by the same IT auditor?

When engaging an alternative internal or external resource

What supports objectivity by ensuring that the IT auditor has autonomy and is not subject to conflicts of interest and undue influence exerted by the enterprise being audited?

Organizational Independence

What is the crime of using dishonest methods to take something valuable from a person or enterprise?

Fraud

What does an IT auditor need to do if they determine that objectivity is threatened during an audit?

Eliminate or reduce any impairment to an acceptable level or decline or terminate the audit.

What should be included in the audit report if an IT auditor cannot decline or terminate the audit due to objectivity threats?

An appropriate disclosure of the impairment to objectivity or independence.

When should an IT auditor's involvement in nonaudit services be approved by the chief audit executive and those formally charged with governance and oversight of the audit function?

When engaging an alternative internal or external resource is not feasible.

What does an IT auditor consider throughout the execution of an IT audit?

Accuracy, integrity, and availability

What is the purpose of reviewing management assertions for an IT audit?

To ascertain their sufficiency, validity, and relevance

What should an IT auditor do if they feel that management will not be able to fulfill its responsibility to provide required information for the subject matter?

Inform IT audit management and those charged with governance of the audit function of the identified issue

What is a code of professional ethics used to define and guide in the IT audit profession?

Individual and organizational behavior of employees

What should the scope of an IT audit permit at a minimum?

Conclusion to be drawn on the subject matter

What should be recorded to ensure compliance according to the text?

Only required fields

What is an important aspect an IT auditor should have a reasonable expectation of while conducting an IT audit?

Completion in accordance with appropriate professional standards

What does an IT auditor ensure about information, evidence, and other data required for an audit?

They exist and are accessible

What should an IT auditor do if management assertions developed are inconsistent with good practice?

Inform IT audit management of the inconsistency

What should amounts, dates, and other data related to recorded activities be according to the text?

Recorded appropriately

What is an important consideration before beginning an audit according to the text?

Sufficient understanding of management's responsibilities

What are some of the assertions considered by an IT auditor throughout an IT audit according to the text?

Sufficiency and validity

What does ISACA require of its members and certification holders?

To maintain high standards of conduct and character

What is meant by 'due professional care' for an IT auditor?

Exercising diligence under specific circumstances

How should an IT auditor approach matters requiring professional judgment?

With skepticism, diligence, integrity, and care

What should an IT auditor do to maintain professional competency?

Obtain training directed toward new audit techniques and technologies

What should an IT auditor consider when planning audits?

Competence and conflicts of interest

Why is it important for IT auditors to maintain their competencies?

To comply with developments in professional standards

What should an IT auditor do with information obtained in the course of carrying out duties?

Maintain privacy and confidentiality

What is one of the audit concepts addressed in the Code of Professional Ethics?

Objectivity

What does due professional care require an IT auditor to consider?

Incompetence and conflicts of interest

What should an IT auditor do to achieve audit objectives?

Demonstrate sufficient understanding and competency

What is meant by 'objectivity' in the context of IT auditing?

The ability to exercise judgment with impartiality

What are the three key elements in Cressey's fraud triangle?

Opportunity, motivation, rationalization

Which element of the fraud triangle refers to the perceived financial or other need of the fraudster?

Rationalization

What does rationalization refer to in the context of the fraud triangle?

The way the fraudster internally justifies the crime

What is created by abuse of position and authority, poor internal controls, and poor management oversight?

Opportunity

Which element of the fraud triangle does an IT auditor have the most control over?

Opportunity

What is responsible for establishing, implementing, and maintaining an internal control system that leads to the deterrence and/or timely detection of fraud?

Management

When considering IT assets, what can limit opportunities to commit fraud?

Logical access and segregation of duties

What should management do if an act is alleged, suspected, or detected?

Participate in the investigation process

What is an irregularity according to the text?

A violation of established management policy or regulatory requirement

What is important for enterprises to have in place to identify irregularities and illegal acts quickly?

Awareness, prevention and detection mechanisms

What can directly impact an enterprise's finances and reputation?

Irregularities and illegal acts

Who is responsible for disclosing to an IT auditor any irregularities or illegal acts?

Management

What is the term for the suppression or omission of the effects of transactions from records or documents?

Fraudulent financial reporting

Which of the following is an example of an act that involves noncompliance with laws and regulations?

Unauthorized disclosure of data subject to privacy laws

What is an IT auditor responsible for in relation to irregularities or illegal acts?

Assessing the risk of irregularities or illegal acts

During an IT audit, what may be an indication of persons committing irregularities or illegal acts?

Increase in complaints from customers

What should an IT auditor do after discovering instances or indicators of fraud during regular assurance work?

Communicate the need for a detailed investigation to appropriate authorities

Which action should an IT auditor take if a major fraud is identified?

Communicate it in a timely manner to the audit committee

In relation to an identified act, what should an IT auditor do after receiving direction from informed parties?

Determine subsequent actions such as reporting to enterprise management or internal fraud investigators

What does 'skimming' refer to in the context of irregularities and fraud?

Misappropriation of cash before it is recorded in financial records

What is the role of an IT auditor when performing an audit?