Podcast
Questions and Answers
What do financial auditors primarily worry about within the accounts receivable process?
What do financial auditors primarily worry about within the accounts receivable process?
- Risks to the system accomplishing its business purpose
- Risks within the accounts receivable process itself (correct)
- Physical controls related to access
- Administrative controls related to data integrity
What should IT auditors think about when considering risks to the system?
What should IT auditors think about when considering risks to the system?
- Administrative controls related to data access
- Risks to the business purpose of the system (correct)
- Physical controls related to data storage
- Risks to data integrity
What is one example of an internal control that could mitigate risks related to unauthorized code changes?
What is one example of an internal control that could mitigate risks related to unauthorized code changes?
- Requiring evidence of testing and approval before updating production code (correct)
- Implementing physical barriers around the servers
- Removing all access controls from the system
- Allowing programmers logical access to update production code
Why is it important to have access controls in place for a system?
Why is it important to have access controls in place for a system?
What is a key concern if access to a system is provided to individuals who do not need it?
What is a key concern if access to a system is provided to individuals who do not need it?
Which type of control focuses on verifying that changes to system code are approved and tested properly?
Which type of control focuses on verifying that changes to system code are approved and tested properly?
What is the purpose of administrative implementations of controls?
What is the purpose of administrative implementations of controls?
Which type of control is a user ID and password for access to a system?
Which type of control is a user ID and password for access to a system?
What is the main characteristic of technical implementations of controls?
What is the main characteristic of technical implementations of controls?
Which control type records a bad event after it has happened?
Which control type records a bad event after it has happened?
In terms of cost-effectiveness, why might preventive controls not always be the best solution?
In terms of cost-effectiveness, why might preventive controls not always be the best solution?
Which type of control includes measures like security personnel and locked doors?
Which type of control includes measures like security personnel and locked doors?
What is the purpose of reactive controls in a system?
What is the purpose of reactive controls in a system?
Which type of control is a central antivirus system that detects whether each user’s PC has the latest signature files installed?
Which type of control is a central antivirus system that detects whether each user’s PC has the latest signature files installed?
What is the main function of an accounts receivable system in a company?
What is the main function of an accounts receivable system in a company?
Why might disallowing network access to non-compliant machines be impractical from a business perspective?
Why might disallowing network access to non-compliant machines be impractical from a business perspective?
In the context provided, what kind of control is used to nag 'deadbeats' who don’t pay the company?
In the context provided, what kind of control is used to nag 'deadbeats' who don’t pay the company?
What distinguishes reactive controls from preventive controls?
What distinguishes reactive controls from preventive controls?
