Scribd
Upload
30 views5 pages

Sampling Techniques for IS Auditors

Uploaded by

Fares Salman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views5 pages

Sampling Techniques for IS Auditors

Uploaded by

Fares Salman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Which sampling technique when is used an IS auditor is trying to find at least one exception in a

population

A) Variable sampling
B) Stop-or-go sampling
C) Discovery sampling
D) Statistical sampling

Answer: C ) Discovery sampling

Discovery sampling is a technique used when an IS auditor is trying to find at least one exception in a
population. When an IS auditor is examining a population where even a single exception would
represent a high-risk situation (such as embezzlement or fraud), the auditor will recommend a more
intensive investigation to determine whether additional exceptions exist.

Responsibilities of the CISO

Compliance management and this is verified through the use of internal and external audits

COBIT is composed of how many IT processes?

A) 11
B) 37
C) 5
D) 32

Answer: B ) 37

The COBIT framework contains 37 key IT processes, along with the means for any individual organization
to determine how much (and what kind of ) control is appropriate for each organization, based upon its
business objectives and how IT supports them

4
Q

An auditor is auditing a purchase order and needs to select individual purchases to audit. There are a
small number of high-value purchase orders. Which sampling technique is best suited for this audit?

A) Stratified sampling
B) Statistical sampling
C) Variable sampling
D) Discovery sampling

Answer: A) stratified sampling

The stratified sampling technique permits auditors to select samples with very low or high values or any
other rarity, whereas the other techniques are not likely to provide the needed samples.

Video surveillance is an example of which type of control?

A) Preventive only
B) Preventive and deterrent
C) Detective only
D) Detective and deterrent

Answer: D) Detective and Deterrent

Video surveillance is both a detective control (because it can record unwanted activity) and a deterrent
control (because its presence may deter unwanted activity)

The period from the onset of an outage until the resumption of service is known as the :

A) Recovery time objective (RTO)


B) Recovery Response Objective (RRO)
C) Recovery point objective (RPO)
D) Time to recovery (TTR)

A
Answer: A) Recovery time objective (RTO)

RTO is a key target that is the period from the onset of an outage until the resumption of service, usually
measured in hours or days.

RPO is the period for which recent data will be lost,


The recovery response time and the time to recovery are invalid choices.

Wich perspective of the standard IT balanced scorecard reports key indicators concerning the
perception of IT department effectiveness and values as seen from other (non-IT) corporate executives?

A) Business contribution
B) Operational excellence
C) Innovation
D) User

Answer: A) Business contribution

In the business contribution perspective, keys indicators are the perspective of IT department
effectiveness and values as seen from other (non-it) corporate executives.

IT Standards

Are official, management-approved statements that define the technologies, protocols, suppliers, and
method that are used by an IT organization. Standards help drive consistency into IT organization.

Purpose of pre-audit

To permit an audit client to prepare for an upcoming initial audit.


Pre-audit is generally performed on an audit client that has NOT BEEN AUDITED BEFORE, as means for
helping it prepare for an upcoming audit. No sample evidence is provided by auditors

10

An auditor is evaluating a business process and has found that personnel perform tasks consistently, but
was told that there are no written procedure documents. What opinion should the auditor write for this
process?

A) No exception: The process is effective


B) Major exception: Lack of procedure document
C) Minor exception: Lack of procedure document
D) Minor exception: the process is not effective

Answer: C) Minor exception: Lack of procedure document

11

An audit manager has directed an auditor to falsify a client’s audit report. What is the auditor’s best
response

A) Report the matter to executive management


B) Notify law enforcement
C) Notify the audit Client
D) Resign his or her position

Answer : A) Report the matter to executive management

Nothify the executive in his or her chain of command.

12

What is an audit program

The plan for conducting audits over a certain period, and involves planning resources, scope, objectives,
and procedures.
13

Which of the following most accurately describes characteristics of qualitatives risk assessments?

A) A quantitative risk assessment is considerably more difficult and time consuming to perform than a
quantitative risk assessment.
B) A Quantitative risk assessment rates risks as high-medium-low
C) A quantitative risk assessment will verify which risk reduction measures are the ones that will make
the most difference from a purely financial standpoint.
D) A quantitative risk analysis rate risks in actual probabilities and costs

Answer: D) A quantitative risk analysis rate risks in actual probabilities and costs

A quantitative risk assessment is the most difficult to perform, due to requirement for accurate
numerical data, such as costs, time, depreciation, and so on. Quantitative risk assessment deals with
actual probabilities and costs, whereas qualitative risk assessments indicate rate such as high, mdeium,
and low.

14

The definition of single loss expectancy (SLE) is :

A) The exposure factor for a single loss


B) The probability of a single loss
C) Financial Loss from a single event
D) Fianacial loss from events in a single year.

Answer: C) Financial Loss from a single event

Exposure factor (EF) is a percentage of an asset's value, after salvage.

The financial loss from events in a ssingle year is kown as annual loos expectancy (ALE).

You might also like