All Matches

Solution Library

Expert Answer

Textbooks

Search Textbook questions, tutors and Books

Oops, something went wrong!

Change your search query and then try again

Result Not Found

Books FREE
Tutors
Study Help
Hire a Tutor
AI Study Help New

Search
Sign In
Register

study help
business
auditing 12th

Questions and Answers of Auditing 12th

In meeting the third standard of field work, the auditor may perform(a) substantive tests of transactions,(b) substantive tests of balances, and(c) analytical review procedures. Below are listed
Auditors frequently refer to the terms "standards" and "procedures." Standards deal with measures of the quality of the auditor's performance. Standards specifically refer to the ten GAAS. Procedures
An important part of every examination of financial statements is the preparation of audit working papers.Requireda. Discuss the relationship of audit working papers to the standards of field work.b.
The preparation of working papers is an integral part of a CPA's examination of financial statements. On a recurring engagement, a CPA reviews his audit programs and working papers from his prior
The accountant for the Rayan Co. is preparing financial statements for the year ended December 31. Your review of the accounting records discloses the need for the following adjusting and
During your work on the audit of the Jamaica Can Company, you discover the differences described below and note them in the working papers:1. To verify the client accrual for wages payable, you took
As a staff assistant on the Portage Developers Corp. audit, you have been asked by your supervisor, Mary Reed, to prepare a cash summary or lead schedule for the working papers for the December 31,
The following schedule was prepared by staff accountant C.B. Sure on completing the verification of a December 31 client-prepared reconciliation of the City Bank General Account in the audit of Bold,
What are the five components of the COSO IC-IF Model?
Use operational events as examples to show how internal auditors can use the 7Es to assess and improve operational success.
Preventing a user who approves a configuration change from being the person who implements the change is an example of which of the following?A. Rotation of duties B. Least privilege C. Segregation
The ______________ is typically defined as everything needed to operate and manage the IT environment. It is simply all installed technologies, including all hardware, software, network devices,
Internal written policies by themselves reduce risk?A. True B. False
Only internal audit function can perform an audit?A. True B. False
Which component is not part of the CIA triad?A. Confidentiality B. Integrity C. Access D. Availability
A compliance assessment or audit should not only consider controls but also measures the effectiveness of the governance and management oversight to ensure the controls are being followed.A. True B.
Pretexting is a technical method of intercepting passwords embedded in text messages.A. True B. False
Having a photograph or physical description on an identification that is not consistent with the applicant or consumer presenting the identification is an example of what type of red flag category?A.
Regulatory compliance laws do not exist at what different level?A. Local B. State C. Federal D. International.
The Family Educational Rights and Privacy Act (FERPA) of 1974 is a U.S. federal law that protects the privacy of student education records and allows parents certain access rights to the student’s
Which of the following does not deal with the HIPAA administrative safeguard of the security management process?A. Risk analysis and management B. Sanction policy C. Facility security plan D.
Which of the following does not deal with the addressable HIPAA administrative safeguard of workforce security?A. Authorization and/or supervision B. Workforce clearance procedure C. Termination
Which of these is not an effective method used by organizations to protect privacy data?A. Develop appropriate privacy policies.B. Conduct irregular risk assessments of access controls.C. Establish
Personal information, such as a person’s name by itself, can be considered sensitive information A. True B. False
Which of these domains of security are responsible for the end users’ operating environment?A. User Domain B. Workstation Domain C. LAN Domain D. LAN-to-WAN Domain
Which of these domains of security are responsible for the systems on the network that provide the applications and software for the users?A. LAN Domain B. WAN Domain C. Remote Access Domain D.
A WAN typically covers communication to a smaller defined geographical area.A. True B. False
Which of the following components of an IT policy framework would require users to use two-factor authentication when accessing the remote network—usually combining a physical onetime token code
A standard and a policy are exactly the same.A. True B. False
The key difference between a framework and standard is?A. A framework provide broad control objectives B. A standard define how the control objective is to be achieved C. A framework is designed to
NIST is a framework that applies only to government funded systems.A. True B. False
Which of these is a listing of codes used for prioritizing decisions during security control implementation and control enhancements for systems of varying degrees of impact?A. Supplemental guidance
The Framework Core is a matrix of activities and associated references that uses various categories across five different functions including which of the following? (Pick three.)A. Identify B.
Which of the following components of IT governance deals with ensuring the proper management of IT resources and that they are used responsibly?A. Strategic alignment B. Resource management C. Risk
ISO/IEC 27002 certification is not a one-time process but needs to be continuously updated.A. True B. False
ISO/IEC 27002, formally known as “ISO/IEC 27002:2013 Information Technology—Security Techniques—Code of Practice for Information Security Management” is made up of 16 sections of code.A. True
Which of the following is not an example of a technical controls performed by the IT systems?A. Identification and authorization B. Computer support and operations C. Audit trails D. Cryptography
Which of the following is not an example of operational controls?A. Personnel and user issues B. Incident response and handling C. Logical access D. Physical and environmental security
What is an important characteristic of a project such as an audit?A. The project is continuous and ongoing.B. The project is standard and produces standard results.C. The project will occur in
Of the following four different document types, which is most likely to be used for audits and assessments because of their depth and prescriptive stance?A. Special Publications B. NIST Internal
Which type of tool includes mechanisms for managing any project, including auditing projects, by helping track progress to established milestones?A. Electronic work papers B. Project management
What type of framework focus determines which controls to deploy based on the highest risk to the organization's objectives?A. Risk-based management B. Align the businesses risk appetite C. Reduce
What type of framework focus will reduce surprises and ensure risks are systematically identified and reduced, eliminated, or accepted?A. Risk-based management B. Align the businesses risk appetite
True or False. The distinction between automated and manual controls is if a human decision is required to take action.A. True B. False
Of the following security controls, which unique design type is a manual control that does not avert an incident from happening but rather alerts an organization about the breach?A. Preventive B.
Business liability insurance can only be issued to organizations and not individuals.A. True B. False
There may be times where an audit report should not have a formal rating.A. True B. Fale
Which section of a simplified audit report will include a quick overview of the conclusion an auditor makes?A. Executive summary B. Background C. Findings and issues
In the background section of the audit report, what part will help the reader understand the business or process being assessed?A. Scope B. Scope exclusions C. Time period D. Control environment
Not all observations elevate to audit findings in the report if the organization is notified by alternative means.A. True B. False
Since an audit report is an opinion on the health of the control environment, an audit report rating and opinion are the exact same thing.A. True B. False
Which of these key components of a security risk assessment provides details about the infrastructure systems, including the hardware, software, data, interfaces, and associated users?A. Approach B.
Removing prior access that is no longer needed as a security policy will achieve what?A. Reduces the overall security risk to the organization B. Maintains segregation of duties C. Simplifies
What type of security risk relies on human weakness to trick an employee into an act of noncompliance without their knowledge?A. Social engineering B. Human mistake C. Insider threat
The goal of a security awareness program is to hold an individual accountable if they have not been instructed as to what is and is not acceptable with information security.A. True B. False
What type of documentation in the User Domain provides guidance for personnel on the proper use of resources?A. IT asset AUPs B. Internet AUPs C. Email AUPs
One significant threat to information security comes from the, ______ , which refers to an employee, consultant, contractor, or vendor who knows the organization, may know the countermeasures and the
Always use a UPS device for desktop and laptop computers.A. True B. False
Vendors often publish patches to prevent a Zero-day vulnerability.A. True B. False
Workstations are typically managed by a central ___________ that can update software, apply patches, and update configuration as needed.
Dial-up modems for hardware support from vendors are a common practice and as a rule should be allowed.A. True B. False
Encrypting the laptop hard drive is a common control that ensures data are protected even if the device is stolen.A. True B. False
The terms Data Loss Protection (DLP) and Data Leakage Protection (DLP) program both refer to a formal program that reduces the likelihood of accidental or malicious loss of data leaving the
A(n) _____ is a network of at least two computers connected through a network in a certain area.
Which type of network limits what and how computers can talk to each other as an extra type of security measure?A. Segmented network B. Flat network C. Transitional network D. 3-D network
Which of the following common network devices can be defined as a software or hardware device that filters the traffic in and out of a LAN?A. Router B. Firewall C. Switch D. Hub
When creating a baseline document to document the security settings for devices, which type of document included in the network audit scope typically will describe each LAN-attached device product
Multifactor authentication is the de facto standard to authenticate a remote connection.A. True B. False
If a company wanted to have control over the server and applications on the server, which cloud service would be the best fit?A. Infrastructure as a Service (IaaS)B. Platform as a Service (PaaS)C.
Requiring a user to enter their user ID/password plus a secret PIN number be considered two-factor authentication.A. True B. False
A SD-WAN completely replaces all the components of the olderWAN model.A. TrueB. False
An SD-WAN is more scalable than a WN network model.A. TrueB. False
Many experts think _______ network models are the trend in thenear future.
A(n) ________ plan should be integrated into broader responseplans.
A SOC ___ report assesses the controls related to vendormanagement.
Monitoring VPN traffic requires specialized methods that is different from those used to monitor LAN and WAN traffic A. True B. False
What are some benefits to allowing employees remote access during stay-at-home work?A. Freedom and flexibility B. Cost saving C. Personalized environment D. All the above
What is it called when an organization improves its remote access security by identifying how users connect to the corporate network and access sensitive data?A. Policies B. Penetration testing C.
The most common form of remote access is through a VPN.A. True B. False
What type of control within the remote access environment grants authenticated users the appropriate and limited access?A. Authentication B. Authorization C. Nonrepudiation
What type of control within the remote access ensures that users cannot challenge their ownership, which in this case is the activity performed during a remote access session?A. Authentication B.
Application software and system software mean the same thing.A. True B. False
Secure coding techniques should be applied after developer testing and before UAT testing.A. True B. False
The ______ SDLC phase is the final stage of any software development before deployment.
Creating a(n) ________ program will reduce the likelihood of accidental or malicious loss of data.
Ethics and code of conduct are considered equivalent.A. True B. False
Non-auditors such as a systems administrator are allowed to obtain a CISA certification as long as they can show they have the right work experience.A. True B. False
Auditors must obtain a CIA certification prior to obtaining a CISA certification.A. True B. False
What part of the ethical code of conduct refers to how an IT auditor can create trust and reliance on their decisions?A. Integrity B. Objectivity C. Confidentiality D. Competency
What part of the ethical code of conduct refers to how IT auditors have the abilities and skills to perform internal audit services?A. Integrity B. Objectivity C. Confidentiality D. Competency
What is operational auditing and how can it add value to the organization?
Explain the importance of independence and objectivity and how having unfettered access within the organization impacts the internal auditors’ ability to review any program, process, system,
Describe the difference between retrospective reviews that focus on past events and prospective engagements. List some of the future threats that internal auditors should include in their assessments.
What are five of the skills of internal auditors that have been identified as essential for success in the future? What can your internal audit department do to develop those skills among its staff?
Explain the five stages in the IA-CM and its implications for operational auditing.
Explain integrated auditing.
Describe the difference between controls-based and risk-based auditing.
Explain the importance of using business objectives while planning and performing operational audits, and how to use them when communicating the results of the audit.
What are the attributes of effective audit evidence outlines in Standard 2310 and what the implications for operational audits?
Explain how an organization could meet its compliance requirements but still fail over the medium and long term.

Showing 700 - 800 of 1794

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Last

Services

Sitemap
Fun
Definitions
Become Tutor
Study Help Categories
Recent Questions
Expert Questions

Company Info

Security
Copyrights
Privacy Policy
Terms & Conditions
SolutionInn Fee
Scholarship

Get In Touch

About Us
Contact Us
Career
Jobs
FAQ
Campus Ambassador

Secure Payment

Download Our App

© 2024 SolutionInn. All Rights Reserved