10. The role and responsibilities of the information system audit team should be established
A) At the commencement of the audit.
B) At every stage of the audit
C) Before the audit report is drafted.
D) At the end of the audit.

11. An information systems auditor performing a review of an application’s controls finds a weakness in
system software that could materially impact the application. The Information system auditor should;
A) Disregard these control weaknesses since a system software review is beyond the scope of this.
review
B) Conduct a detailed system software review and report the control weaknesses
C) Include in the report a statement that the audit was limited to a review of the application’s control
D) Review the system software controls at relevant and recommend a detailed system software review.

12. The final decision to include a material finding in an audit report should be made by the;
A) Audit committee chair
B) Auditee's manager
C) CEO of the organization
D) Information system auditor

13. Which of the following is the most important criterion when selecting a location for an offsite
storage facility for IS back up files? The offsite facility must be;
A) Physically separated from the data centre and not subject to the same risk
B) Given the same level of protection as that of the computer data centre.
C) Outsourced to a reliable third party.
D) Equipped with surveillance capabilities.

14. In gaining an understanding of the business environment the IS auditor must engage in the
following except;
A) Familiarize himself/ herself with previous audit report.
B) Consider regulatory policies.
C) Assess the control procedures of the organization.
D) Identify inherent risk factors.

15. Which ISACA standard emphasizes the need for objectivity in carrying out an IS audit?

A) S1
B) S2
C) S4
D) S5

16. Which of the following outlines the overall authority for which an IS audit should be performed?
A). The audit scope, with goals and objectives.
B) A request from management to perform an audit.
C) The business charter.
D) The approved audit schedule.

17. Standard 3 (S3) of the ISACA standards states that;
A) The IS auditor should be professionally competent, having the skills and knowledge to conduct the
audit assignment.
B) The IS auditor should develop and document a risk based audit approach.
C) The IS auditor should adhere to the ISACA code of professional ethics in conducting audit
assignments.
D) The IS audit function should be independent of the area or activity being reviewed to permit
objective completion of the audit assignment.