1.Which of the following is not one of the reasons auditors should consider the use of CAATs?

Multiple Choice

• ISACA standards require IS auditors to obtain sufficient, reliable, and relevant evidence, and should perform appropriate analysis of this evidence.

• GAAP stipulates that audits should be performed using tools and techniques appropriate to the evidence being reviewed.

• The IIA professional practices state that auditor must consider the use of technology-based auditing tools when conducting audits.

• GAAS requires auditors to gather sufficient and appropriate evidence in the course of audit field work.

2. IT governance over operating systems includes establishing proper policies and procedures. These policies and procedures over operating systems should cover all of the following except:

Multiple Choice

• Which computing hardware to use.

• Who can access the operating system.

• Which actions users can take.

• Which resources users can use.

3.Which of the following is not considered one of the primary CAAT approaches?

Multiple Choice

• The black-box approach.

• Encryption testing.

• Auditing through the computer.

• The white-box approach.