ANSWER BY TRUE OR FALSE

1. technology has impacted various significant areas of the business environment, including the use and processing of information, the control process, and the auditing profession.

2. Managerial auditing encompasses all activities and responsibilities concerned with the rendering of an opinion on the fairness of financial statements.

The principal objective of the internal audit function is to minimize the amount of substantial auditing or testing of transactions required to render an opinion on the financial statements.

3. Two broad groupings of IT audits include General Computer Controls Audit and Application Controls Audit.

4. IT auditing can be defined as the formal, independent, and objective examination of internal controls within an organizations IT infrastructure to determine whether the activities involved in gathering, processing, storing, distributing and using information and its related technologies are consistent with guidelines, safeguard assets, maintain data integrity, and operate effectively and efficiently to achieve the organization's goals or objectives.

5. When IT auditors attain their CISA certification, they also must subscribe to a Code of Professional Ethics.

6. A code of ethics and professional standards determine how the profession should be practiced and the goals toward which the practitioner strives.

7. The concept of independence refers to both independence in fact and independence in appearance.

8. Cyberterrorism is not capable of shutting down nuclear centrifuges, air defense systems, nor electrical grids.

9. The audit universe is an inventory of all the potential audit areas within an organization.

10. Incorporating enterprise wide risk assessments into audit plans is not typically seen as a best practice for organizations.

11. Modeling is a technique by which the auditor can compare current data with a trend or pattern as a basis for evaluating reasonableness.

12. Data flow diagrams are process-oriented and emphasize logical flows and transformations of data, while flowcharts emphasize physical processing steps and controls.

13. When performing statistical sampling, the sample is selected and the results evaluated are based on the auditors experience.

14. When performing judgmental sampling, the sample is randomly selected and evaluated through the application of the probability theory.

15. One of the ACL commands, summarize, produces aged summaries of data (e.g., classification of outstanding invoices).

16. The focus of an operational review is on the evaluation of effectiveness, efficiency, and goal achievement related to information systems management operations.

17. When performing "auditing through the computer", the auditor obtains source documents that are associated with particular input transactions and reconciles them against output results.

18. Computer forensics is the examination, analysis, testing, and evaluation of computer-based material conducted to provide relevant and valid information to a court of law.

19. Even though IT governance assists alignment of IT activities and processes with business objectives, it does not ensure regulatory compliance or adequate implementation of internal controls.

20. A strategy is an important first step toward meeting the challenging and changing business environment.

21. The IT Steering Committee should be composed of members of senior management and the CIO.

22. Resolving conflicts between business and technology groups falls under the scope of the IT Steering Committee.

23. Developing communication strategies is not part of the scope of the IT Steering Committee.

24. A demand management process ensures that a project has business justification, a business and IT sponsor, and a consistent approach for approving projects.

25. Historically, risk management in most successful organizations has been managed in silos (i.e., independently in separate compartments).

26. An environment where each business unit calculates its risk separately with different rules provides a meaningful oversight of enterprise-wide risk.

27. The ERM framework takes a controls-based rather than a risk-based approach when evaluating internal controls.

28. Managements beliefs, attitudes, operating style, and risk appetite are all part of the objective setting component of the ERM Integrated Framework.

29. Management can react or respond to identified risks in one of the following four ways: Avoid, Prevent, Reduce, or Share.

30. Information is considered relevant when it is free from bias.

31. Information is considered reliable when two independent people can produce the same conclusion.

32. Information is considered understandable if it is presented in a meaningful manner.

33. Project management has often been described as part art and part science. The art side involves implementing the right project governance and project management life cycle, and integrate these two elements with the appropriate project management methodology.

34. Project management has often been described as part art and part science. The science side involves the human element, the experience project managers bring to the project, support from management, etc.

35. One of the components of program management includes creating a program management office.

36. According to the Project Management Institute (PMI), big data "describes large volumes of high velocity, complex and variable data that require advanced techniques and technologies to enable the capture, storage, distribution, management, and analysis of the information.