Documente Academic
Documente Profesional
Documente Cultură
GROUP 2
CIA and AICPA
1. ___________ refer to computer programs that manage the processing workload and
control user access to various resources of computer system.
a. General Control Review c. System Software
b. Application Controls d. System Hardware
7. Some CIS control procedures relate to all CIS activities (general controls) and some
relate to specific tasks (application controls). General controls include
a. Controls designed to ascertain that all data submitted to CIS for processing have
been properly authorized.
b. Controls that relate to the correction and resubmission of data that were initially
incorrect
c. Controls for documenting and approving programs and changes to programs
d. Controls designed to assure the accuracy of the processing results.
10. Which of the following is least likely to be a general control over computer activities?
a. Procedures for developing new programs and systems
b. Requirements for system documentation
c. An access controls
d. A control totals
12. Which of the following is least likely to be used in obtaining an understanding of client
general controls?
a. Examination of system documentation
b. Inquiry of client personnel (e.g., key users)
c. Observation of transaction processing
d. Reviews of questionnaires completed by client IT personnel
16. Certain general CIS Controls that are particularly important to on-line processing least
likely include
a. Access controls
b. System development and maintenance controls
c. Edit, reasonableness and other validation test
d. Use of anti-virus software program
17. Which of the following best provides access control to payroll data being processed on a
local server?
a. Logging of access to personal information
b. Separate password for sensitive transactions
c. Software restricts access rules to authorized staff
d. System access restricted to business hours
19. Auditor's usually obtain information about general and application controls through:
a. Interviews with IT personnel
b. Examination of systems documentation
c. Reading program change requests
d. All of the above methods
20. Which of the following is not a general control?
a. Reasonableness test for unit selling price of a sale.
b. Equipment failure causes error messages on monitor.
c. Separation of duties between programmer and operators.
d. Adequate program run instructions for operating the computer
21. Which of the following outcomes is a likely benefit of information technology used for
internal control?
a. Processing of unusual or nonrecurring transactions.
b. Enhanced timeliness of information.
c. Potential loss of data.
d. Recording of unauthorized transactions.
22. Which of the following factors is most likely to affect the extent of the documentation of the
auditor's understanding of a client's system of internal controls?
a. The industry and the business and regulatory environments in which the client
operates.
b. The degree to which information technology is used in the accounting function.
c. The relationship between management, the board of directors, and external
stakeholders.
d. The degree to which the auditor intends to use internal audit personnel to perform
substantive tests.
23. Which of the following statements accurately describes the impact that automation has on the
controls normally present in a manual system?
a. Transaction trails are more extensive in a computer-based system than in a manual
system because there is always a one-for-one correspondence between data entry and
output.
b. Responsibility for custody of information assets is more concentrated in user
departments in a computer- based system than it is in a manual system.
c. Controls must be more explicit in a computer-based system because many
processing points that present opportunities for human judgment in a manual
system are eliminated.
d. The quality of documentation becomes less critical in a computer-based system than
itis in a manual system because data records are stored in machine-readable files.
24. Control objectives regarding effectiveness and efficiency, reliability, and compliance are the
basis of which control framework?
a. GTAG
b. eSAC
c. COBIT
d. COSO
25. Which of the following would not be in scope in a general computer control review?
a. Change Management
b. The Financial Statement Close Process
c. Physical Security
d. Operating System Security
26. All of the following are true about general control except:
a. General controls, in nature, cannot be automated, manual or hybrid, where in
the case of an automated and/or hybrid control
b. General controls are defined as controls, other than application controls, that relate to
the environment within which computer-based application systems are developed,
maintained and operated, and that is therefore applicable to all applications
c. General controls apply to all areas of the organization including IT infrastructure and
Support services
d. None of the above
27. Which of the following best describes Physical and Logical access management?
a. The objective of this control is to verify that the expected level of service, promised
to the business, will be delivered through the day to day activities of the organization.
b. The objective of this control is to verify the key components which affect the
confidentiality, integrity and availability of information systems.
c. The objective of this control is to provide appropriate degree of assurance over the
changes implemented on the Information Systems.
d. The objective of this control is to gain an overall impression on the controls
surrounding the information systems within the environment in order to provide
assurance of leadership, organizational structure and processes existence
28. IS auditor is reviewing the internal control of an application software. The sampling
method that will be MOST useful when testing for compliance is:
a. Attribute sampling
b. Variable sampling
c. Discovery sampling
d. Stop or go sampling
36. Which of the following best describes a fundamental control weakness often associated with
electronic data processing systems?
a. Electronic data processing equipment is more subject to systems error than manual
processing is subject to human error.
b. Electronic data processing equipment processes and records similar transactions in a
similar manner.
c. Electronic data processing procedures for detection of invalid and unusual transactions
are less effective than manual control procedures.
d. Functions that would normally be separated in a manual system are combined in
the electronic data processing system
37. Where computer processing is used in significant accounting applications, internal control
procedures may be defined by classifying control procedures into two types: general and
a. Administrative
b. Specific
c. Application
d. Authorization
38. Which of the following best describe the early stages of an IS audit?
a. Observing key organizational facilities
b. Assessing the IS environment
c. Understanding business process and environment applicable to the review
d. Reviewing prior IS audit reports
39. A validation which ensures that input data are matched to predetermined reasonable limits or
occurrence rates, is known as:
a. Reasonableness check
b. Validity check
c. Existence check
d. Limit check
40. Which of the following data entry controls provides the greatest assurance that the data is
entered correctly?
a. Using key verification
b. Segregating the data entry function from data entry verification
c. Maintaining a log/record detailing the time, date, employee’s initials/user id and progress
of various date preparation and verification tasks
d. Adding check digits
REFERENCES
https://cpadiary.files.wordpress.com/2013/04/chapter-12.doc
https://www.proprofs.com/quiz-school/story.php?title=cisa-mock-test-domain-2-100-questions-
3-hours
http://www.internalauditor.me/article/information-technology-general-controls-the-basics/
https://c.ymcdn.com/sites/flclerks.site-
ym.com/resource/resmgr/How_to_do_a_General_IT_Contr.pdf
https://www.scribd.com/document/252356215/CISA-Practice-Exam-Questions
https://www.coursehero.com/file/22541822/CISA-Exam-Questions/
BECKER PROFESSIONAL EDUCATIONAL
https://www.cpaarmy.com/cpa-practice-exam-sample-test-far-financial-accounting-reporting/
http://cisaexamstudy.com/sampling-mock-test/
https://www.slideshare.net/ArshadAJaved/cisa-xam-100-practice-question
https://www.techylib.com/en/view/typowehee/part_i_multiple_choice_and_short_questions
https://www.journalofaccountancy.com/issues/2014/may/coso-it-controls-20138951.html
AICPA 2018 (Understanding the entity and its environment and assessing the risk of material
misstatement)
Auditing CIA Reviewer | Academia.edu
https://www.academia.edu › Auditing_CI...