CHAPTER 4: AUDIT PROCESS IN AN INFORMATION TECHNOLOGY ENVIRONMENT

1. All are included in Audit Universe Except

a. Risks of not achieving those objectives
b. Process that support those objectives
c. Audit objective for each audit area
d. Develop audit objectives

2. Ongoing tasks as risk and priorities change or resources and timelines change.
a. Audit schedule
b. Audit preparation
c. Audit plan
d. Audit budget

3. Which is not true about risk assessment?

a. Provides explicit criteria for systematically evaluating and selecting audit projects.
b. Improves quality, quantity, and accessibility of planning data such as risk areas, past audits
and result, and project budget information.
c. Auditor should become familiar with prior audit reports on Financial accounting system
d. Assists the audit function in developing the audit schedule and the process for planning
individual audit projects.

4. Which are included in Cyclical Process of auditing?

I. Audit schedule
II. Audit result
III. Follow-up
IV. Audit program
V. Preliminary Review

a. I,II,III,IV and V
b. I,III and V
c. I,II,III
d. None of the above

5. The 3rd step in Audit workflow

a. Gain Preliminary understanding
b. Identify business objectives
c. Priorities risks
d. Assess risk

6. All are objectives of audit plan except:

a. To verify those processes and controls being audited free from significant exposures to risk.
b. To optimize the use of audit resources
c. To provide overall approach within audit engagements can be conducted.
d. To provide an orderly approach within which flexibility can be exercised.
7. Assure the validity, reliability and security of information
a. Financial Managers
b. Audit team
c. IT auditor
d. Internal Auditor

8. Formal statements that describe the purposes of the audit.

a. Audit scope
b. Audit objective
c. Audit budget
d. Audit planning

9. Best describe audit schedule

a. Internal departments must obtain a comprehensive understanding of the audit universe
item
b. To verify those processes and controls being audited free from significant exposures to risk.
c. Communicate the audit areas with functional departments
d. To verify those processes and controls being audited free from significant exposures to risk.

10. Which of the following included in preparation of audit?

I. Communication with auditees
II. Initial contacts
III. Audit team selection
IV. Functions include
V. Definition of audit scope
VI. Audit selection

a. I,II,III,IV , V and VI
b. I,III , V, and VI
c. I,II,III
d. None of the above

11. Its purpose is to gather information as a basis for formulating an audit plan, which is the end
product of this phase.
a. Preliminary Review
b. Preliminary Evaluation of Internal Controls
c. Design Audit Procedures
d. Fieldwork and Implementing Methodology

12. It composed of all activities that help the auditor understand the audit subject and it also
requires observing, interviewing, flowcharting, and documenting each activity.
a. General Data Gathering
b. Fact Gathering
c. Data control procedures
d. Documenting Results
13. A formal plan for reviewing and testing each significant audit subject area disclosed during fact
gathering.
a. Audit Plan
b. Audit Program
c. Audit Flowchart
d. Audit Papers

14. In this step, the auditor must prepare an audit program for the area being audited, select the
verification techniques applicable to each area, and prepare the instructions for their
performance.
a. Design Audit Procedures
b. Fieldwork and Implementing Methodology
c. Validation of Work Performed
d. Substantive Testing

15. It is often referred to as areas of interest.

a. IT Audit Support of Financial Audits
b. Auditing Financial Applications
c. Management of IT and Enterprise Architecture
d. Identifying Financial Application Areas

16. The audit should verify that systems and applications are appropriate to the user’s needs,
efficient, and adequately controlled to ensure valid, reliable, timely, and secure input,
processing, and output at current and projected levels of system activity.
a. Management of IT and Enterprise Architecture
b. Computerized Systems and Applications
c. Information Processing Facilities
d. System Development

17. How many basic steps that constitute the computer auditor’s review?
a. Four (4)
b. Five (5)
c. Six (6)
d. Seven (7)

18. The auditor performs the necessary testing by using documentary evidence, corroborating
interviews, and personal observation.
a. Test Controls
b. Final Evaluation of Internal Controls
c. Preliminary Review
d. Preliminary Evaluation of Internal Controls

19. It is used to determine the accuracy of information being generated by a process or application.
a. Substantive Testing
b. Test of Controls
c. Computer Audit
 d. Internal Controls

20. Auditor’s work program calls for validation in several ways except:
I. Asking different personnel the same question and comparing the answers
II. Asking the same question in different ways at different times
III. Comparing checklist answers to work papers, programs, documentation, test, or other
verifiable results
IV. Comparing checklist answers to observations and actual results
V. Conducting mini-studies of critical phases of the operation
a. I and II
b. IV and V
c. None of these
d. All of the above

21. It should be formally documented and include the process area audited, the objective of the
process, the control objective, the results of the test of that control, and a recommendation in
the case of a control deficiency.
a. Audit Findings
b. Test Control
c. Analytical Procedure
d. Audit Procedure

22. It is the most important factor in converting raw data into a finish product ready for inclusion in
an audit report.

a. Critical Thinking
b. Analysis
c. Common Sense
d. Integrity

23. One of the purposes of the current work paper guidelines is to provide documentation of this
analysis process. In line with this, the four analysis step is needed. Which is not included?
a. Re-examine the standards and the facts
b. Re-examine the cause of problem
c. Determine the cause of the deviation
d. Determine the problem and find a solution

24. This is the most essential step in performing analysis. From this step, the auditor has the
requisite data to make a judgment and formulate an opinion.
a. Re-examination
b. Testing
c. Trial and Error
d. Identification

25. The next step once the auditor is sure of his or her understanding of the standard.
a. Identify the Effect
 b. Identify the Cause
c. Identify the Situation
d. Identify the Problem

26. This step examines the potential consequences of deviations. It answers the question, “Why
does this need correction?”.
a. Exposure and Materiality
b. Exposure only
c. Materiality Level
d. None of the above

27. It refers to the potential amount of loss for each deviation.

a. Severity
b. Proximity
c. Materiality
d. All of the above

28. It is the auditor’s opinion, based on documented evidence that determine whether an audit
subject area meets the audit objectives.
a. Recommendation
b. Conclusion
c. Jurisdiction
d. Both A and B

29. It is the formal statements that describe a course of action that should be implemented to
restore or provide accuracy, efficiency, or adequate control of audit subjects.
a. Conclusion
b. Recommendation
c. Jurisdiction
d. Both A and B

30. Are the formal collection of pertinent writings, documents, flowcharts, correspondence, results
of observations, plans for tests, results of tests, the audit plan, minutes of meeting,
computerized records, data files or application results, and evaluations that document the
auditor activity for the entire audit period.
a. Working Papers
b. Audit Report
c. Testing
d. Audit Program
 Chapter 4: Audit Process in an Information Technology Environment
ANSWERS
1. D
2. A
3. C
4. A
5. D
6. A
7. C
8. A
9. C
10.A
11.A
12.B
13.B
14.A
15.D
16.B
17.D
18.B
19.A
20.C
21.A
22.B
23.D
24.A
25.B
26.A
27.A
28.B
29.B
30.A