Multiple Choice Questions-

1. Which of the following BEST describes a key difference related to the various audit standards?

(a) Auditors must exercise due professional care when performing audit procedures.

(b) Auditors must maintain continuing professional education requirements to support specific certifications.

(c) Detailed requirements related to how the work should be performed, may vary, depending upon the audit standard.

(d) Auditors must maintain independence to avoid introducing bias in their reports.

2. Which of the following BEST describes why auditors must maintain independence?

(a) The value of the audit report is higher if the report is free of bias.

(b) The value of the audit report is lower if the report is free of bias.

(c) The value of the audit report is generally not impacted by the independence of the auditor.

(d) The value of the audit report depends on the due professional care of the auditor performing the work.

3. IT audit standards of practice require that IT auditors:

(a) Should be professionally competent, and possess the skills and knowledge to conduct the audit.

(b) Should possess significant industry and business process experience related to the technology area being audited.

(c) Should possess the Certified Information Systems Auditor (CISA) certification.

(d) Should possess a detailed knowledge of the COBIT framework.

4. Which of the following BEST describes why auditing can be viewed as a cyclical process?

(a) Businesses go through cycles, so auditing must go through cycles.

(b) Historical and current information from audits can be incorporated into the risk assessment.

(c) The audit plan is used to develop the audit schedule.

(d) Many audit departments review the same areas each year as part of the audit plan.

5. Aligning the to the organization's objectives links the entire audit process to business objectives and risks.  To effectively allocate audit resources, audit departments should develop an  that takes into consideration the full audit universe and the risks associated with each universe item, including any departmental resource constraints.

(a) Audit schedule; audit plan

(b) Risk assessment; audit schedule

(c) Audit universe; audit plan

(d) Audit plan; audit budget

6. Which of the following BEST describes the purpose of the Audit Committee Charter?

(a) To provide the detailed audit procedures that should be followed by the Internal Audit Department staff.

(b) To grant the authority, scope of responsibility and accountability of the Audit Committee.

(c) To establish the roles of the audit committee members.

(d) To establish the rules related to the hiring of the external audit firm.

7. Which of the following BESTdescribes why the audit universe should be aligned with business objectives?

(a) Aids in the development of the audit schedule and audit budget.

(b) Ensures appropriate resources are assigned to conduct the audit.

(c) The audit charter requires alignment with business objectives.

(d) Links the entire audit process to entity-wide business objectives.

8. Match the following risk management terms with the definitions we discussed in class:  (a) Risk register, (b) inherent risk, and (c) residual risk

After you mitigate a risk, this is the risk that remains.     

A list of risks that are specific to a company's risk profile.              

The level of risk without giving consideration to controls.             

9. When testing IT controls, which of the following BEST describes the IT auditor's focus:

(a) Evaluating the need for post-audit substantive testing.

(b) Evaluating the scope and objectives of the IT controls.

(c) Assessing the design and operating effectiveness of the controls.

(d) Assessing the alignment of the IT controls, in relation to an industry framework.

10. External and internal IT auditing are similar in terms of approach, reporting structure, and the need to exercise due professional care and professional skepticism.  Which of the following is NOT correct with regard to external and internal IT auditing?

(a) The external and internal IT auditor should possess strong communication skills given the need to report to management and the audit committee.

(b) The external IT auditor is primarily concerned with financial statement risk related to the flow of financial transactions.

(c) The internal IT auditor is concerned about all three components of the COSO framework - legal, operational and financial risks.

(d) The external IT auditor, according to Generally Accepted Auditing Standards (GAAS), guarantees that financial systems produce valid, reliable, complete, and timely financial reporting information to the investing public and other stakeholders.

11. Which of the following BEST describes the purpose of preliminary planning:

(a) To gain an understanding of detailed testing requirements such as sample sizes.

(b) To formulate a preliminary assessment of the key risks and controls in the area under review in order to formulate the audit plan.

(c) To provide management with a timeline of audit activity.

(d) To determine and plan for substantive audit requirements.

12. An IT Auditor is preparing to start an audit of the company's third party vendor management process.  In performing the audit, the IT Auditor should [SELECT ALL THAT APPLY]:

-Plan and perform the audit with the skill and care of a contract attorney.

-Exercise professional skepticism when evaluating audit evidence such as third party contracts.

-Gain a preliminary understanding of controls in the area to ensure the work is properly planned.

-Obtain sufficient competent evidential matter in order to provide a reasonable basis for the audit opinion.

13. Which of the following can be viewed as a PRIMARY benefit, should a company adopt COBIT as an IT governance framework?

(a) COBIT is periodically updated to reflect changes in the IT and business environment.

(b) COBIT can be used by IT auditors to substantiate their findings.

(c) COBIT has been endorsed by numerous government and professional organizations.

(d) COBIT aids management and the IT auditor by establishing a common risk and process control language.

14. Which of the following BEST describes why risk assessment can be viewed as the foundation of the audit function:

(a) Risk assessment provides a framework for allocating limited resources to achieve maximum benefits and value derived from the audit process.

(b) Risk assessment enables flexibility in approaching audits.

(c) Risk assessment provides for a measurement criteria to evaluate audit results.

(d) Risk assessment enables an orderly approach to conducting audits.

15. Which of the following BEST describes the purpose of the audit work program?

(a) To communicate the results of the audit.

(b) To verify and substantiate the results of the preliminary field work.

(c) To document the plan, scope and objectives of the audit.

(d) To document that sufficient and reliable evidence was obtained to support the audit objectives.