When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

• A.Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.
• B.Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.
• C.Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.
• D.Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Comment: *

Name: *

Email: *

Verification: *

Which of the following best describes the most important criteria when assigning responsibility for specific tasks required in an audit engagement?

• A.All audit team members must have the skills necessary to satisfactorily complete any task that will be required in the audit engagement.
• B.Auditors must be given assignments based primarily upon their years of experience.
• C.Tasks must be assigned to the audit team member who is most qualified to perform them.
• D.All auditors assigned an audit task must have the knowledge and skills necessary to complete the task satisfactorily.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

• A.Incentives and bonus programs.
• B.Lack of an ethics policy.
• C.Improper segregation of duties.
• D.An employee's reported concerns.

Comment: *

Name: *

Email: *

Verification: *

During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:

• A.Ask management to test the recovery plan immediately.
• B.Recommend that management and users update and test the recovery plan.
• C.Update the recovery plan for management as part of the review.
• D.Review the recovery plan and report weaknesses to management.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is true about surveys?

• A.A survey, like inspections and confirmations are best used to test the operating effectiveness of controls
• B.A survey's participants are likely to volunteer information that was not specifically requested
• C.A survey with open-ended questions is weaker than a structured interview
• D.A survey with closed-ended questions can produce quantifiable evidence

Comment: *

Name: *

Email: *

Verification: *