Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITABP > Module 4: Risk-Based Audit Planning > Flashcards

Module 4: Risk-Based Audit Planning Flashcards

1
Q

What is the main purpose of Risk-based Audit Planning?

A

to deploy resources on the greatest risk on the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk-based Audit Planning: What are the factors needed to be considered for its environment?

A
  1. External and internal factors affecting the organization
  2. The organization’s selection and application of policies and procedures
  3. The organization’s objectives and strategies
  4. Measurement and review of the organization’s performance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you gain an understanding of the organization?

A
  1. Strategy management
  2. Business products and services
  3. Corporate governance process
  4. Transaction types, partners, and flows within information systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

concerns about the probable effects of an uncertain event on achieving established business objectives

A

Business Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Business Risk: What are the natures that a business risk might take?

A

financial, regulatory, operational, risk from specific technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Business Risk: Business risk also includes accepted risk from activities that’s in line with the organization’s objectives (T or F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk-based Audit: Is used to assess risk and assist an IS auditor in deciding to perform what?

A

Either compliance or substantive testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk-based Audit: Risk based audit assists the auditor in what?

A

Assists in determining the nature and extent of testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risk-based Audit: What are the steps to a risk-based audit?

A
  1. Gather information and plan
  2. Obtain understanding of control
  3. Perform compliance testing
  4. Perform substantive testing
  5. Conclude the audit
  6. Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

risk that information collected
may contain a material error
that may go undetected
during the course of the audit

A

Audit Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the formula for audit risk?

A

AR = Inherent Risk x Control Risk x Detection Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the only factor of audit risk that can be controlled?

A

The detection risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The risk that material errors or misstatements
that have occurred will not be detected by an
IS auditor

A

Detection Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The risk that a material error exists that would not be
prevented or detected on a timely basis by the
system of internal controls

A

Control Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

the risk level or exposure of the process/entity to be audited without
considering the controls that management has implemented. Inherent risk
exists independent of an audit and can occur because of the nature of
the business

A

Inherent Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Audit Risk: Things to consider -

  • IS auditor should have a ______ when planning an audit
  • By using __________, the probability of detection risk can be reduced
    to an acceptable level
  • A given system may not detect a ____. However, that specific error, combined with others, could become material to the overall system
A
  1. good understanding of audit risk
  2. proper statistical sampling procedures or a strong quality control process
  3. minor error
17
Q

The amount of risk an organization is prepared to accept or be
exposed to

A

Risk appetite

18
Q

The maximum risk the organization is able to bear, given its resources
and capabilities

A

Risk Capacity

19
Q

Acceptable variance from risk appetite

A

Risk Tolerance

20
Q

The level of risk remaining after risk treatment

A

Residual Risk

21
Q

The residual risk should ____ the risk appetite

A

not exceed

22
Q

The risk appetite should exceed the organisation’s risk capacity and risk tolerance (T or F)

A

False. Should not.

23
Q

introduce or
strengthen internal
controls to mitigate
the risk

A

Treat/Mitigate/
Reduce

24
Q

Knowingly and
objectively not taking
action, provided the
risk clearly satisfies the
organization’s policy
and criteria for risk
acceptance

A

Tolerate/Accept

25
Q

apportion some or all
of the risk to a third
party

A

Transfer/Share

26
Q

Avoiding risk by not allowing actions that would cause the risk to occur

A

Terminate/Avoid

27
Q

Is it allowed to ignore the risk in some cases?

A

No. It is never allowed

28
Q

Risk responses: Determine the course of action depending on the impact and probability

  1. High impact - Low probability:
  2. Low impact - low probability:
  3. Low impact - high probability:
  4. High impact - High probability:
A
  1. Build Contingency plans
  2. Keep under review
    3, Consider treatments
  3. Take immediate action
29
Q

Considerations for implementing risk mitigation: What are the considerations?

A
  1. Requirements and constraints of national and international legislation
  2. Organizational Objectives
  3. Operational requirements and constraints
  4. Cost Effectiveness
30
Q

What should be considered by the IS auditor when developing the audit plan?

A
  1. All areas within the scope of the IS audit universe
  2. Reliability of the risk assessment by the management
  3. The process that management does to examine possible risks
  4. Coverage of risk in related activities relevant to activities under review
31
Q

IS audit risk assessment techniques: Either a quantitative or a qualitative approach must be used for the risk assessment (T or F)

A

False. It may be a combination of both

32
Q

IS audit risk assessment techniques: Give a quantitative approach

A

Scoring system

33
Q

What are the desired outcomes on using risk assessment?

  1. Enable audit management to ______
  2. Ensure that _____ has been obtained
  3. Establishing ____ for effectively managing the audit department
  4. Providing a summary of how the _________
A
  1. allocate limited audit resources
  2. relevant information
  3. a basis
  4. individual audit subject is
    related to the overall organization
34
Q

Subset of risk assessment and is used during audit planning
to help identify risk and vulnerabilities so an IS auditor can
determine the controls needed to mitigate risk

A

Risk Analysis

35
Q

Risk Analysis: Help IS auditors to

A

Determine the controls to mitigate risk

36
Q

Risk Analysis: Identifies what?

A

Risk and Vulnerabilities

37
Q

Risk Analysis: Provide sufficient appropriate audit evidence on which to base the audit opinion (T or F)

A

False. It does not provide sufficient evidence

38
Q

WHAT AUDITORS SHOULD UNDERSTAND WHEN ANALYZING BUSINESS RISK FROM THE USE OF IT?

 Industry and/or internationally accepted ___ ___ ___
 The ___ __ ___ of business, the environment in
which the business operates and related business risk
 Dependence on ___ ___ ___ __of business
goals and objectives
 The business risk of using __ and how it impacts the
achievement of the business goals and objectives
 A ____ ____ of the business processes and the impact
of IT and related risk on the business process objectives

A
  1. risk management
    processes
  2. purpose and nature
  3. technology in the achievement
  4. IT
    5.Good Overview
39
Q
A

ITABP (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions