Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CPD 3 > GUID 5100 > Flashcards

GUID 5100 Flashcards

(50 cards)

Start Studying
1
Q
  1. What is the primary objective of GUID 5100? A. Regulate private IS audits B. Replace ISSAI standards C. Guide SAIs in auditing IS D. Replace IT policies
A

C. Guide SAIs in auditing IS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which ISSAI lays down the fundamental principles of financial auditing? A. ISSAI 100 B. ISSAI 200 C. ISSAI 300 D. ISSAI 400
A

B. ISSAI 200

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Information systems can range from: A. Simple paper-based systems B. Only cloud-based platforms C. Manual HR systems D. None of the above
A

A. Simple paper-based systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. What does IS audit primarily assess? A. Programming efficiency B. Employee satisfaction C. IT controls D. Budget utilization
A

C. IT controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following is NOT a domain for IS Audit scope? A. Asset Management B. Physical Environment C. Marketing D. Business Continuity
A

C. Marketing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What type of risk reflects the natural potential for system failure despite controls? A. Control Risk B. Detection Risk C. Inherent Risk D. Operational Risk
A

C. Inherent Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Application controls include all EXCEPT: A. Input validation B. Accurate processing C. Master data integrity D. Physical security
A

D. Physical security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which standard is specifically for compliance audits? A. ISSAI 100 B. ISSAI 200 C. ISSAI 300 D. ISSAI 400
A

D. ISSAI 400

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. The use of CAATs allows auditors to: A. Reduce sample sizes B. Avoid data analysis C. Generate test documentation D. Replace interviews
A

C. Generate test documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which term refers to verifying user identity? A. Authentication B. Encryption C. Validation D. Verification
A

A. Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. IS Audit planning should be based on: A. Audit rotation B. Fixed standards C. Risk assessment D. Budget cycles
A

C. Risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What does GUID 5100 suggest for human resource allocation in IS audits? A. Centralized IT group B. HR department audit C. Random assignment D. Outsourcing
A

A. Centralized IT group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is the role of audit sampling in IS audit? A. Replace audit evidence B. Detect all errors C. Allow representative testing D. Save storage space
A

C. Allow representative testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Control Risk refers to: A. Risk due to system complexity B. Failure of IT controls C. Auditor’s negligence D. Financial misstatements
A

B. Failure of IT controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which of the following is considered a general control? A. Password protection B. Field validation C. Record matching D. Data entry checks
A

A. Password protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. A Walkthrough is used to: A. Test hardware B. Trace processes C. Verify expenses D. Audit internal communication
A

B. Trace processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. A forwarding letter for data dumps should include all EXCEPT: A. Hash numbers B. Extraction parameters C. Employee names D. Timestamp
A

C. Employee names

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. Which document describes acceptable IS audit retention practices? A. ISSAI 2530 B. ISSAI 2402 C. SAI’s data policy D. ISACA glossary
A

C. SAI’s data policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. Who may SAIs collaborate with during resource constraints? A. External IT experts B. Competitor SAIs C. ISPs D. Private banks
A

A. External IT experts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. The ability to prevent modification or deletion of audit data refers to: A. Confidentiality B. Integrity C. Non-repudiation D. Authenticity
A

C. Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. Business Continuity and Disaster Recovery Management falls under: A. Application design B. Audit planning C. IS audit domains D. Reporting
Study These Flashcards
A

C. IS audit domains

22
Q
  1. What should be limited in IS audit reports to protect sensitive info? A. Graphics B. Technical jargon C. Passwords and IDs D. Glossary
Study These Flashcards
A

C. Passwords and IDs

23
Q
  1. Substantive testing in IS audit includes: A. Executive interviews B. Email review C. Detailed data analysis D. Budget verification
Study These Flashcards
A

C. Detailed data analysis

24
Q
  1. The period of audit retention depends on: A. Client’s preference B. Data size C. Statutory requirements D. Auditor availability
Study These Flashcards
A

C. Statutory requirements

25
25. The main purpose of follow-up in IS audits is to: A. Recheck passwords B. Test software versions C. Verify implementation of recommendations D. Close audit
C. Verify implementation of recommendations
26
26. What does ISSAI stand for? A. International Standards of Supreme Audit Institutions B. International Systems for Audit Integrity C. Indian Standards for Audit D. Internal Standards for IS Audit
A. International Standards of Supreme Audit Institutions
27
27. Which principle supports risk-based audit planning in IS audits? A. Strategic principle B. Financial management C. ISSAI guidelines D. ITIL standards
C. ISSAI guidelines
28
28. General controls ensure: A. Field validation B. Communication security C. Data confidentiality, integrity, and availability D. User interface design
C. Data confidentiality, integrity, and availability
29
29. Which is an example of Detection Risk? A. Weak passwords B. Unrecognized control failure C. System crashes D. Unauthorized hardware access
B. Unrecognized control failure
30
30. Which standard guides sampling in financial audit? A. ISSAI 100 B. ISSAI 2530 C. ISSAI 300 D. GUID 5100
B. ISSAI 2530
31
31. Who is responsible for defining IS Audit materiality? A. Client B. Government C. SAI framework D. System administrator
C. SAI framework
32
32. What ensures secure sharing of IS infrastructure? A. Procurement policy B. Access protocols C. Defined processes D. Encryption software
C. Defined processes
33
33. A properly defined IS Policy must be: A. Ambiguous B. Communicated C. Optional D. Outsourced
B. Communicated
34
34. Which area includes control over in-sourcing or outsourcing IT operations? A. HR management B. IT Operations C. Communication D. Development
B. IT Operations
35
35. The effectiveness of automated controls can be verified through: A. User interviews B. Smaller transaction samples C. Budget reports D. Annual reports
B. Smaller transaction samples
36
36. Non-repudiation helps ensure: A. Password reset B. Data can’t be denied later C. System logging D. Open access
B. Data can’t be denied later
37
37. Application control assessment may include all EXCEPT: A. Staff salaries B. Risk identification C. Criticality assessment D. Documentation review
A. Staff salaries
38
38. Audit documentation must be: A. Editable B. Password protected C. Confidential D. Retained and protected
D. Retained and protected
39
39. One benefit of CAATs is: A. Manual oversight B. Higher costs C. Repeatable tests D. Avoidance of compliance
C. Repeatable tests
40
40. Stratification is a CAAT technique used for: A. Password recovery B. Dividing data into layers C. Encryption D. Deleting records
B. Dividing data into layers
41
41. IS Audit evidence must be: A. Reviewed weekly B. Financially approved C. Sufficient and reliable D. Accessible by all staff
C. Sufficient and reliable
42
42. A glossary in IS Audit reports helps: A. Reduce report length B. Avoid jargon C. Enhance readability D. Encrypt data
C. Enhance readability
43
43. During planning, what is used to identify audit domains? A. Risk assessment B. Past audits C. Client request D. External reports
A. Risk assessment
44
44. Access to audit evidence infrastructure allows: A. Physical entry only B. Proofreading reports C. Data analysis D. Marketing strategy
C. Data analysis
45
45. What is NOT a component of risk in IS audit? A. Control risk B. Inherent risk C. System speed D. Detection risk
C. System speed
46
46. SAIs may form IS audit groups to: A. Outsource auditing B. Save funds C. Centralize expertise D. Train all citizens
C. Centralize expertise
47
47. IS audit conclusions are based on: A. Public opinion B. Budget statements C. Evidence and analysis D. Auditor memory
C. Evidence and analysis
48
48. Data dump letters verify: A. Server temperature B. Data source and extraction method C. Passwords used D. Time zone settings
B. Data source and extraction method
49
49. Which is a consideration when reporting vulnerabilities? A. Publishing them early B. Waiting until controls are adopted C. Ignoring them D. Hiding them
B. Waiting until controls are adopted
50
50. What helps identify excessive inefficiency in IS usage? A. Application controls B. Internal memos C. IT spending reports D. Risk analysis
A. Application controls

CPD 3 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions