itsac - finals

Question 1

is an audit of an organization’s IT systems, management, operations and related processes.

Answer 1

Information Technology (IT) audit

Question 2

may be carried out in connection with a financial regularity audit or selective audit. As the records, services and operations of many organizations are often highly computerized, there is a need to evaluate the IT controls in the course of an audit of these organizations.

Answer 2

IT audit

Question 3

• This is an examination of the policies and procedures of an entity or department, to see if it is in compliance with internal or regulatory standards. This audit is most commonly used in regulated industries or educational institutions.

Answer 3

Compliance audit

Question 4

• This is an analysis of the fairness of the information contained within an entity’s financial statement. It is conducted by a CPA firm, which is independent of the entity under review. This is the most commonly conducted type of audit.

Answer 4

Financial audit

Question 5

• This involves a review of the controls over software development, data processing, and access to computer systems. The intent is to spot any issues that could impair the ability of IT system to provide accurate information to users, as well as to ensure that unauthorized parties do not have access to the data.

Answer 5

Information systems audit

Question 6

• This is a detailed analysis of the goals, planning processes, procedures, and results of the operations of a business. The audit may be conducted internally or by an external entity. The intended result is an evaluation of the operations, likely with recommendations for improvement.

Answer 6

Operational audit

Question 7

– fake products, job offers, romance scams

Answer 7

Online Scams

Question 8

– hacking into accounts or systems

Answer 8

Illegal Access

Question 9

– stealing personal info for fraud

Answer 9

Computer-Related Identity Theft

Question 10

– cloning cards, phishing banking details

Answer 10

ATM/Credit Card Fraud

Question 11

– sending harmful or intimidating messages online

Answer 11

Threats

Question 12

– deleting or altering data without permission

Answer 12

Data Interference

Question 13

– sharing intimate content without consent

Answer 13

Anti-Photo and Video Voyeurism

Question 14

– tricking people using digital means

Answer 14

Computer-Related Fraud

Question 15

– repeated online harassment

Answer 15

Unjust Vexation

Question 16

is a federal law that sweeping auditing and financial regulations for public companies. Lawmakers created the legislation to help protect shareholders, employees, and the public from accounting errors and fraudulent financial practices.

Answer 16

Sarbanes-Oxley Act of 2002

Question 17

refers to laws made by a country’s national (federal) government that apply to all states, provinces, or territories within that country. This is common in countries with a federal system, like the United States, Canada, Australia, etc.

Answer 17

Federal legislation

Question 18

The purpose of this is to establish consistent legal standards across the entire country, especially for issues like cybersecurity, privacy, and IT infrastructure.

Answer 18

Federal legislation

Question 19

These are laws, treaties, or frameworks agreed upon by multiple countries to address IT issues that cross borders—like data transfer, cybersecurity threats, or online piracy.

Answer 19

International Legislation

Question 20

The purpose of this is to create consistent standards and cooperation among countries in dealing with global IT challenges.

Answer 20

International Legislation

Question 21

These are laws enacted by a country’s state or regional government.

Answer 21

State Legislation

Question 22

The purpose is to regulate the use, development, and security of information technology within its borders.

Answer 22

State Legislation

Question 23

– criminalizes unauthorized access to computers.

Answer 23

Computer Fraud and Abuse Act (CFAA)

Question 24

– protects children’s privacy under 13 online.

Answer 24

Children’s Online Privacy Protection Act (COPPA)

Question 25

– protects copyrighted digital content.

Answer 25

**Digital Millennium Copyright Act (DMCA)**

Question 26

– EU law on data privacy.

Answer 26

**General Data Protection Regulation (GDPR)**

Question 27

– the first international treaty to address internet and computer crime.

Answer 27

**Budapest Convention on Cybercrime**

Question 28

– protects creators of software and digital content globally.

Answer 28

**WIPO Copyright Treaty**

Question 29

– protects personal information (Philippines).

Answer 29

**Data Privacy Act of 2012 (RA 10173)**

Question 30

– addresses online crimes.

Answer 30

**Cybercrime Prevention Act of 2012 (RA 10175)**

Question 31

– recognizes electronic documents and signatures.

Answer 31

**E-Commerce Act of 2000 (RA 8792)**

Question 32

**Future Financial Fiascos**

Answer 32

* Enron(2001) * WorldCom (2002)

Question 33

* is an inventory of all the potential audit areas within an organization * documents the key business processes and risks of an organization.

Answer 33

**audit universe**

Question 34

includes the basic functional audit area, organization objectives, key business processes that support those organization objectives, specific audit objectives, risks of not achieving those objectives, and controls that mitigate the risks.

Answer 34

**audit universe**

Question 35

is also an essential building block to a properly risk-based internal audit process.

Answer 35

**audit universe**

Question 36

provides a comprehensive list of critical IT processes, which can be used as a starting point.

Answer 36

**Control Objectives for Information and Related Technology (COBIT)**

Question 37

COBIT

Answer 37

**Control Objectives for Information and Related Technology**

Question 38

is an authoritative, international set of generally accepted IT practices or control objectives that help employees, managers, executives, and auditors

Answer 38

**COBIT**

Question 39

supports the need to research, develop, publicize, and promote up-to-date internationally accepted IT control objectives.

Answer 39

**COBIT**

Question 40

Where to download COBIT 5

Answer 40

**www.isaca.org**

Question 41

—optimizes the use of organizational resources to effectively address risks.

Answer 41

**Governance**

Question 42

—plan, build, run, and monitor the activities and processes used by the organization to pursue the objectives established by the board.

Answer 42

**management**

Question 43

are considered the foundation of the audit function as they assist in developing the process for planning individual audits.

Answer 43

**Risk assessments**

Question 44

assist auditors in automating the necessary audit functions and integrating information gathered as part of the audit process.

Answer 44

**Audit productivity tools**

Question 45

Examples of Audit productivity tools

Answer 45

* Audit planning and tracking * Documentation and presentations Communication * Data management, electronic working papers, and groupware * Resource management

Question 46

Shows the structure of the database by illustrating the different data elements (like customers or transactions) and how they are related.

Answer 46

**ENTITY RELATIONSHIP DIAGRAM (ERD)**

Question 47

Shows how data moves through the system—from the point it enters, how it is processed, where it is stored, and where it goes next.

Answer 47

**DATA FLOW DIAGRAM (DFD)**

Question 48

Provides a step-by-step visual of the system's operations, including decisions and actions taken.

Answer 48

**FLOWCHART**

Question 49

use symbols to describe transaction processing and the flow of data through a system by specifically showing: inputs and outputs; information activities (processing data); data storage; data flows; and decision steps.

Answer 49

**Flowcharts**

Question 50

is a method of gathering and reviewing electronic records.

Answer 50

**Computer assisted audit techniques (CAAT)**

Question 51

is used to simplify or automate the data analysis and audit process, and it involves using computer software to analyze large volumes of electronic data for anomalies.

Answer 51

**CAAT**

Question 52

**Benefits of a CAAT audit are:**

Answer 52

* Makes the audit less disruptive for the taxpayer. Auditor spends less time at the taxpayer’s business premises and can focus on managing audit risks and quantifying compliance issues * Reduces the time to complete the audit. CAAT are efficient in testing for completeness, accumulation, and calculation errors * Increases accuracy of the audit results when a larger population and stratified samples are used * Improves compliance and lessens chance of making errors. Auditors can review more segments of the taxpayer’s business activities systematically using analytic tools

Question 53

When performing _ the auditor obtains source documents that are associated with particular input transactions and reconciles them against output results. Hence, audit supporting documentation is drawn and conclusions are reached without considering how inputs are being processed to provide outputs. The major weakness of the auditing around the computer approach is that it does not verify or validate whether the program logic of the application being tested is correct.

Answer 53

**auditing around the computer**

Question 54

The _ approach includes a variety of techniques to evaluate how the application and their embedded controls respond to various types of transactions (anomalies) that can contain errors. When audits involve the use of advanced technologies or complex applications, the IT auditor must draw upon techniques combined with tools to successfully test and evaluate the application. This audit approach is relevant given technology’s significant increase and its impact on the audit process.

Answer 54

**auditing through the computer**

Question 55

is the examination, analysis, testing, and `evaluation of computer-based material` conducted to provide relevant and valid information to a court of law. Its tools are increasingly used to support law enforcement, computer security, and computer auditinvestigations.

Answer 55

**Computer forensics**