IIA IIA-CIA-Part2 Quiz 230 Topic 8 Questions 1146-1150

Question: 1

A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?

1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.

2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.

3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.

4. Include the incident in the next quarterly report to the audit committee.

A1 and 2

B1 and 3

C2 and 4

D3 and 4

Show Answer

Question: 2

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

AHaving no active role or involvement in the risk management process.

BAuditing the risk management process for reasonableness.

CCoordinating and managing the risk management process.

DParticipating with management in identifying and evaluating risks.

Show Answer

Question: 3

An auditor receives anonymous information that fraud is occurring in the operation being audited, but no details are given as to the type of fraud or the individuals involved. There are several areas in which fraud could occur. The auditor should:

AIdentify the area that has the greatest volume of transactions and design a sampling plan for substantive testing.

BApply analytical procedures to areas that might be impacted by possible fraudulent activities.

CInterview employees to identify areas where the fraud could be occurring.

DPlan detailed tests of the areas that have the highest dollar amount of transactions.

Show Answer

Question: 4

The criteria attribute is best illustrated by items numbered

A1, 8, and 9.

B2, 10, and 11.

C3, 4, and 12.

D5, 6, and 7.

Show Answer

Question: 5

Responsibility for the control of end-user computing (EUC) exists at the organizational, departmental, and individual user level. Which of the following should be a direct responsibility of the individual users?

AAcquisition of hardware and software.

BTaking equipment inventories.

CStrategic planning of end-user computing.

DPhysical security of equipment.

Show Answer

IIA IIA-CIA-Part2 Quiz:230 Topic:8 Questions:1146-1150