6.
How should management act to best deal with emergency changes?
- A.Emergency changes cannot be made without advance testing.
- B.The change control process does not apply to emergency conditions.
- C.All changes should still undergo review.
- D.Emergency changes are not allowed under any condition.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| All emergency changes should still undergo the formal change management process after the fact. The review determines whether the change should remain in place or be modified. |
7.
Which of the following would be a concern that the auditor should explain in the audit
report along with their findings?
- A.Lack of a detailed list of audit objectives
- B.Undue restrictions placed by management on evidence use or audit procedure
- C.Communicating results directly to the chairperson of the audit committee
- D.Need by the current auditor to communicate with the prior auditors
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Undue restrictions on scope would be a major concern, as would a lack of time or the inability to obtain sufficient reliable evidence. |
8.
During the performance of an audit, a reportable finding is identified with the auditee. The
auditee immediately fixed the problem upon identification. Which of the following is true
as a result of this interaction?
- A.Auditee resolved the problem before the audit report is written, therefore no finding exists.
- B.Auditor can verify that the corrective action has been taken before the audit report is written, therefore no finding exists.
- C.MAA is a set of practices that align around providing maximum availability for Oracle databases.
- D.Auditor includes the finding in the final audit report as resolved.
- E.Auditor lists the finding as it existed.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Audit reports are intended to reflect the situation prior to the start of the audit. An audit is always a review of past history. This situation indicates that the auditee never detected the problem until it was found by the auditor. The audit report should include the finding and described the corrective action taken by the auditee after discovery. If the finding was to be color-coded red, the final audit report should indicate a red color code with the notation in the comments field that corrective action was taken by the auditee. |
9.
Which of the following management methods provides the most control rather than
discretionary flexibility?
- A.Distributed
- B.Centralized
- C.In-house
- D.Outsourced
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Centralized management always provides the most control. Distributed management is also known as discretionary because the decision is made locally and is based on a variety of factors. Distributed methods provide the lowest overall control. |
10.
What is the principal issue surrounding the use of CAAT software?
- A.The capability of the software vendor
- B.Documentary evidence is more effective
- C.Inability of automated tools to consider the human characteristics of the environment
- D.The possible cost, complexity, and security of output
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Computer-assisted audit tools are able to perform detailed technical tasks faster than humans and produce more accurate data during particular functions such as system scanning. Cost, training, and security of output are major considerations. |
|
|
||||||||||||||||||||||||||||
