Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
3 Cards in this Set
- Front
- Back
|
AS1-1 - When planning an IA audit, the auditor should first: |
C is the correct answer.
Justification: A.- The business process to be audited cannt be identified unti lthe audit objective has been determined. B.-The risk-based approach requires the IS auditor to first understand the entity and its environment in order to identify risk. The risk assessment cannot be performed unti the audit objective is determined. C.- The IS auditor should develop an audit plan that takes into consideratnion the objectives of the auditee revelant to the audit area and its technology infrastructure. D.- Audit resouces needed for the audit can only be determined after the scope of the audit has been set. |
|
|
AS1-2 - Wthat is the MAJOR benefit of conducting a control self-assessment (CSA) over a traditional audit?
A.- it detects risk sooner B.- it replaces the audit function C.- it reduces audit workload D.- it reduces audit resources |
A is the correct answer.
A.- CSAs require employees to assess the control stature of their own function. CSAs help increase the understaanding of business risk and internal controls. Because they are conducted more frequently than audits, CSAs help identifiy risk in a more timely manner. B.- CSAs do not replace the audit function; an audit must will be performed to ensure that controls are present. C.- CSAs may not reduce the audit function's workload and are not a major difference between the two approaches. D.- CSAs do not affect the need for adit resources. While the result of the CSA may serve as a reference point for the audit process, they do not affect the scope or depth of the audit work that needs to be performed. |
|
|
card 3 - front
|
card 3 - back
|
