QA5.doc - 1 An audit charter should A be dynamic and change often to coincide with the changing nature of technology and the audit profession B clearly

QA5.doc - 1 An audit charter should A be dynamic and change...

This preview shows page 1 - 3 out of 325 pages.

1. An audit charter should: A. be dynamic and change often to coincide with the changing nature of technology and the audit profession. B. clearly state audit objectives for the delegation of authority for the maintenance and review of internal controls. C. document the audit procedures designed to achieve the planned audit objectives. D. outline the overall authority, scope and responsibilities of the audit function. The correct answer is: D. outline the overall authority, scope and responsibilities of the audit function. Explanation: An audit charter should state management's objectives for, and delegation of authority to, IS audit. This charter should not significantly change over time and should be approved at the highest level of management. The audit charter would not be at a detail level and therefore would not include specific audit objectives or procedures. Area: 1 2. During a review of the controls over the process of defining IT service levels, an IS auditor would MOST likely interview the: A. systems programmer.B. legal staff.C. business unit manager.D. application programmer. The correct answer is: C. business unit manager. Explanation: Understanding the business requirements is key in defining the service levels. While each of the other entities listed may provide some definition, the best choice here is the business unit manager, because of the knowledge this person has of the requirements of the organization. Area: 1 3. In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
Image of page 1
The correct answer is: D. the existence of internal and operational controls Explanation: The existence of internal and operational controls will have a bearing on the IS auditor's approach to the audit. In a risk-based approach the IS auditor is not just relying on risk, but also on internal and operational controls as well as knowledge of the company and the business. This type of risk assessment decision can help relate the cost-benefit analysis of the control to the known risk, allowing practical choices. The nature of available testing techniques and management's representations, have little impact on the risk-based audit approach. Although organizational structure and job responsibilities need to be considered, they are not directly considered unless they impact internal and operational controls. Area: 1
Image of page 2
Image of page 3

You've reached the end of your free preview.

Want to read all 325 pages?

  • Summer '17

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes