QUESTIONS:

1. Failure to comply with this Code of Professional Ethics can result in which of the
following?

a. Investigation into a member’s or certification holder’s conduct

b. Disciplinary measures
c. Either a or b
d. None of the above

2. What international professional association set forth a code governing the professional
conduct and ethics of all certified information system (IS) auditors and members of the
association?

a. Information Systems Audit and Control Association (ISACA)

b. Auditing and Assurance Standards Council (AASC)
c. American Institute of Certified Public Accountants (AICPA)
d. International Accounting Standards Board (IASB)

3. Which of the following fundamental ethical principles requires a professional accountant

to be straightforward and honest in all professional and business relationships?

a. Objectivity
b. Confidentiality
c. Professional competence and due care
d. Integrity

4. The principle of professional competence and due care imposes which of the following
obligations?

a. To maintain professional knowledge and skill at a level required to ensure that clients
or employers receive competent professional service.
b. To refrain from disclosing confidential information obtained as a result of professional
and business relationships without proper and specific authority unless there is a
legal or professional right or duty to disclose.
c. To comply with relevant laws and regulations and avoid any situation that may bring
discredit to the profession.
d. Not to compromise professional or business judgment because of bias, conflict of
interest, or undue influence of others.

5. Why do organizations develop codes of ethical conduct?

a. To promote high standards of practices throughout the organization
b. To establish a framework for professional behavior, obligations, and responsibilities
c. Define acceptable behaviors for relevant parties
d. All of the above
6. An IT auditor discovers that the client has developed its own software applications
without the material being copyrighted, the IT auditor would most likely suggest:

a. that the client consider the possibility of registering for such copyrights, if it has not
yet done so
b. that the client continually scans the environment to ensure that it will not encounter
cases of infringement
c. that the client should investigate whether the rights to use such copyrighted works
are appropriate
d. all of the above

7. An Act in the Philippines that is engaged in achieving an effective intellectual and

industrial property system with a further aim of protecting and securing the exclusive
rights to such properties.

a. R.A. 8792 – Electronic Commerce Act of 2000

b. R.A. 10173 – Date Privacy Act of 2012
c. R.A. 8293 – Intellectual Property Code of the Philippines
d. none of the above

8. An effective privacy program would least likely include:

a. a privacy statement
b. information security practices
c. privacy laws and regulations
d. overall presentations

9. The following are IT auditor’s role in dealing with privacy issues except:

a. to ensure that management develops, implements and operates sound internal

controls aimed at protecting private information it collects and stores during the
normal course of business
b. to assess the strength and effectiveness of controls designed to protect personally
identifiable information in organizations
c. to prevent and detect irregular and illegal acts that violates the right to privacy
d. none of the above

10. IT auditors should be reasonably familiar with the areas under review such as legal
contracts, computer crime, intellectual property rights, and privacy issues to be able to

a. prevent and detect irregular and illegal acts that may have implications of client’s
unreliable assertions
b. identify risk factors that may contribute to the occurrence of irregular or illegal acts
c. ensure that auditor develops, implements and operates sound internal controls
d. add value to the engagement by preventing and detecting irregular and illegal acts
involved in the areas of review
 11. It is an agreement where formula, practice, process, design, instrument, pattern, or
compilation of information which is not generally known or reasonably ascertainable will
not be disclose to the public. TRADE SECRET AGREEMENT

12. The following are the benefits of a non-compete agreement, except one.
a. Protects a company trade secrets
b. May reduce turnover
c. May incentivize an employer to provide costly training
d. Can reduce a worker’s bargaining power

13. Give one example of computer crime.

14. These reflect customs and general principles and precede the situations not covered by
statutory law. COMMON LAW

15. What makes an employment contract not enforceable by law? OPINION

Extra question

If a trade secret is disclosed to the public? What could happen?