Professional Documents
Culture Documents
CIS Midterms Exam
CIS Midterms Exam
Midterms Exam
May 8, 2021
Name:
Score:
GENERAL INSTRUCTIONS:
a. Answer each question correctly
b. Write your answers on a sheet of paper or you can also answer it via computer
c. This exam is good for 1.5 hours so make sure to send your answers via email 1.5 hours
from the time you received this exam
d. No cheating
IDENTIFICATION
1. This determines if a value in one field is reasonable when considered along with data in
other fields of the record.
2. A method of detecting data coding errors such as transcription and transposition errors.
4. This is defined as the risk that a material misstatement will get through the internal
control structure and into the financial statements.
5. When an auditor makes sure that the checks issued by the client are arranged in a
chronological order is called __________________.
TRUE OR FALSE
3. Purpose-written program may be written while its purposes and users are being defined.
5. When the IT auditor is involved in the design phase of the system, he/she no longer needs
to test controls during regular IT audits.
9. One limitation on the use of a generalized computer program is that it has limited
application without significant modification.
10. Identifying unusual amount of sales on a monthly sales report can be performed using
CAATs.
MULTIPLE CHOICE
1. Which type of audit involves a review of general and applications controls, with a focus
on determining if there is compliance with policies and adequate safeguarding of assets?
a. Information systems audit
b. Financial audit
c. Operational audit
d. Compliance audit
2. Data access security related to applications may be enforced through all the following
except
a. User identification and authentication functions incorporated in the application.
b. Utility software functions.
c. User identification and authentication functions in access control software.
d. Security functions provided by a database management system.
5. Which of the following procedures is NOT used to detect unauthorized program changes?
a. Source code comparison (is used to detect unauthorized program changes by
thoroughly testing a newly developed program and keeping a copy of its source code)
b. Parallel simulation (an auditor writes a version of the program, reprocesses the
company data, compares the results to the company's results, and investigates any
differences)
c. Reprocessing (the auditor verifies the integrity of an application program, saves it,
and on a surprise basis uses the program to reprocess data and compare that output
with the company's output)
d. Reprogramming code
6. A controller became aware that a competitor appeared to have access to the company's
pricing information. The internal auditor determined that the leak of information was
occurring during the electronic transmittal of data from branch offices to the head office.
Which of the following controls would be most effective in preventing the leak of
information?
a. Asynchronous transmission.
b. Encryption.
c. Use of fiber-optic transmission lines.
d. Use of passwords.
8. Which of the following is not a reason an internal auditor should participate in internal
control reviews during the design of a new system?
a. It is more economical to design controls during the design stage than to do so later.
b. It eliminates the need for testing controls during regular audits.
c. It minimizes the need for expensive modifications after the system is implemented.
d. It permits the design of audit trails while they are economical.
12. All administrative and professional staff in a corporate legal department prepares
documents on terminals connected to a host LAN file server. The best control over
unauthorized access to sensitive documents in the systems is
a. Required entry of passwords for access to the system.
b. Physical security for all disks containing document files.
c. Periodic server backup and storage in a secure area.
d. Required entry of passwords for access to individual documents.
13. Which of the following tests confirm that the new system can operate in its target
environment?
a. Sociability testing
b. Regression testing
c. Validation testing
d. Black box testing
14. The PRIMARY purpose of undertaking a parallel run of a new system is to:
a. verify that the system provides required business functionality.
b. validate the operation of the new system against its predecessor.
c. resolve any errors in the program and file interfaces.
d. verify that the system can process the production load.
15. An auditor has just completed a physical security audit of a data center. Because the
center engages in top-secret defense contract work, the auditor has chosen to recommend
biometric authentication for workers entering the building. The recommendation might
include devices that verify all of the following except
a. Fingerprints.
b. Retina patterns.
c. Speech patterns.
d. Password patterns.