Class18062023CA. Tejas Chokshi

Compiled by CA. Tejas Chokshi, FCA, M.com, DISA ( ICAI), Cert. FAFD(ICAI), Cert.
CBA ( ICAI)
18.06.2023
Conceptual discussion in today’s topic
3 pm to 5 pm
1 IT Balance Score Card 20 min
2 Audit Charter 5 min
3 Compliance & Substantive Testing 15 min
4 Risk Assessment 15 min
5 Sampling 10 min
6 Outsourcing Function 5 min
7 IT Strategy committee & IT Steering 10 min
committee
8 IT Alignment with business objective 5 min
9 Roles of various functions of IT 10 min
10 Control Self Assessment 5 min
Total 100 min
10 min for discussion .
Case Study & Questions for the above Topics
As an information system auditor, you are assignment to audit the big basket, which is the
delivery platform and you are required to verify various aspects including stake holders
satisfaction vis-à-vis the IT balanced score card , risk assessment vis-à-vis the internal
control system as framed by the management, Audit charter vis-à-vis the audit processes,
his use of compliance & substantive testing and at places, he may be taking up assignment
as control self-assessment where in involvement of the line – managers and training may be
the integral part and at certain places, he may verify all outsourcing functions within
Information technology environment and may be judging the responsibilities of strategy
committee and IT steering committee and he may have to verify if the IT is aligned with
business objectives . How the auditor will work out the sampling methods basis the results
of comprehensive and substantive testing and auditing the roles of various IT function
1. What is the purpose of an IT balanced scorecard in the audit of a multifunctional
working delivery platform? a) To assess IT compliance b) To evaluate IT risks c) To
align IT with business objectives d) To perform control self-assessment
2. Which process would an auditor typically employ to evaluate and manage risks in the
delivery platform's IT environment? a) Risk assessment b) Compliance testing c)
Control self-assessment d) Sampling methods?
3. What is the audit charter's role in the information system audit of the delivery
platform? a) Evaluating IT functions b) Setting risk assessment criteria c) Guiding the
audit's objectives and scope d) Assessing IT governance effectiveness
4. How does an auditor use compliance testing during the audit of the delivery
platform? a) To verify outsourcing functions b) To assess IT governance frameworks
c) To evaluate IT risks d) To test adherence to laws and regulations
5. What is the purpose of substantive testing in the information system audit of the
delivery platform? a) To assess IT compliance b) To evaluate IT risks c) To gather
evidence on specific transactions d) To align IT with business objectives
6. When would an auditor engage in control self-assessment during the audit of the
delivery platform? a) To evaluate IT risks b) To assess IT governance frameworks c)
To perform sampling methods d) To involve stakeholders in assessing controls

7. What aspect of the delivery platform's IT environment would an auditor verify when
assessing outsourcing functions? a) Compliance with regulations b) Alignment with
business objectives c) Effectiveness of IT governance d) Evaluation of external
vendors
8. What is the primary responsibility of the strategy committee in the delivery
platform's IT governance? a) Aligning IT with business objectives b) Assessing IT risks
c) Performing control self-assessment d) Verifying outsourcing functions
9. How would an auditor assess the alignment of IT with the business objectives of the
delivery platform? a) Through compliance testing b) Through control self-
assessment c) Through risk assessment d) Through evaluating IT strategies
10. In the audit, how does the sampling method relate to the results of comprehensive
testing? a) Determines the sample size for substantive testing b) Evaluates the IT
balanced scorecard c) Assesses the effectiveness of control self-assessment d)
Validates the accuracy of compliance testing
11. Which IT functions would an auditor focus on while assessing the roles and
responsibilities within the delivery platform? a) Evaluating risk assessment b)
Verifying outsourcing functions c) Assessing IT governance frameworks d) Reviewing
IT strategies
12. What metrics would an auditor use to evaluate the effectiveness of the IT functions
within the delivery platform? a) Compliance with regulations b) Adherence to the IT
balanced scorecard c) Alignment with business objectives d) Results of control self-
assessment
13. How would an auditor ensure comprehensive coverage of necessary areas and
processes during the audit? a) By conducting risk assessments b) Through
compliance testing c) By evaluating IT governance frameworks d) Following the audit
charter's guidance
14. What type of documentation would an auditor review to gain an understanding of
the delivery platform's IT environment? a) Financial statements b) Audit committee
minutes c) IT policies and procedures d) Employee performance records
15. How would an auditor assess the adequacy of IT controls within the delivery
platform? a) Through control self-assessment b) By verifying outsourcing functions
c) Using sampling methods d) Conducting substantive testing
16. What is the role of continuous auditing in the context of the audit of the delivery
platform? a) Assessing IT risks in real-time b) Conducting control self-assessment c)
Evaluating compliance with regulations d) Verifying outsourcing functions
17. How would an auditor evaluate the effectiveness of the IT governance framework
within the delivery platform? a) Through risk assessment b) By verifying outsourcing
functions c) Assessing the IT balanced scorecard d) Conducting control self-
assessment
18. What measures would an auditor take to ensure the independence and objectivity
of the audit process? a) Reviewing IT policies and procedures b) Engaging external
consultants c) Involving IT steering committee members d) Following the audit
charter's guidelines
19. What are examples of potential risks the delivery platform may face in its IT
environment? a) IT system failures b) Employee turnover c) Data breaches d) All of
the above
20. How would an auditor prioritize identified risks during the risk assessment phase? a)
By their impact on the IT balanced scorecard b) Based on control self-assessment
findings c) According to their likelihood and potential impact d) In alignment with IT
outsourcing functions
21. Which methodologies or frameworks would an auditor use to conduct risk
assessment in this case study? a) ISO 27001 b) COBIT c) COSO ERM d) All of the
above
22. How does the audit charter guide the information system audit of the delivery
platform? a) By setting risk assessment criteria b) Outlining the roles and
responsibilities of auditors c) Identifying the sampling methods to be used d)
Providing a roadmap for the audit process
23. How would an auditor use compliance testing procedures during the audit of the
delivery platform? a) To verify IT steering committee responsibilities b) To assess
the IT governance framework c) To evaluate IT risks d) To test adherence to laws
and regulations
24. What evidence would an auditor gather to support compliance testing findings in the
audit? a) Financial statements b) Employee performance records c) IT policies and
procedures d) Transaction records and logs
25. How would an auditor assess the reliability and accuracy of data used in the
compliance testing process? a) By performing control self-assessment b) By
verifying outsourcing functions c) Through sampling methods d) By conducting
substantive testing
26. What is the benefit of control self-assessment in the context of this case study? a)
Identifying IT risks b) Assessing the IT balanced scorecard c) Encouraging
stakeholder involvement d) Verifying outsourcing functions
27. How would an auditor encourage stakeholder participation in the control self-
assessment process? a) Providing training and guidance b) Outsourcing the
assessment process c) Conducting comprehensive testing d) Reviewing IT policies
and procedures
28. What criteria would an auditor use to evaluate the effectiveness of the control self-
assessment process in this case study? a) Adherence to the IT balanced scorecard
b) Alignment with business objectives c) Stakeholder engagement and participation
d) Verifying outsourcing functions

29. Can you explain the concept of substantive testing in the context of this case study?
a) Assessing IT risks in real-time b) Testing specific transactions for accuracy and
completeness c) Evaluating compliance with regulations d) Verifying outsourcing
functions
30. How would an auditor determine the sample size for substantive testing in this case
study? a) By evaluating IT governance frameworks b) Following the audit charter's
guidelines c) Conducting control self-assessment d) Assessing the IT balanced
scorecard
31. What factors would an auditor consider when selecting the sample for substantive
testing in the audit of the delivery platform? a) Transaction complexity b) Risk levels
c) Historical performance d) All of the above
32. Can you explain the difference between comprehensive testing and substantive
testing in the context of this case study? a) Comprehensive testing verifies
outsourcing functions, while substantive testing assesses IT risks. b) Comprehensive
testing evaluates compliance with regulations, while substantive testing focuses on
specific transactions. c) Comprehensive testing assesses IT risks, while substantive
testing tests the accuracy and completeness of specific transactions. d)
Comprehensive testing follows the audit charter, while substantive testing follows
the IT balanced scorecard.
33. How would an auditor evaluate the roles and responsibilities of various IT functions
within the delivery platform during the audit? a) By conducting control self-
assessment b) Through risk assessment c) By reviewing IT policies and procedures
d) Assessing the IT balanced scorecard
34. What indicators would an auditor use to assess the effectiveness of the IT functions
in the delivery platform? a) Compliance with regulations b) Adherence to the IT
balanced scorecard c) Alignment with business objectives d) All of the above

35. How would an auditor ensure the audit of the multifunctional working delivery
platform covers all necessary areas and processes? a) By conducting comprehensive
testing b) Through control self-assessment c) By evaluating the roles of IT functions
d) Following the audit charter's guidance
36. Can you provide examples of potential risks the delivery platform may face in its IT
the above
37. How would an auditor prioritize the identified risks during the risk assessment phase
of the audit? a) By their impact on the IT balanced scorecard b) Based on control
self-assessment findings c) According to their likelihood and potential impact d) In
alignment with IT outsourcing functions
above
and regulations

substantive testing
and procedures
functions
scorecard

the above
above
and regulations
substantive testing
and procedures

functions
scorecard

the above
above
and regulations

substantive testing
and procedures
functions
scorecard

the above
above
and regulations
substantive testing
and procedures

functions
scorecard
100. Can you explain the difference between comprehensive testing and
substantive testing in the context of this case study? a) Comprehensive testing
verifies outsourcing functions, while substantive testing assesses IT risks. b)
Comprehensive testing evaluates compliance with regulations, while substantive
testing focuses on specific transactions. c) Comprehensive testing assesses IT risks,
while substantive testing tests the accuracy and completeness of specific
transactions. d) Comprehensive testing follows the audit charter, while substantive
testing follows the IT balanced scorecard.

Class18062023CA. Tejas Chokshi

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Class18062023CA. Tejas Chokshi

Uploaded by

Copyright:

Available Formats

Compiled by CA. Tejas Chokshi, FCA, M.com, DISA ( ICAI), Cert. FAFD(ICAI), Cert.

Conceptual discussion in today’s topic

1 IT Balance Score Card 20 min

2 Audit Charter 5 min

3 Compliance & Substantive Testing 15 min

4 Risk Assessment 15 min

6 Outsourcing Function 5 min

7 IT Strategy committee & IT Steering 10 min

8 IT Alignment with business objective 5 min

9 Roles of various functions of IT 10 min

10 Control Self Assessment 5 min

Total 100 min

10 min for discussion .

Case Study & Questions for the above Topics

Information technology environment and may be judging the responsibilities of strategy

1. What is the purpose of an IT balanced scorecard in the audit of a multifunctional

working delivery platform? a) To assess IT compliance b) To evaluate IT risks c) To

align IT with business objectives d) To perform control self-assessment

delivery platform's IT environment? a) Risk assessment b) Compliance testing c)

Control self-assessment d) Sampling methods?

platform? a) Evaluating IT functions b) Setting risk assessment criteria c) Guiding the

audit's objectives and scope d) Assessing IT governance effectiveness

platform? a) To verify outsourcing functions b) To assess IT governance frameworks

c) To evaluate IT risks d) To test adherence to laws and regulations

delivery platform? a) To assess IT compliance b) To evaluate IT risks c) To gather

evidence on specific transactions d) To align IT with business objectives

delivery platform? a) To evaluate IT risks b) To assess IT governance frameworks c)

To perform sampling methods d) To involve stakeholders in assessing controls

assessing outsourcing functions? a) Compliance with regulations b) Alignment with

business objectives c) Effectiveness of IT governance d) Evaluation of external

8. What is the primary responsibility of the strategy committee in the delivery

platform's IT governance? a) Aligning IT with business objectives b) Assessing IT risks

c) Performing control self-assessment d) Verifying outsourcing functions

delivery platform? a) Through compliance testing b) Through control self-

assessment c) Through risk assessment d) Through evaluating IT strategies

balanced scorecard c) Assesses the effectiveness of control self-assessment d)

Validates the accuracy of compliance testing

responsibilities within the delivery platform? a) Evaluating risk assessment b)

Verifying outsourcing functions c) Assessing IT governance frameworks d) Reviewing

within the delivery platform? a) Compliance with regulations b) Adherence to the IT

balanced scorecard c) Alignment with business objectives d) Results of control self-

processes during the audit? a) By conducting risk assessments b) Through

compliance testing c) By evaluating IT governance frameworks d) Following the audit

the delivery platform's IT environment? a) Financial statements b) Audit committee

minutes c) IT policies and procedures d) Employee performance records

platform? a) Through control self-assessment b) By verifying outsourcing functions

c) Using sampling methods d) Conducting substantive testing

platform? a) Assessing IT risks in real-time b) Conducting control self-assessment c)

Evaluating compliance with regulations d) Verifying outsourcing functions

within the delivery platform? a) Through risk assessment b) By verifying outsourcing

functions c) Assessing the IT balanced scorecard d) Conducting control self-

of the audit process? a) Reviewing IT policies and procedures b) Engaging external

consultants c) Involving IT steering committee members d) Following the audit

environment? a) IT system failures b) Employee turnover c) Data breaches d) All of

By their impact on the IT balanced scorecard b) Based on control self-assessment

findings c) According to their likelihood and potential impact d) In alignment with IT

21. Which methodologies or frameworks would an auditor use to conduct risk

platform? a) By setting risk assessment criteria b) Outlining the roles and

responsibilities of auditors c) Identifying the sampling methods to be used d)

Providing a roadmap for the audit process

delivery platform? a) To verify IT steering committee responsibilities b) To assess

the IT governance framework c) To evaluate IT risks d) To test adherence to laws

audit? a) Financial statements b) Employee performance records c) IT policies and