The line of reporting of IS audit is indicated in: a. The audit committee charter. b. The internal audit charter. C. The IS audit charter. d. The IS audit letter of appointment. The NIST handbook is: a. A summary overview of the elements of computer security. b. A detailed breakdown of control requirements including practical implementation. C. Only applicable to government agencies. d. Only applicable to non-government agencies. please answer correct with valid reason

The line of reporting of IS audit is indicated in: a. The audit committee charter. b. The internal audit charter. C. The IS audit charter. d. The IS audit letter of appointment. The NIST handbook is: a. A summary overview of the elements of computer security. b. A detailed breakdown of control requirements including practical implementation. C. Only applicable to government agencies. d. Only applicable to non-government agencies. please answer correct with valid reason

Auditing: A Risk Based-Approach (MindTap Course List)

11th Edition

ISBN:9781337619455

Author:Karla M Johnstone, Audrey A. Gramling, Larry E. Rittenberg

Publisher:Karla M Johnstone, Audrey A. Gramling, Larry E. Rittenberg

Chapter3: Internal Control Over Financial Reporting: Responsibilities Of Management And The External Auditor

Section: Chapter Questions

Problem 27CYBK

See similar textbooks

Similar questions

Refer to Exhibit 2.5 and answer the following questions. a. (Sections 101, 104, and 105) How does the establishment and operation of the PCAOB help to ensure quality external audits? How will audit firm inspections and investigations by the PCAOB help ensure high audit quality? b. (Sections 201-203) How do Sections 201-203 address audit ()r independence concerns? c. (Section 206) What is a cooling-off period, and how does it address auditor independence concerns? d. (Section 301) How do the audit committee requirements help ensure effective corporate governance? e. (Sections 302 and 906) How do the officer certification requirements help to address the risk of fraud in publicly traded organizations? What is the likelihood that a CFO who is committing fraudulent financial reporting would sign the certification falsely, and what are your reactions to that possibility? f. (Section 401) How does this section relate to the Enron fraud? g. (Section 404) How do the management assessment and audit or attestation of internal controls contained in this section help to address the risk of fraud in publicly traded organizations? h. (Section 407) Why is it important that at least one member of the audit committee be a financial expert? What are the financial reporting implications if the audit committee does not have any individuals serving on it who possess financial expertise? i. (Section 802) How does this section relate to the Enron fraud?
Which of the following expressions best describes a situation under which the issuance of a report that concludes on the condition of the internal controls of an organization that provides technological services to one of our audit clients (SOC report) is required? It is that situation in which a CPA has been hired to evaluate a. the projected financial statements prepared by the client, to see if the expected results comply with hypothetical assumptions or not. b. the information systems and technologies subcontracted by the client, specifically in what corresponds to criteria of security, availability, integrity, confidentiality and privacy. c. any assertion or area that the client has asked to intervene (subject matter), and do so in accordance with compliance or not, with criteria or principles (against criteria). d. services that help the client maintain their financial independence.
In all audits of governmental units performed according to GAGAS, the most important work isa. Compliance auditing.b. Obtaining a sufficient understanding of internal control.c. Documentation of the audit.d. Exit interviews with managers in the governmental unit.
A transaction-level internal control activity is best described asa. An action taken by auditors to obtain evidence.b. An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by thecompany.c. A method for recording, summarizing, and reporting financial information.d. The functioning of the board of directors in support of its audit committee.
All of the following are internal control procedures excepta. Sarbanes-Oxley reforms.b. assignment of responsibilities.c. adequate records.d. internal and external audits.
Which of the following is usually not part of an internal audit department’s audit charter?a. A commitment from management to ensure the independence of the internal auditdepartment.b. A definition of the scope of the audit department’s activities.c. The organizational structure of the internal audit department.d. The reporting requirements of the internal audit department.
1.) The Information Systems Audit and Control Association (ISACA) developed guidelines and procedures on how to follow the standards that apply specifically to the specialized nature of the IS Audit. The guidelines serve as guidance the IS auditor should normally follow. However, there may be situations where the auditor will not follow that guidance. In this case, what happens now to the work done by the IS auditor? 2.) Audits are conducted for various reasons. It can help an organization ensure effective operations, affirm its compliance with various regulations, and confirm that the business is functioning well and is prepared to meet potential challenges. There are three typical phases in an Audit, explain each phase and its relation to the other. 3.) Every organization has controls in place. Such controls must be effective. They are effective if they prevent, detect, or contain incidents and enable recovery from events that cause risks. Enumerate those three types of control…
1.) The Information Systems Audit and Control Association (ISACA) developed guidelines and procedures on how to follow the standards that apply specifically to the specialized nature of the IS Audit. The guidelines serve as guidance the IS auditor should normally follow. However, there may be situations where the auditor will not follow that guidance. In this case, what happens now to the work done by the IS auditor? 2.) Audits are conducted for various reasons. It can help an organization ensure effective operations, affirm its compliance with various regulations, and confirm that the business is functioning well and is prepared to meet potential challenges. There are three typical phases in an Audit, explain each phase and its relation to the other.