ACG 516 Exam 2
What is the basic definition of IT audit?
examining different IT components and the controls associated with them
What are the prerequisites to an organizational audit program?
determining what types of audits are needed and identifying what must be or could be
audited.
Prioritization
resources to support audit are scarce, so most significant auditable aspects of
organization are addressed.
Why is categorization or an organizing scheme required for auditors to audit a large
organization?
There are too many auditable elements to create a simple list.
How does COSO categorize internal control?
Purpose and applicability
What are examples of categorizing internal controls by purpose?
operational, reporting, or compliance
What are examples of categorizing internal controls by applicability?
entity level, division, operating unit, or function
Units of organizational structure
business units, operating divisions, facilities, subsidiaries
List the accounting structures as defined by Gantz
cost centers, lines of business, process areas, strategic goals, objectives and outcomes
What are other functional organizational elements?
mission and business processes and operational functions executed by the organization
What are examples of management functions or programs?
governance, risk management, quality assurance, certification, compliance, and internal
auditing.
What is the primary purpose of governance, risk, and compliance (GRC) activities?
Define and prioritize the audit universe
, What is an "audit universe"
Complete collection of all potential areas within an organization that can be audited.
What does COBIT stand for and what organization sponsors it?
Control Objectives for Information and Related Technology; ISACA
How many processes and domains does COBIT 5 encompass?
37 processes; five domains.
What did COBIT 5 replace?
control objects with recommended governance and management practices and basing
audit criteria on seven enablers.
What are all the categories in the audit universe?
principles
policies
frameworks
processes
organizational structures
culture
ethics
behavior
information
services
infrastructure
applications
people
skills
competencies
List all of the internal control purposes
preventive, detective, corrective
List all of the internal control functions
administrative, technical, physical
What controls can be considered entity-wide?
any policies, processes, procedures, standards, or measures specified for organization-
wide use.
Patch Management - IT Audit Focus
audit procedures: review procedures for maintaining awareness of patches or upgrades
and processes for implementing them, including prerequisite unit and regression testing
Account Provisioning - IT Audit Focus
What is the basic definition of IT audit?
examining different IT components and the controls associated with them
What are the prerequisites to an organizational audit program?
determining what types of audits are needed and identifying what must be or could be
audited.
Prioritization
resources to support audit are scarce, so most significant auditable aspects of
organization are addressed.
Why is categorization or an organizing scheme required for auditors to audit a large
organization?
There are too many auditable elements to create a simple list.
How does COSO categorize internal control?
Purpose and applicability
What are examples of categorizing internal controls by purpose?
operational, reporting, or compliance
What are examples of categorizing internal controls by applicability?
entity level, division, operating unit, or function
Units of organizational structure
business units, operating divisions, facilities, subsidiaries
List the accounting structures as defined by Gantz
cost centers, lines of business, process areas, strategic goals, objectives and outcomes
What are other functional organizational elements?
mission and business processes and operational functions executed by the organization
What are examples of management functions or programs?
governance, risk management, quality assurance, certification, compliance, and internal
auditing.
What is the primary purpose of governance, risk, and compliance (GRC) activities?
Define and prioritize the audit universe
, What is an "audit universe"
Complete collection of all potential areas within an organization that can be audited.
What does COBIT stand for and what organization sponsors it?
Control Objectives for Information and Related Technology; ISACA
How many processes and domains does COBIT 5 encompass?
37 processes; five domains.
What did COBIT 5 replace?
control objects with recommended governance and management practices and basing
audit criteria on seven enablers.
What are all the categories in the audit universe?
principles
policies
frameworks
processes
organizational structures
culture
ethics
behavior
information
services
infrastructure
applications
people
skills
competencies
List all of the internal control purposes
preventive, detective, corrective
List all of the internal control functions
administrative, technical, physical
What controls can be considered entity-wide?
any policies, processes, procedures, standards, or measures specified for organization-
wide use.
Patch Management - IT Audit Focus
audit procedures: review procedures for maintaining awareness of patches or upgrades
and processes for implementing them, including prerequisite unit and regression testing
Account Provisioning - IT Audit Focus
