Q1. Internal auditors should be ___________ of the activities they audit.

Q2. Establishing and maintaining the Internal Control system is the responsibility of the
a) Internal Audit function
b) CEO and key managers
c) Workers
d) QA group

Q3. Risk = ____________ x ______________
a) Loss x impact
b) Frequency x delay
c) Frequency x occurrence
d) Delay x occurrence

Q4. Organizational policies form a part of ____________ controls.

Q5. Controls are a means to __________ business risks.

Q6. What are the two systems involved in every business application.

Q7. What are the three different categories on internal control?

Q8. No control should cost more than the potential error it is established to prevent, detect and correct. ( T / F )

Q9. Amongst all controls, ___________ controls are the lowest in cost and ___________ controls are the most expensive to implement.
a) detective, preventive
b) preventive, corrective
c) corrective, detective
d) preventive, detective

Q10. Prior to installing any control, some _______________ analysis should be made.

Q11. In the COSO Internal Control framework, control designers have to go through a _______________ process before setting the control objectives.

Q12. Quality Assurance should focus on the security management controls. ( T / F )

Q13. ____________ is a weakness in an information system.

Q14. Information security baseline information should be collected by an _____________ assessment team.

Q15. Ownership and responsibility of the computer security belong to ______________ in the organization.
a) senior management
b) security officer
c) all employees
d) QA group

Q16. Security mechanisms (defenses) need to be ___________ so that compromise of a single security mechanism is insufficient to compromise a host or network.

Q17. Routines in a computer system that check the validity of input data are referred to as:
a. Environmental control
b. SOX control
c. Preventive control
d. Detective control
e. Corrective control

Q18. ___________ directly examine internal controls and recommend improvements.

Q19. There are two components of controls. The first is _________ and the second is the controls within an individual business application.

Q20. ____________ are the means by which management uses to manage the organization.

Q21. The objectives of transaction processing controls are to __________, _________ or ___________ incorrect processing

Q22. __________ control type of control is most desirable

Q23. __________ controls alert individuals involved in a process so that they are aware of a problem.

Q24. __________ controls should bring potential problems to the attention of individuals so that action can be taken

Q25. __________ controls will not prevent problems from occurring, but rather will point out a problem

Q26. __________ controls assist individuals in the investigation and correction of causes of exposures that have been detected

Q27. __________ action is often a difficult and time consuming process

Q28. In information systems there is a __________ associated with each control

Q29. The system of internal control is designed to minimize _________

Q30. Security can be divided into two parts. First is the ____________controls, and second is ___________controls.

Q31. ____________ should focus on the security management controls

Q32. ____________is a weakness in an information system

Answers:

Q1. Independent
Q2. CEO and key managers
Q3. c
Q4. Environmental
Q5. Minimize
Q6. Environmental and Transaction Processing controls
Q7. Preventive, detective, corrective
Q8. True
Q9. Preventive, corrective
Q10. cost benefit
Q11. Risk assessment
Q12. True
Q13. Vulnerability
Q14. Independent
Q15. All Employees
Q16. Layered
Q17. d
Q18. Internal Auditors
Q19. Environmental
Q20. Environmental
Q21. Prevent, detect or correct
Q22. Preventive
Q23. Detective
Q24. Detective
Q25. Detective
Q26. corrective
Q27. corrective
Q28. cost
Q29. risk
Q30. Security Management and Security technical
Q31. Quality Assurance
Q32. Vulnerability

Also See:

• Other CSQA Question Papers