XAUDCIS – REVIEWER (PRELIMS)

Serves as an independent, objective

The proper organizational role of internal
assurance and consulting activity that adds
auditing is to
value to operations.
For the highest degree of independence, the
director of the internal auditing department The audit committee of the BOD
should report directly to
Which is impaired if an internal auditor
provides assurance services for an activity
Objectivity
for which an internal auditor had
responsibility the previous year?
This assurance engagement provides
reasonable assurance that the financial
Financial statements audit
statements are free from material
misstatement
An external audit Complements an internal audit
This is an engagement in which a
practitioner is engaged to issue, or does
issue, a written communication that
Assurance
expresses a conclusion about the reliability
of a written assertion that is the
responsibility of another party.
The primary responsibility for overseeing
the establishment and administration of Senior management
internal control rests with
Controls in an organization should be
Operations are performed efficiently.
designed to ensure that
Inherent limitations in internal controls
must be considered in evaluating its
Incompatible functions performed by the
effectiveness in preventing & detecting
same person
errors and fraud. Inherent limitations do not
include
The following, except one, are components
described in the COSO framework, which
one is it?
This is the risk is the probability that the
auditor will render an unqualified (clean)
Audit Risk
opinion on financial statements that are, in
fact, materially misstated.
Control is the result of proper planning,
Which of the following best defines control?
organizing, and directing by management
A receiving department receives copies of
purchase orders for use in identifying and
recording inventory receipts. The purchase
Overpayment for partial deliveries
orders list the name of the vendor and the
quantities of the materials ordered. A
possible error that this system could allow is
A control likely to prevent purchasing agents
Rotating buyer assignments periodically
from favoring specific suppliers is
If internal control is well designed, two tasks
Recording of cash receipts and preparation of
that should be performed by different
bank reconciliations.
persons are
A system of internal control includes
Only storeroom personnel and line
physical controls over access to and use of
supervisors have access to the raw materials
assets and records. A departure from the
storeroom
purpose of such procedures is that
XAUDCIS – REVIEWER (PRELIMS)

Locked doors in the data entry, passwords,

and data-entry controls for each field Preventive
installed in computers are examples of
Employees hired for sensitive positions are
Which of the following observations by an
not subjected to background checks;
auditor is most likely to indicate the
Management has not taken corrective action
existence of control weaknesses over
to resolve past engagement observations
safeguarding of assets?
related to inventory controls.
This is an independent assessment of some
technology- or systems-related object, such
as proper IT implementation, or controls
over computer resources. Because most
modern accounting information systems use Information Technology Audit
IT, IT plays a significant role in a financial
(external audit), where the purpose is to
determine the fairness and accuracy of the
financial statements.
This is a comprehensive statement of all
actions to be taken before, during, and after
a disaster, along with documented, tested Disaster recovery plan
procedures that will ensure the continuity of
operations.
The main audit objective for disaster Verify management's disaster recovery plan
recovery planning is? is adequate.
• Protect itself from tampering from users.
• Be able to prevent users from tampering
with programs of other users.
• Be able to safeguard users' applications
In order for an operating system to perform
from accidental corruption.
tasks consistently and reliably, it must
• Be able to safeguard its own programs
from accidental corruption
• Be able to protect itself from power
failures or other disasters
An operating system control danger which is
a type of program that camouflages itself
Trojan Horse
with another valid imported program is
called a
• Operating System Weaknesses.
• Weak Access Controls.
Which of the following are considered as
• Inadequate Segregation of Duties.
risks for personal computer-based
• Risk of Theft.
accounting systems.
• Weak Back up Procedures.
• Risk of Virus Infection.
Who is ultimately responsible for the
planning, approval, budgeting, design, as
Control Group
well as implementation of cost-effective
controls in an IT environment?
Uninterruptible power supplies are used in
Data loss stored in Random Access Memory
computer facilities to minimize the risk of
To verify the integrity of electronic
Which of the following is the audit objective commerce or transactions by determining
in relation to equipment failure? whether controls are in place to detect and
correct message loss.
The following are the major objectives
segregation of incompatible functions, Verifying IT management positions
which one is not?
The following are elements of computer
Licenses & upgrades
center controls, which ones are not?
XAUDCIS – REVIEWER (PRELIMS)

Which of the following is not an audit

Verify monitoring and reporting of security
procedure in checking for malicious &
violations
destructive programs for operating systems?
These are specially designed applications
that interact with the user, other
Database Management Systems
applications, and the database itself to
capture and analyze data
The following are considered as
Any change or addition must be performed
disadvantages of using a flat file approach
once
except one w/c is
The following are considered as advantages
of using database approach except one It requires multiple updates
which is
A. Database Management System.
B. Users.
Which of the following is not considered as
C. Physical Database.
an element of database?
D. Database Administrator.
E. None of these.
This can be used to 'patch' third party
applications to the database management
system and is considered as a proprietary
Data Manipulation Language
language that a particular DBMS uses to
retrieve, process, and store data to/from
the database.
The functions of a database administrator
are to be involved under which of these Design
phases of database management system?
A parent record may have one or more child
records and while a child can have more
Hierarchical Model
than one parent are limitations under what
database model?
Which of the following statements is DDP system would mean moving to total
incorrect? decentralization
This is splitting the central database into
segments that are distributed to their Partitioning
primary users
A. Those authorized to use databases are
limited to data needed to perform their
duties.
Which of the following is not considered as B. Those unauthorized individuals are denied
a crucial database control issues? access to data.
C. Those backup controls can adequately
recovery lost, destroyed, or corrupted data.
D. None of these.
This refers to the organization of data as a
Database Schema
blueprint of how a database is constructed.
A. Verify if production databases are copied
or backed up at regular intervals.
B. Verify if databases have automatic back
Which of the following is considered as an
up.
audit procedure for DBMS?
C. Verify if backup copies of the database are
stored off site to support disaster recovery.
D. All of these.