信天翁 - 1-30題ans...
抄喇..:o40:
1.Observation and interviews
2.if an auditor knows internal controls are stong, the confidence coefficient may be lowered.
3.of the point at which controls are exercised as data now through the system.
4.determine whether information systems safeguard assets, and maintain data integrity.
5.detection risk.
6.Many user ids have identical passwards
7.record the observations and the risk arising from the collective weaknesses.
8.Trend/variance detection tools
9.identify and evaluate the existing controls.
10.purpose and scope of the audit being done.
11.Ensure that the malicious code is removed.
12.concluding that material errors do not exist, when in fact they do.
13.Duplicate transactions do not occur.
14.Lack of reporting of a success attack the network
15.Generalized audit soaware
16.The application owner was unaware of several changes applied to the appiication by the IT department.
17.A compliance test of program library controls
18.reasonable assurance that the audit will cover material items.
19.the threats/vulnerabilities afrecting the assets.
20.The preservation of the chain of custody for electronic evidence
21.compares processing output with independently calculated data.
22.describle the authority and responsiblilities of the audit department.
23.A confirmation letter received from an outside source
24.appropriate levels of protection are applied to information assets
25.Using a statisticai sample to inventory the tape library
26.facilitatior.
27.detection risk.
28.can identify high-risk areas that might need a detailed review later.
29.implemented a specific control during the development of the application system.
30.senior management and/or the audit committee.