Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
- 3rd side (hint)
ISACA Standards
|
1.3.2
Charter Independence Ethics Competence Planning Performance Reporting Follow-up Irregularities/Illegal Governance Planning Materiality Experts Evidence Controls E-Commerce |
1.3.2
|
|
What is the most important consideration for a forensic auditor, regarding computer evidence?
|
1.6.1
To make a bit-stream image of the target drive and examine the image without altering date stamps. |
|
|
Confidence coefficient
|
1.6.13
A percentage expression of the probability that the characteristics are a true representation of the population. The greater the confidence coefficient, the larger the sample size. |
|
|
Level of Risk
|
1.6.13
Equal to one minus the confidence coefficient. |
|
|
Precision
|
1.6.13
Represents the acceptable range difference between the sample and the actual population. |
|
|
Expected Error Rate
|
1.6.13
An estimate stated as a percent of the errors that may exist. The greater the expected error rate, the greater the sample size. Applied to attribute sampling not variable sampling. |
|
|
Tolerable Error Rate
|
1.6.13
misstatement or number of errors that can exist without an account being materially misstated. It is used for the planned upper limit of the precision range for compliance testing. |
|
|
Population standard deviation
|
1.6.13
A mathematical concept that measures the relationship to the normal distribution. The greater the standard deviation, the larger the sample size. Applied to variable sampling not attribute sampling. |
|
|
What framework's good practices are more strongly focused on control and less on execution?
|
1.5.3
COBIT |
|
|
Audit Charter
|
1.2.1
Document that clearly states management's responsibilities and objectives for, and delegation of authority to, the IS audit function. |
|
|
What are the two key aspects that controls should address?
|
1.5
1. What should be achieved 2. What should be avoided |
|
|
What good practices unambiguously measure, monitor and optimize the realization of business value from investment in IT?
|
1.5.3
Val IT |
|
|
What is one of the basic purposes of any IS audit?
|
1.6.9
To identify control objectives and the related controls that address the objective. |
|
|
What are some variables considered in a risk assessment scoring system?
|
1.6.8
Technical complexity Level of control procedures in place and Level of financial loss |
|
|
What are the steps to performing an audit?
|
1.2.3
1. Gain an understanding of business's mission, objectives, purpose and processes 2. Identify policies, standards, guidelines, procedures and organizational structure. 3. Perform risk analysis 4. Set audit scope & objectives 5. Develop audit approach/strategy 6. Address engagement logistics |
|
|
What is the the iterative life cycle of the risk assessment process?
|
1.4
1. Identify business objectives (BO) 2. Identify information assets supporting BOs 3. Perform Risk Assessment (RA) (Threat - Vulnerability - Probability - Impact) 4. Perform Risk Mitigation (RM) (Map risks with controls in place). 5. Perform Risk Treatment (RT) (Treat significant risks not mitigated by existing controls). 6. Perform Periodic Risk Revaluation (BO/RA/RM/RT) |
|
|
What good practices help provide a way to focus effectively on IT-related business risk areas?
|
1.5.3
Risk IT |
|
|
What good practices help those with an interest in value delivery from IT?
|
1.5.3
Val IT |
|
|
What helps an auditor efficiently determine the nature and extent of testing?
|
1.6.5
Risk-based audit approach |
|