Question 1
Question
A subset of a data warehouse is called a
Answer
business intelligence
data martian
data mart
small data warehouse
Question 2
Question
A data warehouse may include:
Answer
competitor information
an XBRL style sheet
an iPad
a digital dashboard
Question 3
Question
American Airlines may use business intelligence to:
Answer
track the cost of snacks on its airplanes.
monitor the cost of its pilots and flight attendants.
track the cost of its airplane fuel.
monitor prices on competitive routes.
All of the choices are correct
Question 4
Question
The computer-based technique to accumulate and analyze data is called:
Answer
data warehouse
digital dashboard
business intelligence
XBRL
Question 5
Question
The steps in business intelligence include:
Answer
gather information, analyze data for patterns, make decision.
query data warehouse, create data warehouse, make decision.
analyze data for patterns, gather information, make decision.
create data warehouse, query data warehouse, make decision.
Question 6
Question
A digital dashboard tracks, in a user-friendly way:
Answer
critical business markets
critical business failures
automobile speed
critical business processes.
Question 7
Question
XBRL facilitates business reporting of:
Answer
business processes.
the XML language.
financial and nonfinancial information
financial information only
Question 8
Question
The first person to propose using XML as a means to electronically deliver financial information was:
Answer
Robert Byrd
Charles Hoffman
Al Gore
Herb Hackett
Question 9
Question
XBRL GL, or XBRL Global Ledger Taxonomy, is different from XBRL U.S. GAAP because it facilitates:
Answer
efficient communication between the firm and external parties
efficient communication with customers
efficient communication with the supply chain
efficient communication within a firm
Question 10
Question
The stated advantages of XBRL GL do not include
Answer
reporting independence
system independence
scalability
flexibility
Question 11
Question
what is the mechanism called that firms may use to track their marketing efforts?
Answer
digital dashboard
XBRL
data analytics
business intelligence
Question 12
Question
XBRL assurance might include all but which of the following:
Answer
the XBRL tagging is accurate and complete
the most current, standardized XBRL taxonomy is used
the reports generated using XBRL are complete and received on a timely basis
the XBRL tagging is useful to investors
Question 13
Question
The XBRL style sheet is made in conformance with which standardized language?
Answer
XBRL GL
XML
XSL
XL
Question 14
Question
Which body mandated that operating firms in its jurisdiction submit their financial reports using XBRL?
Answer
FASB
SEC
NYSE
GASB
Question 15
Question
Which technique or tool is used to analyze data for business intelligence purposes?
Answer
data mining
big data
decision support systems
data marts
Question 16
Question
According to COSO, which of the following components of the enterprise risk management addresses an entity's integrity and ethical values?
Answer
information and communication
internal environment
risk assessment
control activities
Question 17
Question
which of the following items is one of the eight components of COSO's enterprise risk management framework?
Answer
operations
reporting
monitoring
compliance
Question 18
Question
In a large public corporation, evaluation internal control procedures should be responsibility of:
Answer
Accounting management staff who report to the CFO
Internal audit staff who report to the board of directors
operations management staff who report to the chief operation officer
security management staff who report to the chief facilities officer.
Question 19
Question
which of the following represents an inherent limitation of internal controls?
Answer
Bank reconciliations are not performed on a timely basis
the CEO can request a check with no purchase order
customer credit check not performed
shipping documents are not matched to sales office.
Question 20
Question
which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization
Answer
disclosing lack of segregation of duties to external auditors during the annual review
replacing personnel every three or four years
requiring accountants to pass a yearly background check
providing greater management oversight of incompatible acitvities.
Question 21
Question
Review of the audit log is an example of which of the following types of security control?
Answer
governance
detective
preventive
corrective
Question 22
Question
which of the following is NOT a component of internal control as defined by COSO?
Answer
control activities
inherent risk
control environment
monitoring
Question 23
Question
Which of the following is considered an application input control?
Answer
run control total
edit check
reporting distribution log
exception report
Question 24
Question
Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?
Answer
segregation of duties
ensure proper authorization of transactions
adequately safeguard assets
independently verify the transactions
Question 25
Question
Which of the following statements is correct regarding internal control?
Answer
A well-designed internal control environment ensures the achievement of an entity's control objectives
an inherent limitation to internal control is the fact that controls can be circumvented by management override.
a well-designed and operated internal control environment should detect collusion perpetrated by two people
internal control in a necessary business function and should be designed and operated to detect errors and fraud.
Question 26
Question
Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been
Answer
authorized
implemented
tested
monitored
Question 27
Question
A manufacturing firm identified that it would have difficulty sourcing raw materials locally, so it decided to relocate its production facilities. According to COSO, this decision represents which of the following response to the risk?
Answer
Risk reduction
Prospect theory
Risk sharing
Risk acceptance
Question 28
Question
Each of the following types of controls is considered to be an entity-level control, except those:
Answer
relating the the control environment
pertaining to the company's risk assessment process.
regarding the company's annual stockholder meeting
addressing policies over significant risk management processes
Question 29
Question
Controls in the information technology area are classified into preventive, detective, and corrective categories. Which of the following is preventive control?
Answer
Contingency planning
hash total
echo check
access control software
Question 30
Question
All of the following are examples of internal control procedures except:
Answer
using pre-numbered documents
reconciling the bank statement
customer satisfaction surveys
insistence that employees take vacations.
Question 31
Question
The Public Company Accounting Oversight Board (PCAOB) is not responsible for standards related to:
Answer
Accounting practice.
Attestation.
Auditing.
Quality control over attestation and/or assurance
Question 32
Question
Which of the following most likely would not be considered as an inherent limitation of the effectiveness of a firm's internal control?
Answer
incompatible duties
management override
mistakes in judgment
collusion among employees
Question 33
Question
According to COSO which of the following is NOT a component of internal control
Answer
control risk
control activities
monitoring
control environment
Question 34
Question
When considering internal control, an auditor should be aware of reasonable assurance, which recognizes that:
Answer
Internal control may be ineffective due to mistakes in judgment and personal carelessness.
Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.
Establishing and maintaining internal control is an important responsibility of management.
The cost of an entity's internal control should not exceed the benefits expected to be derived.
Question 35
Question
Proper segregation of duties calls for separation of the following functions:
Answer
Authorization, execution, and payment.
Authorization, recording, and custody.
Custody, execution, and reporting.
Authorization, payment, and recording.
Question 36
Question
An entity's ongoing monitoring activities often include:
Answer
Periodic audits by the audit committee.
Reviewing the purchasing function.
The audit of the annual financial statements
Control risk assessment in conjunction with quarterly reviews.
Question 37
Question
The overall attitude and awareness of a firm's top management and board of directors concerning the importance of internal control is often reflected in its:
Answer
Computer-based controls.
System of segregation of duties.
Control environment.
Safeguards over access to assets.
Question 38
Question
Management philosophy and operating style would have a relatively less significant influence on a firm's control environment when:
Answer
the internal auditor reports directly to the controller
management is dominated by one individual
accurate management job descriptions delineate specific duties
the audit committee does not have regular meetings.
Question 39
Question
According to AS 5, control risk should be assessed in terms of:
Answer
Specific controls
types of potential fraud
financial statement assertions
control environment factors
Question 40
Question
An auditor assesses control risk because it:
Answer
is relevant to the auditor's understanding of the control environment.
provides assurance that the auditor's materiality levels are appropriate.
indicates to the auditor where inherent risk may be greatest
affects the level of detection risk that the auditor may accept
Question 41
Question
the framework to be used by management in its internal control assessment under requirements of SOX is the
Answer
COSO internal framework
COSO enterprise risk management framework
COBIT framework
all of the above are correct
Question 42
Question
The internal control provisions of SOX apply to which companies in the United States?
Answer
All companies.
SEC registrants.
All issuer (public) companies and nonissuer (nonpublic) companies with more than $100,000,000 of net worth.
All nonissuer companies.
Question 43
Question
Reconciliation of cash accounts may be referred to as what type of control?
Answer
detective
preventive
adjustive
non-routine
Question 44
Question
Sound internal control dictates that immediately upon receiving checks from customers by mail, a responsible employee should:
Answer
add the checks to the daily cash summary
verify that each check is supported by a pre-numbered sales invoice
prepare a summary listing of checks received
record the checks in the cash receipts journal
Question 45
Question
Tracing shipping documents to pre-numbered sales invoices provides evidence that
Answer
-
no duplicate shipments or billings occured
shipments to customers were properly invoiced
all the goods ordered by customers were shipped
all pre-numbered sales invoices were accounted for
Question 46
Question
Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission
Answer
hash total
parity check
encryption
check digit
Question 47
Question
A customer intended to order 100 units of a product A, but incorrectly ordered nonexistent product B. Which of the following controls most likely would detect this error?
Answer
Validity check
Record count
Hash total
Parity check
Question 48
Question
Which of the following is an example of a validity check?
Answer
The computer ensures that a numerical amount in a record does not exceed some predetermined amount.
As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out.
The computer flags any transmission for which the control field value did not match that of an existing file record.
After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent.
Question 49
Question
Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group?
Answer
Check digit.
Validity check.
Echo check.
Limit check.
Question 50
Question
Ethical principles are derived from all of the following except:
Answer
Personal attitudes on issues of right and wrong.
Cost benefit analysis.
Cultural values.
Societal traditions.
Question 51
Question
Which of the following best describes why firms choose to create codes of ethics?
Answer
Because most people will not behave ethically without a written set of guidelines.
Codes of ethics protect firms against lawsuits that may be filed due to corporate fraud.
They allow firms to create a formal set of expectations for employees who may have different sets of personal values.
Companies must have a written code of ethics in order to conduct interstate commerce in the U.S.
Question 52
Question
Which of the following best describes what is meant by corporate governance?
Answer
The organizational structure and responsibilities of the executive team and board of directors of a corporation.
Regulatory bodies, such as the SEC and PCAOB, that govern the behavior of corporations.
The ability of a corporation’s management team to meet earnings forecasts over an extended period of time.
Management’s processes, policies, and ethical approach to safeguarding stakeholder interests.
Question 53
Question
The Sarbanes-Oxley Act (SOX) was passed as a response to which of the following events?
Answer
The savings & loan scandals of the 1980s.
The bust of dot-com bubble companies such as pets.com and Webvan.
Corporate reporting scandals by companies such as WorldCom, Enron, and Tyco.
Securities manipulation and insider trading in the 1930s.
Question 54
Question
In a computerized environment, internal controls can be categorized into which of the following?
Answer
General controls and application controls
detective controls and protective controls
network controls and transaction controls
preventive controls and mandatory controls
Question 55
Question
According to COSO ERM, which of the following is not one of the bases that should be used to analyze the risks of an identified event?
Answer
Inherent risk.
Organizational risk.
Residual risk.
Control risk.
Question 56
Question
Which of the following is not one of the responses to risk presented in COSO ERM?
Answer
Share the risk
accept the risk
Delegate the risk.
Reduce the risk.
Question 57
Question
The COSO ERM framework encourages a review of risks as they apply to achieving firms’ objectives. Which of the following is not one of the listed categories of objectives to be considered?
Answer
Environment.
Operations.
Strategic.
Compliance.
Question 58
Question
In the event identification component of the COSO ERM framework, management must classify events into which of the following?
Answer
Weaknesses and vulnerabilities.
Risks and opportunities.
Risks and rewards.
Controls and vulnerabilities.
Question 59
Question
COBIT 5 takes the view that all IT processes should provide clear links between all of the following except:
Answer
IT processes.
IT controls.
IT components.
IT governance requirements.
Question 60
Question
In addition to focusing on controls, COBIT 5 expands its scope by incorporating which of the following broad perspectives?
Answer
How IT brings value to the firm.
How IT can automate specific business processes.
IT networking requirements.
IT cost reductions.
Question 61
Question
Which of the following is not one of the key COBIT 5 principles for governance and management of enterprise IT?
Answer
Enabling a holistic approach
meeting stakeholder needs
separating management from shareholders
applying an integrated framework.
Question 62
Question
The IT Infrastructure Library (ITIL) is considered a de facto standard in which of the following regions?
Answer
Asia and Australia
North America
The UK
Europe
Question 63
Question
The ISO 27000 Series of standards are designed to address which of the following?
Answer
Corporate governance.
Internal controls.
Information security issues.
IT value.
Question 64
Question
Which of the following provides the advantage of incorporating other widely accepted standards and frameworks?
Answer
ITIL
COBIT 5
COSO 2013
ISO 27000
Question 65
Question
Integrity of information means the information is:
Answer
accurate
complete
accessible
accurate and complete are correct
Question 66
Question
Which of the following statements is incorrect about digital signatures?
Answer
A digital signature can ensure data integrity.
A digital signature also authenticates the document creator.
A digital signature is an encrypted message digest.
A digital signature is a message digest encrypted using the document creator's public key.
Question 67
Question
What is the primary objective of data security controls?
Answer
To establish a framework for controlling the design, security, and use of computer programs throughout an organization.
To ensure that data storage media are subject to authorization prior to access, change, or destruction.
To formalize standard, rules, and procedures to ensure the organization's control are properly executed.
To monitor the use of system software to prevent unauthorized access to system software and computer programs.
Question 68
Question
An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:
Answer
Password management.
Data encryption.
Digital certificates.
Batch processing.
Question 69
Question
When client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?
Answer
User passwords are not required to the in alpha-numeric format.
Management procedures for user accounts are not documented.
User accounts are not removed upon termination of employees.
Security logs are not periodically reviewed for violations.
Question 70
Question
Which of the following statement present an example of a general control for a computerized system?
Answer
Limiting entry of sales transactions to only valid credit customers.
Creating hash totals from social security number for the weekly payroll.
Restricting entry of accounts payable transactions to only authorized users.
Restricting access to the computer center by use of biometric devices.
Question 71
Question
Which of the following outcomes is a likely benefit of information technology used for internal control?
Answer
Processing of unusual or nonrecurring transactions.
Enhanced timeliness of information.
Potential loss of data.
Recording of unauthorized transactions.
Question 72
Question
In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?
Answer
Managing remote access.
Developing application programs.
Reviewing security policy.
Installing operating system upgrades.
Question 73
Question
An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?
Answer
Data restoration plan.
Disaster recovery plan.
System security policy.
System hardware policy.
Question 74
Question
Bacchus, Inc. is a large multinational corporation with various business units around the world. After a fire destroyed the corporation headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery?
Answer
Daily backup.
Network security.
Business continuity.
Backup power.
Question 75
Question
Which of the following statements regarding authentication in conducting e-business is incorrect?
Answer
It is a process that establishes the origin of information or determines the identity of a user, process, or device.
One key is used for encryption and decryption purposes in the authentication process.
Successful authentication can prevent repudiation in electronic transactions.
We need to use asymmetric-key encryption to authenticate the sender of a document or data set.
Question 76
Question
Which of the following is not included in the remediation phase for vulnerability management?
Answer
Risk Response Plan
Policy and procedures for remediation
Vulnerability Prioritization
Control Implementation
Question 77
Question
Which of the following does NOT represent a viable data backup method?
Answer
Disaster recovery plan
redundant arrays of independent drives
virtualization
cloud computing
Question 78
Question
Which of the following statements about asymmetric-key encryption is correct?
Answer
When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties.
Employees in the same company share the same public key.
Most companies would like to manage the private keys for their employees.
Most companies would like to use a Certificate Authority to manage the public keys of their employees.
Two of the above are correct.
Question 79
Question
Which statement is incorrect?
Answer
A fraud prevention program starts with a fraud risk assessment across the entire firm.
The audit committee typically has an oversight role in risk assessment process.
Communicating a firm's policy file to employees is one of the most important responsibilities of management.
A fraud prevention program should include an evaluation on the efficiency of business processes.
Question 80
Question
A disaster recovery approach should include which of the following elements?
Answer
Encryption.
Firewalls.
Regular backups.
Surge protectors.
Question 81
Question
Which of the following passwords would be most difficult to crack?
Answer
Go2California4fun
language
jennyjenny
pass56word
Question 82
Question
Which of the following is a password security weakness?
Answer
Users are assigned passwords when accounts are created, but do not change them.
Users have accounts on several systems with different passwords.
Users write down their passwords on a note paper, and carry it with them.
Users select passwords that are not part of an online password dictionary.
Question 83
Question
To prevent invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as:
Answer
A validation check.
check digit verification.
A dependency check.
-
A format check.
Question 84
Question
Which of the following security controls would best prevent unauthorized access to a firm's internal network?
Answer
User of a screen saver with a password.
use of a firewall
encryption of data files
automatic log-off inactive users
Question 85
Question
Why do Certificate Authority (CA) play an important role in a company's information security management?
Answer
Using a CA is required by SOX in managing information security.
Most companies use CA to manage their employees' public keys.
CA creates and maintains both the public and private keys for a company's employees.
None of the answer is correct.
Question 86
Question
When computer programs or files can be accessed from terminals, users should be required
Answer
parity check
password as a personal identification code
check digit
echo check
Question 87
Question
Which of the following controls would most likely assure that a company can reconstruct its financial records?
Answer
Security controls such as firewalls
Backup data are tested and stored safely
Personnel understand the data very well
Paper records
Question 88
Question
Why would companies want to use digital signatures when conducting e-business?
Answer
They are cheap.
They are always the same so it can be verified easily.
They are more convenient than requiring a real signature.
They can authenticate the document sender and maintain data integrity.
Question 89
Question
Select a correct statement regarding encryption methods?
Answer
To use symmetric-key encryption, each user needs two different keys.
Most companies prefer using symmetric-key encryption than asymmetric-key encryption method.
Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority.
When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods.
Question 90
Question
Which of the following describes the primary goals of the CIA approach to information security management?
Answer
Controls, Innovation, Analysis.
Confidentiality, Integrity, Availability.
Convenience, Integrity, Awareness.
Confidentiality, Innovation, Availability.
Question 91
Question
Which of the following is not one of the common techniques for information security risks and attacks?
Answer
Spam.
Botnet.
TraceRT.
Social Engineering.
Question 92
Question
Encryption is a control that changes plain text into which of the following?
Answer
Cyberspace
Cryptext
Mnemonic Code
Cyphertext
Question 93
Question
Which of the following would most likely be used for a secure initial logon process?
Answer
symmetric-key encyrption.
asymetric-key encryption.
dual-handshake encryption.
56-bit encryption.
Question 94
Question
Asymmetric-key encryption uses which of the following techniques to allow users to communicate securely?
Answer
a message digest.
a 16-bit encryption key.
a public key and a private key.
a digital signature
Question 95
Question
A Public Key Infrastructure (PKI) provides the ability to do which of the following?
Answer
Encrypt messages using a private key
enable debit and credit card transactions.
Read plaintext.
Issue, maintain, and revoke digital certificates.
Question 96
Question
Which of the following best illustrates the use of multifactor authentication?
Answer
Requiring password changes every 30, 60, or 90 days
requiring the use of a smart card and a password
requiring the use of upper case, lower case, numeric, and special characters for a password
the use of a fingerprint scanner for access to a device
Question 97
Question
Which of the following groups is responsible for conducting fraud risk assessment for an organization?
Answer
The External Auditor.
The Audit Committee.
The Internal Audit group.
Management.
Question 98
Question
Both ISACA and the GTAG define vulnerability. Which of the following does not represent one of these definitions?
Answer
The nature of IT resources that can be exploited by a threat to cause damage.
An intruder’s attempts to exploit weaknesses in IT resources.
Weaknesses or exposures in IT assets that may lead to business, compliance, or security risk.
All of the other items represent the definitions of vulnerability stated by ISACA and the GTAG.
Question 99
Question
Which of the following statements is true regarding risk management and vulnerability management?
Answer
They both have the objective of reducing the likelihood that detrimental events occur.
Risk management is often conducted using an IT asset-based approach.
Vulnerability management is more complex and strategic.
Both approaches involve processes that typically take many months or years to complete.
Question 100
Question
Which of the following describes the recommended prerequisites for managing vulnerabilities?
Answer
Implement the COSO ERM framework, and identify key vulnerabilities.
Determine the main objective of vulnerability management, and assign roles and responsibilities.
Identify the key vulnerabilities, and implement appropriate controls to minimize the vulnerabilities.
Implement suitable controls, and assess those controls for potential vulnerabilities.
Question 101
Question
Which of the following is NOT one of the main components of vulnerability management and assessment?
Answer
Identification
remediation
Internalization
Maintenance
Question 102
Question
For businesses considering a cloud computing solution, which of the following should they ask the cloud vendor to provide before entering into a contract for critical business operations?
Answer
FASB 51 Report.
SOC 1 Report.
SAS 3 Report.
SOC 2 Report
Question 103
Question
Which of the following statements is most accurate with regard to business continuity management (BCM) and disaster recovery planning (DRP)?
Answer
DRP is an important component of BCM.
BCM and DRP should be considered independently of each other.
BCM is an important component of DRP.
DRP should be considered as optional, while BCM should be considered as necessary.
Question 104
Question
A RAID array implemented in a data center is an example of which of the following?
Answer
Virtualization.
Uninterruptible power supply.
Fault tolerance.
SOC 3.
Question 105
Question
The three Vs of big data are volume, velocity, and veracity.
Question 106
Question
Data analytics is best described as the science of reducing extremely large datasets down to more manageable databases that can then be processed using traditional tools.
Question 107
Question
The process of scrubbing raw data to remove extraneous data and other noise in order to increase its usefulness is known as extract, transform, and load.
Question 108
Question
According to the results of the PwC's 18th Annual Global CEO Survey, CEO's aren't yet ready to place a high value on data analytics.
Question 109
Question
Data analytics are likely to play a significant role in future audit activities.
Question 110
Question
Audit data standards (ADS) are standards for data files and fields typically needed to support an external audit in a given financial business process area.
Question 111
Question
The Data Accountability and Trust Act of 2009 (DATA) is designed to standardize the format of files and fields typically used to support an external audit in given financial business processes.
Question 112
Question
Tableau can be differentiated from traditional analysis tools such as Excel because it is specifically designed to perform data analysis and visualization.
Question 113
Question
Which of the following is the best definition of the term big data?
Answer
Databases measured in terms of zettabytes.
Datasets that are too large and complex for businesses’ existing systems utilizing traditional capabilities.
Databases for businesses that generate more than one million electronic transactions per month.
Datasets generated by social media applications such as Facebook, Twitter, Tencent QQ, and Instagram.
Question 114
Question
At its core, data analytics fits into the information value chain in which of the following ways?
Answer
The process of data analytics aims at transforming raw data into valuable information.
Data analytics aims to make an organization’s conversion process more efficient.
Data analytics requires organizations to share synced data with upstream and downstream business partners.
The process of data analytics is geared toward providing additional insight into customer activities and preferences.
Question 115
Question
Which of the following areas of financial reporting is most suitable for applying data analytics techniques?
Answer
Evaluation of estimates and valuations.
Variance reporting.
Calculating the components of equity.
Depreciation.
Question 116
Question
Which of the following best describes the skill sets used in data analytics?
Answer
Building data warehouses; Populating data structures; Mining the data.
Acquiring/cleansing data; Creating data structures/models; Mining/analyzing data.
Developing data structures/models; Acquiring storage capacity; Analyzing the data.
Creating data; Building data structures; Piloting data studies.
Question 117
Question
The use of data analytics will likely result in significant changes to clients’ expectations of their auditors. Which of the following is most likely not one of those expected changes?
Answer
More innovative thinking.
More time spent gathering and testing data.
Deeper and broader insights.
Faster and more efficient delivery of audit findings.
Question 118
Question
Which of the following best describes how external auditors’ interactions with their clients is likely to change due to the use of data analytics in the audit process?
Answer
External auditors will spend less time on audits and will not need to spend time with clients outside the audit.
External auditors will spend more time on detailed audit tasks, resulting in longer audit engagements.
External auditors will only interact with their clients virtually.
External auditors will stay engaged with clients beyond the audit.
Question 119
Question
Data analytics can help in accurately identifying organizational risks. All of the following are examples of such risk except:
Answer
“What-if” business forecasting.
Identifying security breaches.
Identifying flawed business processes.
Monitoring compliance with regulatory requirements.
Question 120
Question
Which of the following best describes the AICPA’s Audit Data Standards (ADS)?
Answer
The base level of testing procedures that should be performed on AIS data.
A set of analytic procedures designed to be used with modern ERPs’ large datasets.
A set of standards for data files and fields designed to support external audits.
The codification of all auditing guidelines pertaining to the data generated by AISs.
Question 121
Question
The Data Accountability and Trust Act of 2009 (DATA) requires data owners to notify which of the following when a data breach has been discovered?
Answer
The Federal Bureau of Investigation (FBI).
The Securities and Exchange Commission (SEC).
The Federal Trade Commission (FTC).
The National Security Agency (NSA).
Question 122
Question
Which of the following is not one of the Excel tools described as useful for data analytics?
Answer
Calculated Field
Tableau
Slicers
Power Pivot