Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.
Benvenuto and Brand Article
CPE Quiz #
Based on Information Systems Control Journal Volume 5, 2004
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Sayana Article1. In preparation of an IS audit of outsourcing, it is most important to determine and understand thoroughly the nature of the outsourced work. The focus should be on the areas of risk and the controls to mitigate those risks.
2. As most outsourcing arrangements are put in place after a detailed process of evaluations, due diligence and negotiations, the IS auditor can leave the review of the outsourcing contract to the company lawyer.
3. The audit of outsourcing is more than the audit of the service provider. Noting that the company and the service providers organizations are bigger than the outsourcing arrangement itself, many facets need to be reviewed to obtain a total picture.
Parkes Article4. From the IT governance perspective, the risks of outsourcing for the outsourcer are different from that of the receiving organization.
5. When core knowledge systems and development of new or maintenance of existing systems are outsourced, IT governance considerations for executives and the boards for the outsourcer include adequate backup and disaster recovery arrangements, security of associated communication channels, and contracted standards for software development and maintenance.
6. Reports to executives and directors in the form of overview flowcharts allow the reader to get the big picture on internal controls and security quickly, including the linkages to activities that have not been outsourced. They should substitute long reports in technical jargon.
7. Provision of computer equipment, replacement of network PCs and servers, and network devices are usually considered low-risk outsourced activities for both the receiving organization and the service provider.
Steuperaert Article8. The IT Governance Global Status Report was not intended to deal mainly with COBIT. To this end, the survey questionnaire and the research were kept solution-neutral up to the last stage. It was only at the last stage that specific questions were asked and information gathered concerning COBIT.
9. The COBIT purchasers represented 25 percent of the random sample of companies interviewed for the IT governance study and report.
10. One of the major findings and messages from the independent global survey and research project noted that COBIT is the preferred way to implement effective IT governance.
Shue Article11. The Public Company Accounting Oversight Board (PCAOB) auditing standard No. 2 specifically states that if the service organization is part of a user company's information system, it is part of the company's internal control over financial reporting.
12. A service organization�s auditor report such as SAS70-Type-1, which reports on controls placed in operation, will satisfy the Sarbanes-Oxley requirements for outsourcing controls.
Benvenuto and Brand Article13. The predominant thinking among US regulators, policy makers and providers is that when something is outsourced, the outsourcing company still owns it, is responsible for it and needs to control it.
14. SAS70 was designed to provide assurance over the general IT and process controls required within the Sarbanes-Oxley framework; therefore, no additional audit work needs to be performed.
15. In managing the risks of outsourcing, the authors recommend a risk management methodology model. Sources of control information for this model include laws and regulations, internal audit, SAS70, client audits and other third-party reviews.
16. According to the authors, the most involved and important step of the five-step approach to managing the risks of outsourcing is defining demarcation points between internal and external parties.
Your results will appear in a new window.
If the quiz is not displayed above, you either do not have a browser which