CPE Quiz #
Based on ISACA Journal Volume 5, 2009
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Singleton Article1. The Gramm-Leach-Bliley Act of 1999 requires entities that have experienced a security breach of personal private information, where the customers/clients are residents of California (USA), to notify each customer/client of the breach.
2. The privacy principle of “collection limitation” refers to the fact that personal data cannot be disclosed, made available or otherwise used for purposes other than those specified in the “purpose specification” principle.
3. The advantage of using cloud computing is the possible elimination of the risks associated with the storage problems related to laptops, USB drives and drives being transported.
Fischer Article4. Risk governance is one of the three domains of the Risk IT framework. It ensures that IT risk management practices are embedded in the enterprise, enabling it to secure optimal riskadjusted returns.
5. Risk response is about identification of the important and relevant risks that can possibly occur with IT or in relation to IT, given the pervasive presence of IT and the business's dependence on it.
6. A risk-aware culture begins at the top, with business executives who set direction, communicate risk-aware decision making and reward effective risk management behaviors. Risk awareness also implies that all levels within an enterprise are aware of how and why to respond to adverse IT events.
De Haes, Van Grembergen and Van Brempt Article7. The COBIT implementation status for the different IT governance processes revealed that the processes in the Plan and Organize and Monitor and Evaluate domains received overall the highest scores compared to those of the Deliver and Support and Acquire and Implement domains.
8. Research confirms a knowing-doing gap regarding the top 10 most important IT governance and business goals for enterprises, implying that enterprises are aware of the importance of these goals but do not manage to realize them in a proper way.
Adolphson and Greis Article9. Segregation of duties (SoD) dictates that problems such as fraud, material misstatement and financial statement manipulation have the potential to arise when the same individual is allowed to execute two or more conflicting sensitive transactions.
10. The goal of the remediation phase of the SoD road map is the temporary correction of SoD conflicts.
EE Article11. The Johari Window provides a means to understand the different levels of communication that take place between auditors and management. The Johari Window is comprised of a window dividing management and auditor awareness. The Blind Spot pane defines the area of information known by the auditors but not management.
12. The Facade pane in the Johari Window represents the highest level of uncertainty and the greatest potential for exploring new ideas and opportunities for improvement.
13. Another information processing paradigm—the Common Ground Congruity (CGC) model—covers underlying motivations and the overlaying perspectives among the official agenda, the client's agenda and the auditor's agenda.
Hare Article14. Segregation of duties (SoD) is one of the primary means to prevent fraud yet there is little consensus about best practices related to SoD, even several years since Sarbanes-Oxley was adopted.
15. External auditors will always be focused primarily on whether or not a company's financial statements are materially accurate. They have no exposure or accountability for fraud that is committed below the materiality threshold. It is up to management to design or redesign controls to catch submaterial fraud.
16. If looking at fraud risk holistically, processes and risks outside of the system are just as important as those inside the system. There are considerable risks in manual processes, especially below the materiality threshold, where IT auditors have little training and experience.
17. A comprehensive risk assessment project starts first by identifying the mitigating controls already in place—some may be key controls and some may not be key controls.
Your results will appear in a new window.
If the quiz is not displayed above, you either do not have a browser which