AICPA AICPA Information Technology

Question 1

Which framework is most commonly referenced by CPAs when evaluating IT general controls and IT application controls in a US audit?

Accepted Answer

COBIT

Answer

TOGAF

Answer

ITIL

Answer

PRINCE2

Question 2

Under AICPA standards, what is the primary purpose of reviewing IT general controls (ITGCs) during a financial statement audit?

Accepted Answer

To assess whether automated application controls can be relied upon

Answer

To test the accuracy of individual journal entries

Answer

To verify the physical security of server hardware

Answer

To evaluate software licensing compliance

Question 3

Which type of IT control automatically prevents an invalid transaction from being processed in an accounting system?

Accepted Answer

Preventive application control

Answer

Detective general control

Answer

Corrective manual control

Answer

Compensating physical control

Question 4

An auditor discovers that a company allows programmers to have direct access to the production environment. This is an example of a weakness in which ITGC domain?

Accepted Answer

Logical access

Answer

Change management

Answer

Computer operations

Answer

System development

Question 5

Under the AICPA's guidance, a Service Organization Control (SOC) 1 report is primarily used to address controls at a service organization that are relevant to:

Accepted Answer

User entities' internal control over financial reporting

Answer

Privacy of personal information

Answer

Cybersecurity risk management

Answer

Operational efficiency metrics

Question 6

Which data backup strategy ensures the shortest recovery time objective (RTO) by maintaining a continuously updated copy of the production database?

Accepted Answer

Hot site with real-time replication

Answer

Cold site with weekly tape backup

Answer

Warm site with daily incremental backup

Answer

Offsite vault with monthly full backup