Take the quiz online
Based on Volume 2, 2017—The Evolution of Audit
Value— 1 Hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
TRUE OR FALSE
RAVAL AND SHAH ARTICLE
1. To address risk exposures in third-party
risk management environments, host
companies consider the vendor as the target
of evaluation at the time of onboarding and
on an ongoing basis as well. For this, the
host company should implement and use
both traditional and innovative monitoring
approaches for continuous monitoring of the
identified risk factors.
2. Agile and effective trust relationships do
not rely on governance practices. Most
organizations working with third parties
do have a coherent plan for ongoing
management of the relationship and the
services that are provided. The contract and
the various service agreements will be self-managing.
3. Given the complex cyber-based
relationships with third parties, the new
direction used to track the relevant
engagement risk is dynamic risk profiling.
KRESS AND HILDEBRAND ARTICLE
4. Without a consolidated data set to analyze,
the process of gathering and managing data
is inherently inefficient. The absence of a
coordinated, functionwide strategy led to
the analytics enthusiasts having a hard time
getting started and a harder time getting
access to the right data.
5. Maximizing the power of analytics during
the execution of the audit includes creating
automated dashboards for department risk
assessments and review of effectiveness
of testing procedures in governance, risk
and control (GRC) (control tested vs. issues
6. Tomorrow’s use of analytics in the execution
of an audit includes increasing horizontal
review across all teams and encouraging
disruption using an innovative analytical
approach through custom analytics.
7. Most blockchain proofs of concept are
designed to achieve benefits that fall loosely
into one of the three categories: reduce costs
and create process efficiencies, create an
ecosystem with higher-than-standard levels of
trust, or facilitate digital currency exchange.
8. Ongoing review to ensure the sustainability
of the assurance solution in blockchain will
not be necessary, but the nature, timing
and extent of the review work cannot
be determined by the technology used,
the business-use case and the evolving
ecosystem in which the instance is deployed.
9. Agile audit is primarily about increasing
the efficiency mainly of complex audits by
parallelizing tasks, eliminating or mitigating
bottlenecks, and assigning time to various
tasks that is proportional to each task’s
10. With regard to the audit aspect of leadership,
Agile audit is more democratic, as all team
members participate more or less equally (in
principle) to planning.
11. Some of the Agile audit guidelines include
striving to gain an early understanding of
the key audit issues and disseminate this
information within the audit team, discussing
findings as they are gathered, and shifting
resources if necessary.
12. Efforts at quantification of either black-box
logic, such as modeling loss distributions
based on extreme-value theory, or the
combination of various security metrics (often
using weighted averages) as a composite
metric have been successful enough to win
13. In situations where thresholds have been
established, an alternative and simpler
approach that relies on z-scores can be
adopted. This approach is just as sensitive
and precise as the standardized scores.