2008年CISA春季考前准备_问题荟萃帖

voca

汗,这个很有难度说清楚

同等高手

appppa

原帖由 dovines 于 2008-4-1 11:11 发表
# 请高手介绍一下IT平衡积分卡是怎么采用三层架构四方面内容进行操作的?那三层面那四方面内容?

没有实践过:-p,看书，google search后，我的理解，
三层就是
mission(目标)
strategy（策略）
measures（衡量）

四个方面就是
financial perspective（tranditional financial evaluation）
customer perspective(user/customer satisfaction)
internal perspective(internal business processes)
innovation perspective(learning and growth, including training employee,corporate cultural attitudes related to both individual and corporate self-improvement)

IT BALANCED SCORECARD maybe sth like the following:
          Mission        Strategy        Measure
Financial                       
Customer                       
Business                       
Innovation                       

不好意思啊，不知道咋画表格

欢迎高手指正

[ 本帖最后由 appppa 于 2008-4-2 17:42 编辑 ]

surfman

盖楼了   支持

dovines

voca

...

voca

那个经常来问问的兄弟好久没来了啊

randoming

拿出来看看啊

dovines

In a risk-based audit approach, an IS auditor should FIRST complete a/an:
A. inherent risk assessment.
B. control risk assessment.
C. test of control assessment.
D. substantive test assessment.
The correct answer is:
A. inherent risk assessment.


The first step in a risk-based audit approach is to gather information about the business and industry to evaluate the inherent risks. After completing the assessment of the inherent risks, the next step is to complete an assessment of the internal control structure. The controls are then tested, and on the basis of the test results, substantive tests are carried out and assessed.

在基于风险审计的过程中首先是收集业务和行业信息评估固有风险.然后是评估内部控制风险。控制测试以后，在测试结果的基础上进行实质性测试。

我的问题是:评估固有风险的目的是什么呢？就是说怎么应用固有风险评估结果?或者说怎么应用于报告中?

[ 本帖最后由 dovines 于 2008-4-17 21:06 编辑 ]

voca

拿什么东西？

voca

固有风险， 就是事务本身所具有的风险。  比如我买了个东西， 这东西就有被头顶风险。呵呵