IT General Controls Practice Test

An issuer is audited under PCAOB standards. The company’s IT governance assigns responsibility for cybersecurity and financial systems to separate leaders, and there is no formal process for escalating cybersecurity incidents to the audit committee. A recent ransomware event affected a file server used to store accounting support schedules, though systems were restored from backups. Which factor would most likely affect the auditor's assessment of IT controls?

A nonissuer distribution company is undergoing a financial statement audit under AICPA standards. The company’s IT governance policy requires approval of system changes by a change advisory board, but the board did not meet for three months during the busiest season and changes were implemented directly by IT operations. The auditor is assessing the reliability of automated controls over inventory valuation that depend on system configuration. Which factor would most likely affect the auditor's assessment of IT controls?