Exam (elaborations)
CISA- Planning- Set 2 (1)
- Course
- Institution
CISA- Planning- Set 2 (1)
[Show more]
Seller
Follow
lydiaomutho
Content preview
CISA- Planning- Set 2The MOST important reason for an IS auditor to obtain sufficient and appropriate audit
evidence is to:
A. comply with regulatory requirements.
B. provide a basis for drawing reasonable conclusions.
C. ensure complete audit coverage.
D. perform the audit according to the defined scope. - ANS-B. provide a basis for
drawing reasonable conclusions.
The scope of an IS audit is defined by its objectives. This involves identifying control
weaknesses relevant to the scope of the audit. Obtaining sufficient and appropriate
evidence assists the auditor in not only identifying control weaknesses but also
documenting and validating them.
An IS auditor performing an audit of the risk assessment process should FIRST confirm
that:
A. reasonable threats to the information assets are identified.
B. technical and organizational vulnerabilities have been analyzed.
C. assets have been identified and ranked.
D. the effects of potential security breaches have been evaluated. - ANS-C. assets have
been identified and ranked.
An appropriate control for ensuring the authenticity of orders received in an electronic
data interchange system application is to:
A. acknowledge receipt of electronic orders with a confirmation message.
B. perform reasonableness checks on quantities ordered before filling orders.
C. verify the identity of senders and determine if orders correspond to contract terms.
D. encrypt electronic orders. - ANS-C. verify the identity of senders and determine if
orders correspond to contract terms.
When evaluating the controls of an electronic data interchange (EDI) application, an IS
auditor should PRIMARILY be concerned with the risk of:
A. excessive transaction turnaround time.
B. application interface failure.
C. improper transaction authorization.
D. nonvalidated batch totals. - ANS-C. improper transaction authorization.
An organization's IS audit charter should specify the:
, A. plans for IS audit engagements.
B. objectives and scope of IS audit engagements.
C. detailed training plan for the IS audit staff.
D. role of the IS audit function. - ANS-D. role of the IS audit function.
Which of the following is the key benefit of a control self-assessment?
A. Management ownership of the internal controls supporting business objectives is
reinforced.
B. Audit expenses are reduced when the assessment results are an input to external
audit work.
C. Fraud detection will be improved because internal business staff are engaged in
testing controls.
D. Internal auditors can shift to a consultative approach by using the results of the
assessment. - ANS-A. Management ownership of the internal controls supporting
business objectives is reinforced.
The PRIMARY purpose of an IT forensic audit is:
A. to participate in investigations related to corporate fraud.
B. the systematic collection and analysis of evidence after a system irregularity.
C. to assess the correctness of an organization's financial statements.
D. to preserve evidence of criminal activity. - ANS-B. the systematic collection and
analysis of evidence after a system irregularity.
While evaluating software development practices in an organization, an IS auditor notes
that the quality assurance (QA) function reports to project management. The MOST
important concern for an IS auditor is the:
A. effectiveness of the QA function because it should interact between project
management and user management.
B. efficiency of the QA function because it should interact with the project
implementation team.
C. effectiveness of the project manager because the project manager should interact
with the QA function.
D. efficiency of the project manager because the QA function needs to communicate
with the project implementation team. - ANS-A. effectiveness of the QA function
because it should interact between project management and user management.
The internal audit department has written some scripts that are used for continuous
auditing of some information systems. The IT department has asked for copies of the
scripts so that they can use them for setting up a continuous monitoring process on key
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73091 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now