CISA: Domain #2, Part A: IT Governance
All documents for this subject (37)
Seller
Follow
lydiaomutho
Content preview
CISA questions
What is the definition of audit? - ANS-Auditing is a detailed and specific evaluation of a process,
procedure, organization, job function, or system, in which results are gathered and reported.
What is the purpose of ethics? - ANS-To mandate the professional and personal conduct of
auditors
According to the ISACA Code of Ethics is an auditor allowed to share the results of an audit with
other personnel? - ANS-The auditor must maintain confidentiality of the audit unless required by
legal authority
Should the IS audit plan be integrated into the overall audit plan for the organization? - ANS-The
IS Audit function must fulfill all organizational audit objectives.
An IS Auditor is best advised to follow the standards provided by ISACA for conducting an
planning IS Audits - ANS-ISACA audit standards are recommendations for planning IS audits.
ISACA Audit standard S2 Independence refers to what? - ANS-An Auditor should be
independent of the area being audited
Standard S4 Professional Competence, requires the auditor to have the skills to conduct the
audit? - ANS-appropriate continuing professional education
The basis for an audit plan should be what? - ANS-Risk
Audit findings and conclusions are supported by what? - ANS-Evidence
When an auditor uses the assistance of outside experts, what obligations does the auditor have
to review the work of the experts? - ANS-The auditor must apply additional test procedures if
the work of outside experts is not adequate
When an auditor is planning an information system audit and suspects a potential control
weakness, what are they obligated to do? - ANS-The auditor must consider the materiality of the
weakness and plan the audit accordingly.
What role does risk assessment have in audit planning? - ANS-Risk assessment is used to
determine the priorities for audit and allocation of audit resources.
What steps should an auditor take when a material irregularity is discovered? - ANS-The auditor
should communicate the irregularity to management in a timely manner
, What is the risk to an audit if unusual relationships exist between staff members in the area
being audited? - ANS-The auditor may be provided inaccurate evidence
True or False? Supervision of the information systems audit staff should not be necessary if the
staff is adequately trained and experienced - ANS-True
Once an audit is completed and submitted does the auditor have any further responsibility? -
ANS-Yes, the auditor should follow up to ensure that management addressed any audit issues
in a timely manner
IT governance means: - ANS-The IT function aligns with business mission, values and
objectives
Relationships with third parties may: - ANS-Require the organization to comply with the security
standards of the third party
True or False? The organization does not have to worry about the impact of third party
relationships on the security program - ANS-False
The role of an Information Systems Security Steering Committee is to: - ANS-Provide feedback
from all areas of the organization
The most effective tool a security department has is: - ANS-A security awareness program
The role of Audit in relation to Information Security is: - ANS-The validate the effectiveness of
the security program against established metrics
Who should be responsible for development of a risk management strategy? - ANS-The
Security Manager
The security requirements of each member of the organization should be documented in: -
ANS-Their job descriptions
What could be the greatest challenge to implementing a new security strategy? - ANS-Obtaining
buy-in from employees
Which forms of wireless media operate only when there are no obstacles in the transmission
path? - ANS-Spread spectrum
What best defines electrical noise? - ANS-Extraneous signals introduced onto network media.
An audit log is an example of a: - ANS-Detective control
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.