100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CISA Study Notes Practice Questions and Answers (100% Pass) $13.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. CISA - Certified Information Systems Auditor
  4.  
  5. CISA - Certified Information Systems Auditor

Exam (elaborations)

CISA Study Notes Practice Questions and Answers (100% Pass)
 7 views  0 purchase
  • Course
  • CISA - Certified Information Systems Auditor
  • Institution
  • CISA - Certified Information Systems Auditor

CISA Study Notes Practice Questions and Answers (100% Pass) Who is responsible for imposing an IT governance model encompassing IT strategy, information security, and formal enterprise architectural mandates? - Answer️️ -IT executives and the Board of Directors The party that performs strat...

[Show more]

Preview 4 out of 31  pages

Document information

  • August 16, 2024
  • 31
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • cisa study notes practice questions and answers 1

Written for

  • CISA - Certified Information Systems Auditor
  • CISA - Certified Information Systems Auditor

Seller

avatar-seller
OliviaWest

Reviews received

Content preview

©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM



CISA Study Notes Practice Questions and Answers (100% Pass)


Who is responsible for imposing an IT governance model encompassing IT

strategy, information security, and formal enterprise architectural mandates? -

Answer✔️✔️-IT executives and the Board of Directors


The party that performs strategic planning, addresses near-term and long-term

requirements aligning business objectives, and technology strategies. - Answer✔️✔️-

The Steering Committee

What three elements allow validation of business practices against acceptable

measures of regulatory compliance, performance, and standard operational

guidelines. - Answer✔️✔️-(1.) Polices (2.) Procedures (3.) Standards


What activity involves the identification of potential risk and the appropriate

response for each threat based on impact assessment using qualitative and/or

quantitative measures for an enterprise-wide risk management strategy? -

Answer✔️✔️-Risk Management


IT Governance is most concerned with.... - Answer✔️✔️-IT Strategy


Describe the advantages of outsourcing. - Answer✔️✔️-Outsourcing is an

opportunity for the organization to focus on core competencies. When an


1

,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM


organization oursources a business function, it no longer needs to be concerned

about training employees in that function. Outsources does not always reduce

costs, because cost reduction is not always the primary goal of oursourcing.

An external IS auditor has discovered a segregation of duties issue in a high value

process. What is the best action for the auditor to take? - Answer✔️✔️-The external

auditor can only document the finding in the audit report. An external auditor is not

in a position to implement controls.

An organization has chosen to open a business office in another country where

labor costs are lower and has hired workers to perform business functions there.

This organization has done what? - Answer✔️✔️-The organization is insourcing -

while they may have opened the office in a foreign country, they have hired locals

to do the work as opposed to contracting with a third party.

An organization has discovered that some of its employees have criminal records.

What is the best course of action for the organization to take? - Answer✔️✔️-The

organization should have background checks performed on all of its existing

employees and also begin instituting background checks of all new-hires. It is not

necessarily required to terminate the employees - their offenses may not warrant

termination.




2

,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM


The options for Risk Treatment are: - Answer✔️✔️-Risk Mitigation Risk Avoidance

Risk Transfer Risk Acceptance


Annualized Loss Expectance (ALE) is defined as: - Answer✔️✔️-ALE is the annual

expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the

annualized rate of occurrence (ARO.)


A quantitative risk analysis is more difficult to perform because: - Answer✔️✔️-It is

difficult to get accurate figures on the frequency of specific threats. It is difficult to

determine the probability that a threat will be realized. It is relatively easy to

determine the value of an asset and the impact of a threat event.

An IS auditor is examining the IT standards document for an organization that was

last reviewed two years earlier. The best course of action for the IS auditor is: -

Answer✔️✔️-Report that the IT standards are not being reviewed often enough. Two

years is far too long between reviews of IT standards.


The purpose of a Balanced Scorecard is: - Answer✔️✔️-To measure organizational

performance and effectiveness against strategic goals.


The 4-item focus of a Balanced Scorecard is: - Answer✔️✔️-(1.) Financial (2.)

Customer (3.) Internal processes (4.) Innovation / Learning




3

, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM


The audit program is an audit strategy and plans that include: - Answer✔️✔️-(1.)

Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls

and processes

IS auditors can stay current with technology through the following means: -

Answer✔️✔️-(1.) training courses (2.) webinars (3.) ISACA chapter training events

(4.) Industry conferences


Name the three Types of Controls - Answer✔️✔️-(1.) Physical (2.) Technical (4.)

Administrative


Name the two Categories of Controls - Answer✔️✔️-(1.) Automatic (2.) Manual


Name the Eight Types of Audits - Answer✔️✔️-(1.) Operational (2.) Financial (3.)

Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service

Provider

What type of testing is performed to determine if control procedures have proper

design and are operating properly? - Answer✔️✔️-Compliance Testing


What type of testing is performed to verify the accuracy and integrity of

transactions as they flow through a system? - Answer✔️✔️-Substantive Testing




4

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller OliviaWest. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79271 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.49
  • (0)
  Add to cart