CISA EXAM QUESTIONS
(INFORMATION SYSTEMS AUDITING
PROCESS) QUESTIONS AND ANSWERS
WITH SOLUTIONS 2024
When evaluating the collective effect of preventive, detective and corrective controls within a process,
an IS auditor should be aware of which of the following?
A. The point at which controls are exercised as data flow through the system
B. Only preventive and detective controls are relevant
C. Corrective controls are regarded as compensating
D. Classification allows an IS auditor to determine which controls are missing - ANSWER A.
An IS auditor who has discovered unauthorized transactions during a review of electronic data
interchange (EDI) transactions is likely to recommend improving the:
A. EDI trading partner agreements.
B. physical controls for terminals.
C. authentication techniques for sending and receiving messages.
D. program change control procedures. - ANSWER C.
Which of the following is an attribute of the control self-assessment approach?
A. Broad stakeholder involvement
B. Auditors are the primary control analysts
C. Limited employee participation
D. Policy driven - ANSWER A.
A company has recently upgraded its purchase system to incorporate electronic data interchange (EDI)
transmissions. Which of the following controls should be implemented in the EDI interface to provide for
efficient data mapping?
A. Key verification
B. One-for-one checking
, C. Manual recalculations
D. Functional acknowledgements - ANSWER D.
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure
that:
A. controls needed to mitigate risk are in place.
B. vulnerabilities and threats are identified.
C. audit risk is considered.
D. a gap analysis is appropriate. - ANSWER B.
A PRIMARY benefit derived for an organization employing control self-assessment techniques is that it:
A. can identify high-risk areas that might need a detailed review later.
B. allows IS auditors to independently assess risk.
C. can be used as a replacement for traditional audits.
D. allows management to relinquish responsibility for control. - ANSWER A.
In planning an IS audit, the MOST critical step is the identification of the:
A. areas of significant risk.
B. skill sets of the audit staff.
C. test steps in the audit.
D. time allotted for the audit. - ANSWER A.
Which of the following represents the GREATEST potential risk in an electronic data interchange (EDI)
environment?
A. Lack of transaction authorizations
B. Loss or duplication of EDI transmissions
C. Transmission delay
D. Deletion or manipulation of transactions prior to or after establishment of application controls -
ANSWER A.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Performance. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
