100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CISA Domain 1 Verified Exam Questions and Answers CA$18.03   Add to cart
Quickly navigate to
Preview
  2.  
  3. CISA
  4.  
  5. CISA

Exam (elaborations)

CISA Domain 1 Verified Exam Questions and Answers
 9 views  0 purchase
  • Course
  • CISA
  • Institution
  • CISA

CISA Domain 1 Verified Exam Questions and Answers An IS auditor is conducting a compliance test to determine whether controls support management policies and procedures. The test will assist the IS auditor to determine: - answerThat the control is operating as designed Compliance tests can be ...

[Show more]

Preview 4 out of 40  pages

Document information

  • August 17, 2024
  • 40
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • cisa domain 1 verified exam questions and answers

Written for

  • CISA
  • CISA

Seller

avatar-seller
Brightstars

Content preview

©EXAM STUDY MATERIAL 8/9/2024 11:50 AM



CISA Domain 1 Verified Exam Questions
and Answers


An IS auditor is conducting a compliance test to determine whether controls support
management policies and procedures. The test will assist the IS auditor to determine: -
answer✔✔That the control is operating as designed


Compliance tests can be used to test the existence and effectiveness of a defined process.
Understanding the objective of a compliance test is important. IS auditors want reasonable
assurance that the controls they are relying on are effective. An effective control is one that
meets management expectations and objectives.
When developing a risk management program, what is the first activity to be performed? -
answer✔✔Inventory of assets.


Identification of the assets to be protected is the first step in developing a risk management
program.

The primary purpose of an IT forensic audit is: - answer✔✔The systemic collection and analysis
of evidence after a system irregularity.
Due to resource constraints of the IS audit team, the audit plan as originally approved cannot be
completed. Assuming that the situation is communicated in the audit report, which course of
action is most acceptable:


Test the adequacy of the control design
Test the operational effectiveness of the control
Focus on auditing high risk areas

Relying on management testing of controls. - answer✔✔Focus on high risk areas. Reducing the
scope and focusing on auditing high-risk areas is the bets course of action.

, ©EXAM STUDY MATERIAL 8/9/2024 11:50 AM


While planning an IS audit, an assessment of risk should be made to provide: -
answer✔✔Reasonable assurance that the audit will cover material items.


ISACA IS Audit and Assurance Guideline 2202 (Risk Assessment in Planning) states that the
applied risk assessment approach should help with the prioritization and scheduling process of
the IS audit and assurance work. It should support the selection process of areas and items of
audit interest and the decision process to design and conduct particular IS audit engagements.
Which of the following best describes the purpose of performing a risk assessment in the
planning phase of an IS audit:


Establish adequate staffing requirements to complete the IS audit
To provide reasonable assurance that all material items will be addressed
To determine the skills required to perform the IS audit

To develop the audit program and procedures - answer✔✔To provide reasonable assurance that
all material items will be addressed.


A risk assessment helps focus the audit procedures on the highest risk areas included in the scope
of the audit.
A financial institution with multiple branch offices has an automated control that requires the
branch manager to approve transactions more than a certain amount. What type of audit control
is this? - answer✔✔Preventative.
An IS auditor is validating a control that involved a review of system generated exception
reports. Which of the following is the best evidence of the effectiveness of the control.


1- Walkthrough with the reviewer of the operation of the control
2- System generated exception report for the review period with the reviewers sign off
3- A sample system generated exceptions report for the review period, with follow-up action
items noted by the reviewer
4- Management's confirmation of the effectiveness of the control for the review period. -
answer✔✔A sample system generated exceptions report for the review period, with follow-up
action items noted by the reviewer.

, ©EXAM STUDY MATERIAL 8/9/2024 11:50 AM



A sample of a system generated report with evidence that the reviewer followed up on the
exception represents the best possible evidence of the effective operation of the control because
there is documented evidence that the reviewer has reviewed and taken actions based on the
exception report.
Which of the following is the most important skill an IS auditor should develop to understand the
constraints of conducting an audit:


1 - Contingency Planning
2 - IS Management resource allocation
3 - Project Management

4 - Knowledge of internal controls - answer✔✔Project Management
The internal audit department has written some scripts that are used for continuous auditing of
some information systems. The IT department has asked for copies of the scripts so that they can
use them for setting up a continuous monitoring process on key systems. Would sharing these
scripts with IT effect the ability of IS auditors to independently and objectively audit the IT
function? - answer✔✔No. Sharing the scripts is permissible as long as IT recognizes that audits
may still be conducted in areas not covered in the scripts.


IS Audit can still review all aspects of the systems. They may not be able to review the
effectiveness of the scripts themselves, but they can still audit the systems.
When slecting audit procedures, an IS auditor should use professional judgement to ensure that: -
answer✔✔Sufficient evidence will be collected.


Procedures are processes an IS auditor may follow in an audit engagement. In determining the
appropriateness of any specific procedure, an IS auditor should use professional judgment
appropriate to the specific circumstance. Professional judgement involves a subjective and often
qualitative evaluation of conditions arising in the course of an audit. Judgment address a grey
area where binary (yes/no) decisions are not appropriate and the IS auditor's past experience
plays a key role in making a judgement. The IS auditor should use judgement in assessing the
sufficiency of evidence to be collected. ISACA's guidelines provide information on how to meet
the standards when performing IS audit work.

, ©EXAM STUDY MATERIAL 8/9/2024 11:50 AM


During the planning s stage of an IS audit, the primary goal of an IS auditor is to -
answer✔✔Address audit objectives


ISACA IS Audit and Assurance Standards requires that an IS auditor plan the audit work to
address the audit objectives.
An IS auditor is verifying that some of the policies have not been approved by managedment (as
required by policy), but the employee strictly follow the policies. What should the IS auditor do
first?


A) Ignore the absences of management approval because the employee follow the policies
B) Recommend immediate management approval of the policies
C) Emphasize the importance of approval to management

D) Report the absence of documented approval. - answer✔✔D) Reoirt the absence of
documented approval.


The IS auditor must report the findings. Unapproved policies may present a potential risk to the
organization, even if they are being followed, because this technically may prevent manament
from enforcing the policies in some cases, and may present legal issues.
An IS auditor has been assigned to conduct a test that compares job run logs to computer job
schedules. Which of the following observations would be of the GREATEST concern to the IS
auditor.


A) There are a growing number of emergency changes.
B) There were instances when some jobs were not completed on time
C) There were instances when some jobs were overridden by computer operators

D) Evidence shows that only scheduled jobs were run. - answer✔✔C) There were instances
when some jobs were overridden by computer operators.


The overriding of computer processing jobs by computer operators could lead to unauthorized
changes to data programs.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$18.03. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79202 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$18.03
  • (0)
  Add to cart