CISA InFo Domain 1 Exam 20 Questions with Verified Answers,100% CORRECT

CISA InFo Domain 1 Exam 20 Questions with Verified Answers C. Mode Mode identifies the number of times a particular number is duplicated more than once. For example the in the followinglist of numbers find the mode: The mode is 3. - CORRECT ANSWER In sampling which of the following is a measure of central tendency? A. Variance B. Range C. Mode D. Standard Deviation A. Ability, as an IS auditor to be independent of existing IS relationships. Independence should be continually assessed by auditor and management. This assessment should consider such factors as changes in personal relationships, financial interest and prior job assignments and responsibilities. The fact that the employee has worked in IS for many years may not in itself ensure credibility. The audit department's needs should be defined and any candidate should be evaluated against those requirements. In additional, the length of service will not ensure technical competency and evaluating and evaluating an individual's qualifications based on the age of the individual is not a good criterion and is illegal in many parts of the world. - CORRECT ANSWER A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determine whether to hire this individual for this position should be based on the individual's experience and: A. Ability as an IS auditors to be independent of existing IS relationship. B. Age as training in audit techniques may be impractical. C. the length of service since this will help ensure technical competence. D. IS knowledge since this will bring enhance credibility to the audit function. D balancing of daily controls. Because balancing of daily control totals relates to specific applications and is not considered an overall general control concern. Answer A is NOT the best answer since documentation procedures within the IS department is an important general control concern. Answer B is not the best answer since organization of the IS Department is an important general control concern. Answer C is NOT the best answer since physical access controls and security measure are important general control concerns. - CORRECT ANSWER Each of the following is a general control concern EXCEPT: A. Documentation procedures within the IS Department. B. Physical access controls and security measures. C. Organization of the IS Department D. Balancing of daily control totals B Audit hooks The audit hook technique involves embedding code in application systems for the examination of selected transactions. This helps the IS auditor to act before an error or an irregularity gets out of hand. An embedded audit module involves embedding specially written software in the organization's host application system so that application systems are monitored on a selective basis. An integrated test facility is used when it is not practical to use test data and snapshots are used when an audit trail is required. - CORRECT ANSWER Which of the following online auditing techniques is most effective for the early detection of errors or irregularities. A. Embedded audit module B. Audit Hooks C. Integrated test facility D. Snapshots B IS management makes little real use of this system facility, control in this area is probably weak. The system log from any moderately used computer will be abundant and labor intensive to interpret at a meaningful level. It could be reasonable to assume and easy to verify that management "makes little real use of this system". It would be prudent of the IS Auditor to recommend the development of programs to summarize and provide management with meaningful reports. - CORRECT ANSWER In a review of the IS resource management function, the IS auditor finds that no computer routines were developed or acquired to read and take extracts from the mainframe system's job accounting software facility. Instead, the complete log record of system activitys printed out on a daily basis and distributed to several responsible managers in the IS Department. The most reasonable interpretation of this situation by the IS Auditor is that: A. Management's review of systems activity is unusually through; control in this area is probably strong. B. IS management makes little real use of this system facility, control in this area is probably weak. C. IS management is probably concerned over the high cost of developing or acquiring programs of this type. D. Operations management has decided to take this approach in the interest of maximizing systems efficiency. B. The application's degree of exposure The degree of exposure or audit risk should always be the key criteria for selecting candidates for an audit. - CORRECT ANSWER Which of the following would an Information System Auditor consider most important in selecting an application for audit? A. The IS Auditor level of experience. B. The application's degree of exposure. C. The results of previous audits. D. Whether or not the system is a financial one. A Describe the authority and responsibilities of the audit department. The audit charter typically sets out the role and responsibility of the internal audit department. It should state management's objectives for and delegation of authority to the audit department. It is rarely changed and does not constrain the audit plan or audit process which is usually part of annual audit planning, nor does it describes a code of professional conduct since such code is set by the profession and not by management. - CORRECT ANSWER The primary purpose of an audit charter is to: A. A describe the authority and responsibilities of the audit department. B. Formally document the audit department's plan of action. C. Document a code of professional conduct for the Auditor. D. Document the audit process used by the enterprise. B Periodic testing does not require separate test processes An ITF creates a fictitious entity in the database to process test transactions simultaneously with live input. It's advantage is that periodic testing does not require separate test processes. However, careful planning is necessary, and test data must be isolated from production data. - CORRECT ANSWER Which of the following is an advantage of an integrated test facility (ITF)? A. It eliminates the need to prepare test data. B. Periodic testing does not require separate test processes. C. It uses actual master files or dummies and the IS Auditor does not have to review the source of the transaction. D. It validates application systems and tests the ongoing operation of the system. A Likelihood of error An error is the least likely element to contribute to the potential for fraud. Answer A and C are incorrect since volume times value of transactions give an indication of the maximum potential loss through fraud. D is incorrect since gross risk less existing controls give net risk. - CORRECT ANSWER Which of the following is LEAST likely to be included in a review to assess the risk of fraud in application systems? A. Likelihood of error B. Value of transactions C. Volume of transactions D. Extent of existing controls B Technological complexity Best choice because technical complexity of an application is not as important as the materiality of the audit-risk associated with an application or sensitivity of the transactions. Regulatory agency requirements also play an important role in determining what to audit. Answer A is NOT the best choice because sensitivity of transactions would be an exposure to a company and should be considered in determining which applications should be audited. Answer C is NOT the best choice because the measurement of audit risk is an important component when determining the scope of an audit plan. The materiality of the audit risk associated with specific application would have an impact on whether the application is included in the audit scope. Answer D is NOT the best choice because applications may relate to operational area of the Company where regulatory agencies have required audits. - CORRECT ANSWER Which of the following criteria for selecting the application to be audited is LEAST likely to be used? A. Sensitivity of transactions B. Technological complexity C. Regulatory agency involvement D. Materiality of audit risk B. Asset controlled by the system The assets controlled by the system will always indicate how strategic a system is to the continuous functioning of the business. - CORRECT ANSWER Which criteria is the most important in selecting an application for auditing A. Impact of decision making B. Assets controlled by the system C. Cost of processing D. Importance of updated master files. A. System software audits A is the best because the IS Auditor needs specialized education in hardware and operating systems software. Answers B,C, and D can be performed when an IS Auditor has a basic level of data processing technical knowledge and usually requires no special training. - CORRECT ANSWER Which of the following types of audits requires the highest degree of data processing expertise? A. System software audits B. Microcomputer application audit C. Mainframe application audit D. General controls reviews C. The threats/vulnerabilities affecting the assets. One of the key factors to be considered while assessing the risks related to the use of various information systems is the threat and vulnerabilities affecting the assets. The risks related to the use of information assets should be evaluated in isolation from the installed controls. - CORRECT ANSWER An IS Auditor is evaluating management's risk assessment of information system. The IS Auditor should FIRST review: A. The effectiveness of the controls in place. B. The mechanism for monitoring the risk related to the asset C. The threats/vulnerabilities affecting the assets D. The controls already in place D. Use of audit software Use of audit software merely refers to a technique that can be used in performing an audit. It has no relevance to the development of the annual audit plan. - CORRECT ANSWER Which of the following factors should NOT be considered in establishing the priority of audits included in an annual audit plan? A. Audited procedural change B. The time period since the last audit. C. Prior audit findings D. Use of audit software B. Does the organization of the IS Department provide adequate separation of functions? Answer A,C and D all deal with questions that are normally addressed during the completion of an Application Review. The B best because it deals with a question that ITauditorswould ask as high level review or general controls review. - CORRECT ANSWER At the completion of the general controls review, the IS Auditor should be able to answer which of the following questions? A. What controls are in place to assure that only authorized transactions are processed? B. Does the organization of the IS Department provide adequate separation of functions? C. Which user has access to create a purchase order? D. How do input controls provide reasonable assurance that rejected data is re-entered? D. Production library listings The best source from which to draw any sample or test of system information is the automated system. The production libraries represent executables that are approved and authorized to process organizational data. Source programming listings would be time intensive. Program change requests are the documents used to initiate change; there is no guarantee that the request has been completed for all changes. Test library listings do not represent the approved and authorized executables. - CORRECT ANSWER Which of the following would be the BEST population to take a sample from when testing program changes? A. Program change request B. Test library listing C. Source program listing D. Production library listings A. 50 10,000 divided by 200 equal 50. In a population of 10,000 selecting every 50th item would produce a sample of 200. - CORRECT ANSWER An IS Auditor using systematic sampling for a population of 10,000 items determines that a sample size of 200 would be sufficient to accomplish the test objectives. The sample interval would be: A. 50 B. 200 C. 100 D. 500 B. Ensure all necessary controls are included in the initial design. The duty of IS Auditor is to ensure that required controls are included. Unless a consultant, the IS Auditor SHOULD NOT be involved in detail designs. During the Design Phase the IS Auditor's primary role is to ensure controls are included. - CORRECT ANSWER The primary role of an IS Auditor during the system design phase of an application development project is to: A. Advise the development manager on adherence to the schedule. B. Ensure all necessary controls are included in the initial design. C. Ensure the design accurately reflects the requirement. D. Advise on specific and detailed control procedures. D. Perform a risk ranking of the current and prposed application systems to prioritize the IS audit to be conducted. Is audit services should not be extended only if risk warrants it. Answers A B and C occur after D. AnswerB is not correct because the IS Audit Manager does not know what area are to appear in the IS audit plan until a risk analysis is completed and discussions are held with the audit committee members. Answer A is wrong because theAudit Manager would not meet the audit committee until after a risk analysis of area of exposure has been completed. Answer C is Not correct because a risk analysis would be the first step before any IS audit services are expended. - CORRECT ANSWER The first step the IS Auditor Manager should take when preparing the annual IS Audit plan is to: A. Begin with prior year's IS audit plan and carry over any IS audit that had not been accomplished. B. Meet with the audit committee members to discuss the IS audit plan for the upcoming year C. Ensure that the IS audit staff is competent in areas that are likely to appear on the plan and provide training as necessary. D. Perform a risk ranking of the current and prposed application systems to prioritize the IS audit to be conducted. A. The number of lines of code to be written The size of the system is the least important of the factors listed. All other factors have specific financial implications and an IS Auditor can be used to help mitigate the risk to the corporation with the development of a new system. - CORRECT ANSWER Which of the following is the LEAST important factor in determining the need for an IS Auditor to be involved in a new system development project? A. The number of lines of code to be written B. The potential benefits of the system C. The value of the system to the organization D. The cost of the system