CISA Domain 1 Complete Study Guide Test.
An IS auditor is conducting a compliance test to determine whether controls support management policies and procedures. The test will assist the IS auditor to determine: - CORRECT ANSWER That the control is operating as designed
Compliance tests can b...
CISA Domain 1 Complete Study Guide Test.
An IS auditor is conducting a compliance test to determine whether controls support management policies and procedures. The test will assist the IS auditor to determine: - CORRECT ANSWER That the control is operating as designed Compliance tests can be used to test the existence and effectiveness of a defined process. Understanding the objective of a compliance test is important. IS auditors want reasonable assurance that the controls they are relying on are effective. An effective control is one that meets management expectations and objectives.
When developing a risk management program, what is the first activity to be performed? - CORRECT ANSWER Inventory of assets.
Identification of the assets to be protected is the first step in developing a risk management program.
The primary purpose of an IT forensic audit is: - CORRECT ANSWER The systemic collection and analysis of evidence after a system irregularity.
Due to resource constraints of the IS audit team, the audit plan as originally approved cannot be completed. Assuming that the situation is communicated in the audit report, which course of action is most acceptable:
Test the adequacy of the control design
Test the operational effectiveness of the control
Focus on auditing high risk areas
Relying on management testing of controls. - CORRECT ANSWER Focus on high risk areas. Reducing the scope and focusing on auditing high-risk areas is the bets course of action.
While planning an IS audit, an assessment of risk should be made to provide: - CORRECT ANSWER Reasonable assurance that the audit will cover material items. ISACA IS Audit and Assurance Guideline 2202 (Risk Assessment in Planning) states that the applied risk assessment approach should help with the prioritization and scheduling process of the IS audit and assurance work. It should support the selection process of areas and items of audit interest and the decision process to design and conduct particular IS audit engagements.
Which of the following best describes the purpose of performing a risk assessment in the planning phase
of an IS audit:
Establish adequate staffing requirements to complete the IS audit
To provide reasonable assurance that all material items will be addressed
To determine the skills required to perform the IS audit
To develop the audit program and procedures - CORRECT ANSWER To provide reasonable assurance that all material items will be addressed.
A risk assessment helps focus the audit procedures on the highest risk areas included in the scope of the
audit.
A financial institution with multiple branch offices has an automated control that requires the branch manager to approve transactions more than a certain amount. What type of audit control is this? - CORRECT ANSWER Preventative.
An IS auditor is validating a control that involved a review of system generated exception reports. Which
of the following is the best evidence of the effectiveness of the control.
1- Walkthrough with the reviewer of the operation of the control
2- System generated exception report for the review period with the reviewers sign off
3- A sample system generated exceptions report for the review period, with follow-up action items noted by the reviewer
4- Management's confirmation of the effectiveness of the control for the review period. - CORRECT ANSWER A sample system generated exceptions report for the review period, with follow-up action items noted by the reviewer. A sample of a system generated report with evidence that the reviewer followed up on the exception represents the best possible evidence of the effective operation of the control because there is documented evidence that the reviewer has reviewed and taken actions based on the exception report.
Which of the following is the most important skill an IS auditor should develop to understand the constraints of conducting an audit:
1 - Contingency Planning
2 - IS Management resource allocation
3 - Project Management
4 - Knowledge of internal controls - CORRECT ANSWER Project Management
The internal audit department has written some scripts that are used for continuous auditing of some information systems. The IT department has asked for copies of the scripts so that they can use them for
setting up a continuous monitoring process on key systems. Would sharing these scripts with IT effect the ability of IS auditors to independently and objectively audit the IT function? - CORRECT ANSWER No. Sharing the scripts is permissible as long as IT recognizes that audits may still be conducted in areas not covered in the scripts. IS Audit can still review all aspects of the systems. They may not be able to review the effectiveness of the scripts themselves, but they can still audit the systems.
When slecting audit procedures, an IS auditor should use professional judgement to ensure that: - CORRECT ANSWER Sufficient evidence will be collected.
Procedures are processes an IS auditor may follow in an audit engagement. In determining the appropriateness of any specific procedure, an IS auditor should use professional judgment appropriate to the specific circumstance. Professional judgement involves a subjective and often qualitative evaluation of conditions arising in the course of an audit. Judgment address a grey area where binary (yes/no) decisions are not appropriate and the IS auditor's past experience plays a key role in making a judgement. The IS auditor should use judgement in assessing the sufficiency of evidence to be collected. ISACA's guidelines provide information on how to meet the standards when performing IS audit work.
During the planning s stage of an IS audit, the primary goal of an IS auditor is to - CORRECT ANSWER Address audit objectives ISACA IS Audit and Assurance Standards requires that an IS auditor plan the audit work to address the audit objectives.
An IS auditor is verifying that some of the policies have not been approved by managedment (as required by policy), but the employee strictly follow the policies. What should the IS auditor do first?
A) Ignore the absences of management approval because the employee follow the policies
B) Recommend immediate management approval of the policies
C) Emphasize the importance of approval to management
D) Report the absence of documented approval. - CORRECT ANSWER D) Reoirt the absence of documented approval.
The IS auditor must report the findings. Unapproved policies may present a potential risk to the organization, even if they are being followed, because this technically may prevent manament from enforcing the policies in some cases, and may present legal issues.
An IS auditor has been assigned to conduct a test that compares job run logs to computer job schedules.
Which of the following observations would be of the GREATEST concern to the IS auditor. A) There are a growing number of emergency changes.
B) There were instances when some jobs were not completed on time
C) There were instances when some jobs were overridden by computer operators
D) Evidence shows that only scheduled jobs were run. - CORRECT ANSWER C) There were instances when some jobs were overridden by computer operators.
The overriding of computer processing jobs by computer operators could lead to unauthorized changes to data programs.
An IS auditor is reviewing security controls for a critical web-based system prior to implementation. The results of the penetration test are inconclusive, and the results will not be finalized prior to implementation. Which of the following is the BEST option for the IS auditor.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ROSEGRADES. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.
