Exam (elaborations)
CISA - Execution (1)
- Course
- Institution
CISA - Execution (1)
[Show more]
Seller
Follow
lydiaomutho
Content preview
CISA - ExecutionWhich of the following sampling methods would be the MOST effective to determine whether
purchase orders issued to vendors have been authorized as per the authorization matrix?
A. Variable sampling
B. Stratified mean per unit
C. Attribute sampling
D. Unstratified mean per unit - ANS-C. Attribute sampling
This is the method used for compliance testing. In this scenario, the operation of a control is
being evaluated, and therefore, the attribute of whether each purchase order was correctly
authorized would be used to determine compliance with the control.
An IS auditor is determining the appropriate sample size for testing the existence of program
change approvals. Previous audits did not indicate any exceptions, and management has
confirmed that no exceptions have been reported for the review period. In this context, the IS
auditor can adopt a:
A. lower confidence coefficient, resulting in a smaller sample size.
B. higher confidence coefficient, resulting in a smaller sample size.
C. higher confidence coefficient, resulting in a larger sample size.
D. lower confidence coefficient, resulting in a larger sample size. - ANS-A. lower confidence
coefficient, resulting in a smaller sample size.
When internal controls are strong, a lower confidence coefficient can be adopted, which will
enable the use of a smaller sample size.
An auditee disagrees with an audit finding. Which of the following is the BEST course of action
for the IT auditor to take?
A. Discuss the finding with the IT auditor's manager.
B. Retest the control to confirm the finding.
C. Elevate the risk associated with the control.
D. Discuss the finding with the auditee's manager. - ANS-A. Discuss the finding with the IT
auditor's manager.
Discussing the disagreement with the auditor's manager is the best course of action because
other actions can weaken relationships with the auditee and auditor.
In a risk-based IS audit, where both inherent and control risk have been assessed as high, an IS
auditor would MOST likely compensate for this scenario by performing additional:
A. stop-or-go sampling.
B. substantive testing.
C. compliance testing.
, D. discovery sampling. - ANS-B. substantive testing.
Because both the inherent and control risk are high in this case, additional testing is required.
Substantive testing obtains audit evidence on the completeness, accuracy or existence of
activities or transactions during the audit period.
An IS auditor uses computer-assisted audit techniques (CAATs) to collect and analyze data.
Which of the following attributes of evidence is MOST affected by the use of CAATs?
A. Usefulness
B. Reliability
C. Relevance
D. Adequacy - ANS-B. Reliability
Because the data are directly collected by the IS auditor, the audit findings can be reported with
an emphasis on the reliability of the records that are produced and maintained in the system.
The reliability of the source of information used provides reassurance on the generated findings.
A substantive test to verify that tape library inventory records are accurate is:
A. determining whether bar code readers are installed.
B. determining whether the movement of tapes is authorized.
C. conducting a physical count of the tape inventory.
D. checking whether receipts and issues of tapes are accurately recorded. - ANS-C. conducting
a physical count of the tape inventory.
A substantive test includes gathering evidence to evaluate the integrity (i.e., the completeness,
accuracy and validity) of individual transactions, data or other information. Conducting a
physical count of the tape inventory is a substantive test.
An IS auditor wants to analyze audit trails on critical servers to discover potential anomalies in
user or system behavior. Which of the following is the MOST suitable for performing that task?
A. Computer-aided software engineering tools
B. Embedded data collection tools
C. Trend/variance detection tools
D. Heuristic scanning tools - ANS-C
Trend/variance detection tools are correct. They look for anomalies in user or system behavior,
such as invoices with increasing invoice numbers.
Which of the following will MOST successfully identify overlapping key controls in business
application systems?
A. Reviewing system functionalities that are attached to complex business processes
B. Submitting test transactions through an integrated test facility
C. Replacing manual monitoring with an automated auditing solution
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
74735 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now