CISA ISACA Verified Exam Questions
and Answers
An audit charter should:
A. be dynamic and change to coincide with the changing nature of technology and the audit
profession.
B. clearly state audit objectives for, and the delegation of, authority to the maintenance and
review of internal contr...
An audit charter should:
A. be dynamic and change to coincide with the changing nature of technology and the audit
profession.
B. clearly state audit objectives for, and the delegation of, authority to the maintenance and
review of internal controls.
C. document the audit procedures designed to achieve the planned audit objectives.
D. outline the overall authority, scope and responsibilities of the audit function. - answer✔✔D is
the correct answer.
Justification:
A. The audit charter should not be subject to changes in technology and should not significantly
change over time. The charter should be approved at the highest level of management.
B. An audit charter states the authority and reporting requirements for the audit but not the
details of maintenance of internal controls.
C. Document the audit procedures designed to achieve the planned audit objectives is incorrect.
An audit charter is not at a detailed level and, therefore, does not include specific audit objectives
or procedures.
D. An audit charter should state management's objectives for and delegation of authority to IS
auditors.
Domain1: Information Systems Auditing Process
Sub-domain:
1A1IS Audit Standards, Guidelines, and Codes of Ethics
Task Statement:
2Conduct audit in accordance with IS audit standards and a risk‐based IS audit strategy.
Which of the following situations could impair the independence of an IS auditor? The IS
auditor:
A. implemented specific functionality during the development of an application.
B. designed an embedded audit module for auditing an application.
C. participated as a member of an application project team and did not have operational
responsibilities.
D. provided consulting advice concerning application good practices. - answer✔✔A is the
correct answer.
A. Independence may be impaired if an IS auditor is, or has been, actively involved in the
development, acquisition and implementation of the application system.
B. Designing an embedded audit module does not impair an IS auditor's independence.
C. IS auditors should not audit work that they have done, but just participating as a member of
the application system project team does not impair an IS auditor's independence.
D. An IS auditor's independence is not impaired by providing advice on known good practices.
______________________________________________________________________________
____
Domain:
1-Information Systems Auditing Process
Sub-domain:
1A1-IS Audit Standards, Guidelines, and Codes of Ethics
Task Statement:
38-Identify opportunities for process improvement in the organization's IT policies and practices.
In planning an IS audit, the MOST critical step is the identification of the:
A. areas of significant risk.
B. skill sets of the audit staff.
C. test steps in the audit.
D. time allotted for the audit.. - answer✔✔A is the correct answer.
A. When designing a risk-based audit plan, it is important to identify the areas of highest risk to
determine the areas to be audited.
B. This should have been considered before deciding and selecting the audit. Where the skills are
inadequate, the organization should consider using external resources.
C. These are not as critical during the audit planning process as identifying the areas of risk that
should be audited.
D. This is determined during the planning process based on the areas to be audited and is
primarily based on the requirement for conducting an appropriate audit.
______________________________________________________________________
Domain1Information Systems Auditing Process
Sub-domain1A2Business Processes
Task Statement2Conduct audit in accordance with IS audit standards and a risk‐based IS audit
strategy.
A PRIMARY benefit derived for an organization employing control self-assessment techniques
is that it:
A. can identify high-risk areas that might need a detailed review later.
B. allows IS auditors to independently assess risk.
C. can be used as a replacement for traditional audits.
D. allows management to relinquish responsibility for control. - answer✔✔A is the correct
answer.
A. Control self-assessment (CSA) is predicated on the review of high-risk areas that either need
immediate attention or may require a more thorough review later.
B. CSA requires the involvement of IS auditors and line management. The internal audit function
shifts some of the control monitoring responsibilities to the functional areas.
C. CSA is not a replacement for traditional audits. CSA is not intended to replace audit's
responsibilities, but to enhance them.
D. CSA does not allow management to relinquish its responsibility for control.
The extent to which data will be collected during an IS audit should be determined based on the:
A. availability of critical and required information.
B. auditor's familiarity with the circumstances.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
