100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISA Domain 1: The Process of Auditing Information Systems Comprehensive Questions and Answers $9.49   Add to cart

Exam (elaborations)

CISA Domain 1: The Process of Auditing Information Systems Comprehensive Questions and Answers

 24 views  0 purchase
  • Course
  • CISA Domain 1: The Process of Auditing Information
  • Institution
  • CISA Domain 1: The Process Of Auditing Information

Which of the following forms of evidence would an IS auditor consider the MOST reliable?a. An internally generated computer accounting report b. An oral statement from the auditee c. The results of a test performed by an external IS auditor d. A confirmation letter received from an outside source, ...

[Show more]

Preview 3 out of 29  pages

  • September 2, 2024
  • 29
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • cisa domain 1
  • CISA Domain 1: The Process of Auditing Information
  • CISA Domain 1: The Process of Auditing Information
avatar-seller
dennys
,CISA Domain 1: The Process of Auditing In-
formation Systems
Which of the following forms of evidence would an IS auditor consider the MOST reliable?

a. An internally generated computer accounting report
b. An oral statement from the auditee
c. The results of a test performed by an external IS auditor
d. A confirmation letter received from an outside source - Ans c - the results of a test performed by
an outside source

An independent test that is performed by an IS auditor should always be considered a more reliable
source of evidence than a confirmation letter from a third party, because the letter is the result of an
analysis of the process and may not be based on authoritative audit techniques. An audit should
consist of a combination of inspection, observation and inquiry by an IS auditor as determined by
risk. This provides a standard methodology and reasonable assurance that the controls and test re-
sults are accurate.

An IS auditor discovers that devices connected to the network are not included in a network dia-
gram that had been used to develop the scope of the audit. The chief information officer explains
that the diagram is being updated and awaiting final approval. The IS auditor should FIRST:

a. expand the scope of the IS audit to include the devices that are not on the network diagram.
b. evaluate the impact of the undocumented devices on the audit scope.
c. note a control deficiency because the network diagram has not been approved.
d. plan follow-up audits of the undocumented devices. - Ans b. evaluate the impact of the undocu-
mented devices on the audit scope.

In a risk-based approach to an IS audit, the scope is determined by the impact the devices will have
on the audit. If the undocumented devices do not impact the audit scope, then they may be excluded
from the current audit engagement. The information provided on a network diagram can vary de-
pending on what is being illustrated—for example, the network layer, cross connections, etc.

Which of the following is MOST important to ensure before communicating the audit findings to
top management during the closing meeting?

a. Risk statement includes an explanation of a business impact.
b. Findings are clearly tracked back to evidence.
c. Recommendations address root causes of findings.
d. Remediation plans are provided by responsible parties. - Ans b. Findings are clearly tracked back
to evidence.

Without adequate evidence, the findings hold no ground; therefore, this must be verified before
communicating the findings.

The MAIN advantage of an IS auditor directly extracting data from a general ledger systems is:

a. reduction of human resources needed to support the audit
b. reduction in the time to have access to the information
c. greater flexibility for the audit department
d. greater assurance of data validity - Ans c. greater flexibility for the audit department

, If the IS auditor executes the data extraction, there is greater assurance that the extraction criteria
will not interfere with the required completeness, and, therefore, all required data will be collected.
Asking IT to extract the data may expose the risk of filtering out exceptions that should be seen by
the auditor. Also, if the IS auditor collects the data, all internal references correlating the various
data tables/elements will be understood, and this knowledge may reveal vital elements to the com-
pleteness and correctness of the overall audit activity.

Which of the following situations could impair the independence of an IS auditor? The IS auditor:

a. implemented specific functionality during the development of an application.
b. designed an embedded audit module for auditing an application.
c. participated as a member of an application project team and did not have operational responsibili-
ties.
d. provided consulting advice concerning application good practices. - Ans a. implemented specific
functionality during the development of an application.

Independence may be impaired if an IS auditor is, or has been, actively involved in the develop-
ment, acquisition and implementation of the application system.

An IS auditor who was involved in designing an organization's business continuity plan (BCP) has
been assigned to audit the plan. The IS auditor should:

a. decline the assignment.
b. inform management of the possible conflict of interest after completing the audit assignment.
c. inform the BCP team of the possible conflict of interest prior to beginning the assignment.
d. communicate the possibility of conflict of interest to audit management prior to starting the as-
signment. - Ans D. communicate the possibility of conflict of interest to audit management prior to
starting the assignment.

A possible conflict of interest, likely to affect the IS auditor's independence, should be brought to
the attention of management prior to starting the assignment.

The vice president of human resources has requested an IS audit to identify payroll overpayments
for the previous year. Which would be the BEST audit technique to use in this situation?

a. Generate sample test data
b. Generalized audit software
c. Integrated test facility
d. Embedded audit module - Ans B. Generalized audit software

This features include mathematical computations, stratification, statistical analysis, sequence check-
ing, duplicate checking and re-computations. An IS auditor, using generalized audit software, can
design appropriate tests to recompute the payroll, thereby determining whether there were overpay-
ments and to whom they were made

Which of the following sampling methods is the MOST appropriate for testing automated invoice
authorization controls to ensure that exceptions are not made for specific users?

a. Variable sampling
b. Judgmental sampling
c. Stratified random sampling

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller dennys. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79271 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.49
  • (0)
  Add to cart