CISA Exam Information System Auditing Process 96 Questions with Verified Answers,100% CORRECT

CISA Exam Information System Auditing Process 96 Questions with Verified Answers A primary benefit derived for an organization employing control self-assessment techniques is that it: - CORRECT ANSWER Can identify high-risk areas that might need a detail review later Control self-assessment (CSA) is predicated on the review of high-risk areas that either need immediate attention or may require a more thorough review later During a security audit of IT processes, an IS auditor found that documented security procedures did not exist. The IS Auditor should: - CORRECT ANSWER Identify and evaluate existing practices One of the main objectives of an audit is to identify potential risk; therefore, the most proactive approach is to identify and evaluate the existing security practices being followed by the organization and submit the findings and risk to management, with recommendations to document the current controls or enforce the documented procedures When developing a risk management program, what is the FIRST activity to be performed? - CORRECT ANSWER Inventory of Assets. Identification of the assets to be protected is the first step in the development of a risk management program. An IS auditor who has discovered unauthorized transactions during review of electronic data interchange (EDI) transactions is likely to recommend improving the: - CORRECT ANSWER Authentication techniques for sending and receiving messages They play a key role in minimizing exposure to unauthorized transactions A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface to provide for efficient data mapping? - CORRECT ANSWER Functional acknowledgements Acting as an audit trail for electronic data interchange transactions, functional acknowledgements are one of the main controls used in data mapping Which of the following represents the GREATEST potential risk in an EDI environment? - CORRECT ANSWER Lack of transaction authorizations Because the interaction between parties is electronic, there is no inherent authorization occurring; therefore, lack of transaction authorization is the greatest risk The success of control self-assessment depends highly on: - CORRECT ANSWER line managers assuming a portion of the responsibility for control monitoring. The primary objective of a CSA program is to leverage the internal audit function by shifting some of the control monitoring responsibilities to the functional area line managers. The success of a CSA program depends on the degree to which line managers assume responsibility for controls. This enables line managers to detect and respond to control errors promptly An IS auditor performing an audit of the risk assessment should first confirm that: - CORRECT ANSWER Assets have been identified and ranked Identification and ranking of information assets will set the tone or scope of how to asses risk in relation to the organization value of the asset An appropriate control for ensuring the authenticity of orders received in an electronic data interchange system application is to: - CORRECT ANSWER Verify the identity of senders and determine if orders correspond to contract terms. An EDI system is subject not only to to the usual risk exposures of computer systems but also to those arising from the potential ineffectiveness of controls on the part of the trading partner and 3rd party service provider, making authentication of users and messages a major security concern. When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of: - CORRECT ANSWER Improper transaction authorization For most among the risk associated with EDI is improper transaction authorization, Because the interaction with the parties is electronic, there is no inherent authentication. Improper authentication poses a serious risk of financial loss. An organization's IS audit charter should specify the: - CORRECT ANSWER Role of the IS audit function An IS audit charter establishes the role of the information system audit function. The charter should describe the overall authority, scope and responsibilities of the audit function. It should be approved by the highest level of a management and, if available, by the audit committee. While evaluating software development practices in an organization, an IS auditor notes that the quality assurance (QA) function reports to project management. The MOST important concern for an IS auditor is the: - CORRECT ANSWER Effectiveness of the QA function because it should interact between project management and user management. To be effective, the quality assurance (QA) function should be independent of project management. If it is not, project management may put pressure on the QA function to approve an inadequate product. An IS auditor should ensure that review of online electronic funds transfer reconciliation procedures should include: - CORRECT ANSWER Tracing This is a transaction reconciliation effort that involves following the transaction from the original source to its final destination. In electronic funds transfer transactions, the direction on tracing may start from the customer-printed copy of the receipt, proceed to checking the system audit trails and logs, and end with checking the master file records for daily transactions. An IS auditor is reviewing a software application that is built on the principles of service-oriented architecture. What is the INITIAL step? - CORRECT ANSWER Understanding services and their allocation to business processes by reviewing the service repository documentation. A service-oriented architecture relies on the principles of a distributed environment in which services encapsulate business logic as a black box and might be deliberately combined to depict real-world business processes. Before reviewing services in detail, it is essential for the IS auditor to comprehend the mapping of business processes to services. During a compliance audit of a small bank, the IS auditor notes that both the IT and accounting functions are being performed by the same user of the financial system. Which of the following reviews conducted by the user's supervisor would represent the BEST compensating control? - CORRECT ANSWER Computer log files that show individual transactions Computer logs record the activities of individuals during their access to a computer system or data file and record any abnormal activities, such as the modification or deletion of financial data. For a retail business with a large volume of transactions, which of the following audit techniques is the MOST appropriate for addressing emerging risk? - CORRECT ANSWER Continuous auditing The implementation of continuous auditing enables a real-time feed of information to management through automated reporting processes so that management may implement corrective actions more quickly Which of the following is the FIRST step performed prior to creating a risk ranking for the annual internal IS audit plan? - CORRECT ANSWER Define the audit universe. In a risk-based audit approach, the IS auditor identifies risk to the organization based on the nature of the business. To plan an annual audit cycle, the types of risk must be ranked. To rank the types of risk, the auditor must first define the audit universe by considering the IT strategic plan, organizational structure and authorization matrix. The MOST effective audit practice to determine whether the operational effectiveness of controls is properly applied to transaction processing is: - CORRECT ANSWER substantive testing Among other methods, such as document review or walkthrough, tests of controls are the most effective procedures to assess whether controls accurately support operational effectiveness. Which of the following is the MAIN reason to perform a risk assessment in the planning phase of an IS audit? - CORRECT ANSWER To provide reasonable assurance material items will be addressed A risk assessment helps to focus the audit procedures on the highest risk areas included in the scope of the audit. The concept of reasonable assurance is also important. An IS auditor notes that failed login attempts to a core financial system are automatically logged and the logs are retained for a year by the organization. This logging is: - CORRECT ANSWER not an adequate control. Generation of an activity log is not a control by itself. It is the review of such a log that makes the activity a control (i.e., generation plus review equals a control). An IS auditor reviewing the process of log monitoring wants to evaluate the organization's manual review process. Which of the following audit techniques would the auditor MOST likely employ to fulfill this purpose? - CORRECT ANSWER Walk-through These procedures usually include a combination of inquiry, observation, inspection of relevant documentation and re-performance of controls. A walkthrough of the manual log review process follows the manual log review process from start to finish to gain a thorough understanding of the overall process and identify potential control weaknesses. Which of the following is MOST important for an IS auditor to understand when auditing an e-commerce environment? - CORRECT ANSWER The nature and criticality of the business process supported by the application. The e-commerce application enables the execution of business transactions. Therefore, it is important to understand the nature and criticality of the business process supported by the e-commerce application to identify specific controls to review. When performing a risk analysis, the IS auditor should FIRST: - CORRECT ANSWER identify the organization's information assets The first step of the risk assessment process is to identify the systems and processes that support the business objectives because risk to those processes impacts the achievement of business goals. As part of audit planning, an IS auditor is designing various data validation tests to effectively detect transportation and transcription errors. Which of the following will BEST help in detecting these errors? - CORRECT ANSWER Check digit A check digit is a numeric value that has been calculated mathematically and is added to data to ensure that original data have not been altered or that an incorrect, but valid, match has occurred. The check digit control is effective in detecting transportation and transcription errors. Which of the following is the PRIMARY purpose of a risk-based audit? - CORRECT ANSWER Material areas are addressed first. Material risk is audited according to the risk ranking, thus enabling the audit team to concentrate on high-risk areas first. During an IS audit, which is the BESTY method for an IS auditor to evaluate the implementation of segregation of duties within an IT department? - CORRECT ANSWER Discuss it with the IT managers Discussing the implementation of segregation of duties with the IT managers is the best way to determine how responsibilities are assigned within the department A substantive test to verify that tape library inventory records are accurate is: - CORRECT ANSWER conducting a physical count of the tape inventory. A substantive test includes gathering evidence to evaluate the integrity (i.e., the completeness, accuracy and validity) of an individual transactions, data or other information. Conducting a physical count of the tape inventory is a substantive test. Which of the following BEST ensures the effectiveness of controls related to interest calculation for an accounting system? - CORRECT ANSWER Re-performance To ensure the effectiveness of controls, it is most effective to conduct re-performance. When the same result is obtained after the performance by an independent person, this provides the strongest assurance. Which of the following is the MOST important skill that an IS auditor should develop to understand the constraints of conducting an audit? - CORRECT ANSWER project management Audits often involve resource management, deliverables, scheduling and deadlines that are similar to project management good practices An iS auditor is determining the appropriate sample size testing the existence of program change approvals. Previous audits did not indicate any exceptions, and management has confirmed that no exceptions have been reported for the review period. In this context, the IS auditor can adopt a: - CORRECT ANSWER Lower confidence coefficient, resulting in a smaller sample size. When internal controls are strong, a lower confidence coefficient can be adopted, which will enable the use of a smaller sample size. An internal IS audit function is planning a general IS audit. Which of the following activities takes place during the FIRST step of the planning phase? - CORRECT ANSWER Development of a risk assessment A risk assessment should be performed to determine how internal audit resources should be allocated to ensure that all material items will be addressed An IS auditor finds that the answers received during an interview with a payroll clerk do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should: - CORRECT ANSWER expand the scope to include substantive testing. If the answers provided to an IS auditor's questions are not confirmed by documented procedures or job descriptions, the IS auditor should expand the scope of testing the controls and include additional substantive tests. An IS auditor wants to determine the effectiveness of managing user access to a server room. Which of the following is the BEST evidence of effectiveness? - CORRECT ANSWER Observation of a logged event Observation. Of the process to reset an employee's security access to the server room and the subsequent logging of this event provide the best evidence of the adequacy of the physical security control. Which of the following is MOST important to ensure before communicating the audit findings to top management during the closing meeting? - CORRECT ANSWER Findings are clearly tracked back to evidence Without adequate evidence, findings hold no ground; therefore, this must be verified before communicating the findings. Which of the following forms of evidence would an IS auditor consider the MOST reliable? - CORRECT ANSWER The results of a test performed by an external IS auditor An independent test that is performed by an IS auditor should always be considered a more reliable source of evidence than a confirmation letter from a third party, because the letter is the result an analysis of the process and may not be based on authoritative audit techniques. An audit should consist of a combination of inspection, observation and an inquiry by an IS auditor as determined by risk. This provides a standard methodology and reasonable assurance that the controls and test results are accurate. The MOST appropriate action for an IS auditor to take when shared user accounts are discovered is to: - CORRECT ANSWER Document the finding and explain the risk of using shared IDs. An IS auditor's role is to detect and document findings and control deficiencies. Part of the audit report is to explain the reasoning behind the findings. The use of shared IDs is not recommended because it does not allow for accountuntability of transactions. An IS auditor defers to management to decide how to respond to the findings. An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization discovered the following: - CORRECT ANSWER A manager coordinates the creation of a new or revised plan within a defined time limit. The primary concern is to establish a workable disaster recovery plan (DRP) that reflects current processing volumes to protect the organization from any disruptive incident. When evaluating the collective effect of preventive, detective and corrective controls within a process, an IS auditor should be aware of which of the following? - CORRECT ANSWER The point at which controls are exercised as data flow through the system An IS auditor should focus on when controls are exercised as data flow through a computer system. Which of the following will MOST sucessfully identify overlapping key controls in business application systems? - CORRECT ANSWER Replacing manual monitoring with an automated auditing solution As part of the effort to realize continuous audit management, there are cases for introducing an automated monitoring and auditing solution. All key controls need to be clearly aligned for systematic implementation; thus, analysts can discover unnecessary or overlapping key controls in existing systems. Which of the following sampling methods would be the MOST effective to determine whether purchase orders issued to vendors have been authorized as per the authorization matrix? - CORRECT ANSWER Attribute sampling This is the method used for compliance testing. In this scenario, the operation of a control is being evaluated, and therefore, the attribute of whether each purchase order was correctly authorized would be used to determine compliance with the control. An IS auditor reviews one day of logs for a remotely managed server and finds one case where logging failed, and the backup restarts cannot be confirmed. What should the IS auditor do? - CORRECT ANSWER Expand the sample of logs reviewed IS Audit and Assurance Standards require that an IS auditor gather sufficient and appropriate audit evidence. The IS auditor has found a potential problem and now needs to determine whether this is an isolated incident or a systematic control failure. An IS auditor discovers a potential material finding. The BEST course of action is to: - CORRECT ANSWER Perform additional testing The IS auditor should perform additional testing to ensure that it is a finding. An auditor can quickly lose credibility if it is later discovered the finding was not justified or accurate. The purpose of a checksum on an amount field in an electronic data interchange communication of financial transactions is to ensure: - CORRECT ANSWER integrity A checksum that is calculated on an amount field and included in the electronic data interchange communication can be used to identify unauthorized modifications. Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated? - CORRECT ANSWER Compensating controls These are internal controls that are intended to reduce the risk of an existing or potential control weakness that may arise when duties cannot be appropriately segregated. An external IS auditor discovers that systems in the scope of the audit were implemented by an associate. In such a circumstance, IS audit management should: - CORRECT ANSWER disclose the issue to the client. In circumstances in which the IS auditor's independence is impaired and the IS continues to be associated with the audit, the facts surrounding the issue of the IS auditor's independence should be disclosed to the appropriate management and in the report. The extent to which data will be collected during an IS audit should be determined based on the: - CORRECT ANSWER Purpose and scope of the audit being done. The extent to which data will be collected during an IS audit should be related directly to the scope and purpose of the audit. An IS audit with a narrow purpose and scope, or just a high-level review, will most likely require less data collection than an audit with a wider purpose and scope. The final decision to include a material finding in an audit report should be made by the : - CORRECT ANSWER IS auditor The IS auditor should make the final decision about what to include or exclude from the audit report An IS auditor should use statistical sampling and not judgmental (non statistical) sampling, when: - CORRECT ANSWER The probability of error must be objectively quantified. Given an expected error rate and confidence level, statistical sampling is an objective method of sampling, which helps an IS auditor determine the sample size and quantify the probability of error (confidence coefficient) The vice president of human resources has requested an IS audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation? - CORRECT ANSWER Generalized audit software Generalized audit software features include mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking and re-computations. An IS auditor, using generalized audit software, can design appropriate tests to recompute the payroll, thereby determining whether there were overpayments and to whom they were made. An IS auditor is carrying out a system configuration review. Which of the following would be the BEST evidence in support of the current system configuration settings? - CORRECT ANSWER Standard report with configuration values retrieved from the system by the IS auditor Evidence that is obtained directly from the source by an IS auditor is more reliable than information that is provided by a system administrator or a business owner, because the IS auditor does not have a vested interest in the outcome of the audit. Which of the following should an IS auditor use to detect duplicate invoice records within an invoice master file? - CORRECT ANSWER computer assisted audit techniques These enable the IS auditor to review the entire invoice file to look for those items that meet the selection criteria. An IS auditor is comparing equipment in production with inventory records. This type of testing is an example of: - CORRECT ANSWER Substantive Testing This obtains audit evidence on the completeness, accuracy or existence of activities or transactions during the audit period. The internal IS audit team is auditing controls over sales returns and is concerned about fraud. Which of the following sampling methods would BEST assist the IS auditors? - CORRECT ANSWER Discovery This is used when an IS auditor is trying to determine whether a type of event has occurred. Therefore, it is suited to assess the risk of fraud and to identify whether a single occurrence has taken place. When selecting audit procedures, an IS auditor should use professional judgment to ensure that: - CORRECT ANSWER sufficient evidence will be collected. Procedures are processes that an IS auditor may follow in an audit engagement. In determining the appropriateness of any specific procedure, an IS auditor should use professional judgment that is appropriate to the specific circumstances. Professional judgment involves a subjective and often qualitative evaluation of conditions arising during an audit. Judgment addresses a grey area where binary (yes/no) decisions are not appropriate, and the IS auditor's past experience plays a key role in making a judgment. The IS auditor should use judgment in assessing the sufficiency of evidence to be collected. ISACA's guidelines provide information on how to meet the standards when performing IS audit work. When testing program change requests for a remote system, an IS auditor finds that the number of changes available for sampling would not provide a reasonable level of assurance. What is the MOST appropriate action for the IS auditor to take? - CORRECT ANSWER Develop an alternate testing procedure If a sample-size objective cannot be met with the given data, the IS auditor cannot provide assurance regarding the testing objective. In this instance, the IS auditor should develop (with audit management approval) an alternate testing procedure. The decisions and actions of an IS auditor are MOST likely to affect which of the following types of risk? - CORRECT ANSWER detection This is directly affected by the IS auditor's selection of audit procedures and techniques. Detection risk is the risk that a review will not detect or notice a material issue. In the process of evaluating program change controls, an IS auditor would use source code comparison software to: - CORRECT ANSWER examine source program changes without information from IS personnel. When an IS auditor uses a source code comparison to examine source program changes without information from IS personnel, the IS auditor has an objective, independent and relatively complete assurance of program changes, because the source code comparison identifies the changes Which of the following audit techniques would BEST help an IS auditor in determining whether there have been unauthorized program changes since the last authorized program update? - CORRECT ANSWER Automated code comparison This is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is an automated procedure. Which of the following is a PRIMARY objective of embedding an audit module while developing online application systems? - CORRECT ANSWER To collect evidence while transactions are processed Embedding a module for continuous auditing within an application processing a large number of transactions provides timely collection of audit evidence during processing and is the primary objective. The continuous auditing approach allows the IS auditor to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer Audit Charter - CORRECT ANSWER outline the overall authority, scope and responsibilities of the audit function The audit charter should state management's objectives for and delegation of authority to IS audit. Should be approved at the highest levels of management, and should outline the overall authority scope, and responsibilities of the audit function. Should not significantly change over time. Audit Planning - CORRECT ANSWER establish overall audit strategy; detail specific procedures to be carried out cover audit universe (all processes that may be considered for audit) address risk factor (frequency/business impact) analysis of issues updated annually to consider changes in risk environment, technology, etc eCommerce Risks - CORRECT ANSWER Confidentiality (of customer information) Integrity (of data transit/storage) Availability (24/7 service) Authentication/nonrepudiation (of parties involved, identities) Power Shift to Customers (low switching costs for consumers) EDI (electronic data interchange) - CORRECT ANSWER A set of standards for exchanging messages containing formatted data between computer applications. Auditor role is to ensure that all inbound EDI transactions are received accurately, passed to an application, processed only once ICS (Industrial Control System) - CORRECT ANSWER A general term used to describe industrial control systems such as supervisory control and data acquisition (SCADA) systems. KB (Knowledge Base) - CORRECT ANSWER information about specific subject matter; can be expressed using decision trees, rules, semantic nets SCM (Supply Chain Management) - CORRECT ANSWER The management of information flows between and among activities in a supply chain to maximize total supply chain effectiveness and profitability. Entities can work collaboratively and in real time. CRM (Customer Relationship Management) - CORRECT ANSWER involves managing all aspects of a customer's relationship with an organization to increase customer loyalty and retention and an organization's profitability. Operational (maxi. customer experience/data on interactions) vs. analytical (analyze info on customers) Effective control - CORRECT ANSWER prevents, detects, enables recovery from risk event Control Objectives - CORRECT ANSWER -Improve effectiveness/efficiency of operations -increase reliability of financial reporting -comply with laws, regulations, and contractual obligations -safeguarding assets Preventive Controls - CORRECT ANSWER deter problems before they arise, monitor operations/inputs Detective Controls - CORRECT ANSWER detect/report occurrence of an error, omission, or malicious act Corrective Controls - CORRECT ANSWER Minimize impact of threat, remedy problems discovered by controls, identify cause of problem, correct errors arising from problems IS Control Objectives - CORRECT ANSWER -stmt of desired result/purpose achieved thru implementing controls -policies, procedures, practices gives reasonable assurance that business objectives will be achieved Compensating Controls - CORRECT ANSWER control procedures that compensate for the deficiency in other controls, a stronger control supports a weaker pne Overlapping Control - CORRECT ANSWER two strong controls that complement each other Compliance vs Substantive Testing - CORRECT ANSWER Test of controls designed to obtain audit evidence on both effectiveness of controls/their operations vs. obtaining evidence on completeness, accuracy, or existence of activities in audit period Audit Risk - CORRECT ANSWER risk that information collected may contain a material error that goes undetected during course of the audit objective in forming audit approach is to limit audit risk in area under scrutiny so that overall audit risk is at a low level at completion of examination Inherent Risk - CORRECT ANSWER risk level/exposure of the process/entity to be audited without considering the controls mgmt has implemented. exists independent of audit; can occur due to nature of business Control Risk - CORRECT ANSWER the risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls. Detection Risk - CORRECT ANSWER the risk that material errors or misstatements that have occurred will not be detected by the IS auditor Risk-Based Audit Approach - CORRECT ANSWER Gather Info/Plan - Obtain Understanding of Internal Control - Perform Compliance Tests - Perform Substantive Test - Conclude the Audit Risk Mitigation - CORRECT ANSWER applying appropriate controls to reduce the risk Risk Acceptance - CORRECT ANSWER knowingly/objectively not taking action (if risk satisfies org policy for risk acceptance) accept the potential risk, continue operating with no controls, and absorb any damages that occur Risk Avoidance - CORRECT ANSWER avoiding an act that would create a risk Risk Sharing - CORRECT ANSWER Allocating ownership of a risk to another party (e.g. insurers, suppliers) Risk - CORRECT ANSWER Combination of the probability of an event and its consequences. IS Audit - CORRECT ANSWER designed to collect and evaluate evidence to determine if an IS and related resources are adequately safeguarded/protected; maintain data/system integrity and availability; provide relevant/reliable info; achieve organizational goals/consume resources efficiently; have internal controls that provide reasonable assurance that business/operational/control objectives will be met and undesired events will be prevented/detected/corrected Compliance Audit - CORRECT ANSWER test of controls to show adherence to regulatory or industry-specific standards/practices. often overlap other types of audits but may focus on more particular systems/data Financial Audit - CORRECT ANSWER assesses accuracy of financial reporting, has detailed substantive testing, increasing emphasis on risk/control-based audit approach. relates to financial information integrity/reliability Operational Audit - CORRECT ANSWER designed to evaluate internal control structure in a given process/area, EXAMPLE: IS audit of application controls or logical security systems Integrated Audit - CORRECT ANSWER typically combines financial and operational audit steps, may or may not include use of IS auditor. also assess overall objectives for organization related to financial info and asset safeguarding, efficiency and compliance. Administrative Audit Specialized Audit Computer Forensic Audit Functional Audit - CORRECT ANSWER -assess issues related to efficiency of operational productivity in an organization -third-party service audits, fraud audit (discover fraudulent activity), forensic audit (discover, follow up on fraud/crime, develop evidence for use by law enforcement) -analysis of electronic devices/hubs -independent evaluation of software products, verifying functionality and performance are consistent with requirements, held prior to software delivery or after implementation Directive Control - CORRECT ANSWER A type of control that is proactive and that causes or encourages a desirable event to occur; examples include guidelines, training programs, incentive plans. CAAT - CORRECT ANSWER Computer-assisted auditing techniques (CAATs) are tools used for accessing data in an electronic form from diverse software environments, record formats, etc. CAATs serve as useful tools for collecting and evaluating audit evidence according to audit objectives and can create efficiencies for collecting this evidence. Attribute Sampling - CORRECT ANSWER Sampling model used to estimate the rate of occurrence of a specific quality in a population. Answers the question of "how many" Types: Stop-or-go Sampling - Used when the expected occurrence rate is extremely low. Sampling model that helps prevent excessive sampling of an attribute by allowing an audit test to be stopped at the earliest possible moment. Discovery Sampling - Sampling model that can be used when the expected occurrence rate is extremely low. Used when the objective of the audit is to seek out fraud, circumvention of regulations or other irregularities. Variable Sampling - CORRECT ANSWER Technique used to estimate the monetary value or some other unit of measure of a population from a sample portion. Types: Stratified mean per unit - Statistical model in which the population is divided into groups and samples are drawn from the various groups; used to produce a smaller overall sample size than unstratified mean per unit Unstratified mean per unit - A statistical model in which a sample mean is calculated and projected as an estimated total Difference Estimation - Statistical model used to estimate the total difference between audited values and book values based on differences obtained from sample observations.