CISA Domain 1: The Process Of Auditing Information
CISA Domain 1: The Process of Auditing Information
Tentamen (uitwerkingen)
CISA Domain 1: The Process of Auditing Information Systems Comprehensive Questions and Answers
24 keer bekeken 0 keer verkocht
Vak
CISA Domain 1: The Process of Auditing Information
Instelling
CISA Domain 1: The Process Of Auditing Information
Which of the following forms of evidence would an IS auditor consider the MOST reliable?a. An internally generated computer accounting report b. An oral statement from the auditee c. The results of a test performed by an external IS auditor d. A confirmation letter received from an outside source, ...
CISA Domain 1: The Process of Auditing Information
CISA Domain 1: The Process of Auditing Information
Verkoper
Volgen
dennys
Ontvangen beoordelingen
Voorbeeld van de inhoud
,CISA Domain 1: The Process of Auditing In-
formation Systems
Which of the following forms of evidence would an IS auditor consider the MOST reliable?
a. An internally generated computer accounting report
b. An oral statement from the auditee
c. The results of a test performed by an external IS auditor
d. A confirmation letter received from an outside source - Ans c - the results of a test performed by
an outside source
An independent test that is performed by an IS auditor should always be considered a more reliable
source of evidence than a confirmation letter from a third party, because the letter is the result of an
analysis of the process and may not be based on authoritative audit techniques. An audit should
consist of a combination of inspection, observation and inquiry by an IS auditor as determined by
risk. This provides a standard methodology and reasonable assurance that the controls and test re-
sults are accurate.
An IS auditor discovers that devices connected to the network are not included in a network dia-
gram that had been used to develop the scope of the audit. The chief information officer explains
that the diagram is being updated and awaiting final approval. The IS auditor should FIRST:
a. expand the scope of the IS audit to include the devices that are not on the network diagram.
b. evaluate the impact of the undocumented devices on the audit scope.
c. note a control deficiency because the network diagram has not been approved.
d. plan follow-up audits of the undocumented devices. - Ans b. evaluate the impact of the undocu-
mented devices on the audit scope.
In a risk-based approach to an IS audit, the scope is determined by the impact the devices will have
on the audit. If the undocumented devices do not impact the audit scope, then they may be excluded
from the current audit engagement. The information provided on a network diagram can vary de-
pending on what is being illustrated—for example, the network layer, cross connections, etc.
Which of the following is MOST important to ensure before communicating the audit findings to
top management during the closing meeting?
a. Risk statement includes an explanation of a business impact.
b. Findings are clearly tracked back to evidence.
c. Recommendations address root causes of findings.
d. Remediation plans are provided by responsible parties. - Ans b. Findings are clearly tracked back
to evidence.
Without adequate evidence, the findings hold no ground; therefore, this must be verified before
communicating the findings.
The MAIN advantage of an IS auditor directly extracting data from a general ledger systems is:
a. reduction of human resources needed to support the audit
b. reduction in the time to have access to the information
c. greater flexibility for the audit department
d. greater assurance of data validity - Ans c. greater flexibility for the audit department
, If the IS auditor executes the data extraction, there is greater assurance that the extraction criteria
will not interfere with the required completeness, and, therefore, all required data will be collected.
Asking IT to extract the data may expose the risk of filtering out exceptions that should be seen by
the auditor. Also, if the IS auditor collects the data, all internal references correlating the various
data tables/elements will be understood, and this knowledge may reveal vital elements to the com-
pleteness and correctness of the overall audit activity.
Which of the following situations could impair the independence of an IS auditor? The IS auditor:
a. implemented specific functionality during the development of an application.
b. designed an embedded audit module for auditing an application.
c. participated as a member of an application project team and did not have operational responsibili-
ties.
d. provided consulting advice concerning application good practices. - Ans a. implemented specific
functionality during the development of an application.
Independence may be impaired if an IS auditor is, or has been, actively involved in the develop-
ment, acquisition and implementation of the application system.
An IS auditor who was involved in designing an organization's business continuity plan (BCP) has
been assigned to audit the plan. The IS auditor should:
a. decline the assignment.
b. inform management of the possible conflict of interest after completing the audit assignment.
c. inform the BCP team of the possible conflict of interest prior to beginning the assignment.
d. communicate the possibility of conflict of interest to audit management prior to starting the as-
signment. - Ans D. communicate the possibility of conflict of interest to audit management prior to
starting the assignment.
A possible conflict of interest, likely to affect the IS auditor's independence, should be brought to
the attention of management prior to starting the assignment.
The vice president of human resources has requested an IS audit to identify payroll overpayments
for the previous year. Which would be the BEST audit technique to use in this situation?
a. Generate sample test data
b. Generalized audit software
c. Integrated test facility
d. Embedded audit module - Ans B. Generalized audit software
This features include mathematical computations, stratification, statistical analysis, sequence check-
ing, duplicate checking and re-computations. An IS auditor, using generalized audit software, can
design appropriate tests to recompute the payroll, thereby determining whether there were overpay-
ments and to whom they were made
Which of the following sampling methods is the MOST appropriate for testing automated invoice
authorization controls to ensure that exceptions are not made for specific users?
a. Variable sampling
b. Judgmental sampling
c. Stratified random sampling
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper dennys. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €9,27. Je zit daarna nergens aan vast.