1 | P a g e | © copyright 2024/2025 | Grade A+
CISA Study Guide Questions & 100%
Correct Answers
Most important step in risk analysis is to identify
a. Competitors
b. controls
c. vulnerabilities
d. liabilities
✓ :~~ c. vulnerabilities
In a risk based audit planning, an IS auditor's first step is to identify:
a. responsibilities of stakeholders
b. high-risk areas within the organization
c. cost centre
d. profit centre
✓ :~~ b. high-risk areas within the organization
When developing a risk-based audit strategy, an IS auditor should conduct a risk
assessment to ensure that:
Master01 | September, 2024/2025 | Latest update
, 2 | P a g e | © copyright 2024/2025 | Grade A+
a. segregation of duties to mitigate risks is in place
b. all the relevant vulnerabilities and threats are identified
c. regularity compliance is adhered to
d. business is profitable
✓ :~~ b. all the relevant vulnerabilities and threats are identified
IS auditor identified certain threats and vulnerabilities in a business process. Next,
an IS auditor should:
a. identify stakeholder for that business process
b. identifies information. assets and the underlying systems
c. discloses the threats and impacts to management
d. identifies and evaluates the existing controls
✓ :~~ d. identifies and evaluates the existing controls
Major advantaged of risk based approach for audit planning is:
a. Audit planning can be communicated to client in advance
b. Audit activity can be completed within allotted budget
c. use of latest technology for audit activities
Master01 | September, 2024/2025 | Latest update
, 3 | P a g e | © copyright 2024/2025 | Grade A+
d. Appropriate utilisation of resources for high risk areas
✓ :~~ d. Appropriate utilisation of resources for high risk areas
While determining the appropriate level of protection for an information asset an
IS auditor should primarily focus on:
a. Criticality of information assets
b. cost of information assets
c. Owner of information asset
d. result of vulnerability assessment
✓ :~~ a. Criticality of information assets
The decisions and actions of an IS auditor are MOST likely to affect which of the
following risks?
a. Inherent
b. Detection
c. Control
d. Business
✓ :~~ b. Detection
Master01 | September, 2024/2025 | Latest update
, 4 | P a g e | © copyright 2024/2025 | Grade A+
The risk of an IS auditor certifying existence of proper system and procedures
without using an inadequate test procedure is an example of:
a. internet risk
b. control risk
c. detection risk
d. audit risk
✓ :~~ c. Detection risk
Overall business risk for a particular threat can be expressed as:
a. a product of the probability. and impact
b. probability of occurrence
c. magnitude of impact
d. assumption of the risk assessment team
✓ :~~ a. a product of the probability. and impact
An IS auditor is evaluating management's risk assessment of information systems.
The IS auditor should FIRST review:
a. the controls already in place
Master01 | September, 2024/2025 | Latest update
CISA Study Guide Questions & 100%
Correct Answers
Most important step in risk analysis is to identify
a. Competitors
b. controls
c. vulnerabilities
d. liabilities
✓ :~~ c. vulnerabilities
In a risk based audit planning, an IS auditor's first step is to identify:
a. responsibilities of stakeholders
b. high-risk areas within the organization
c. cost centre
d. profit centre
✓ :~~ b. high-risk areas within the organization
When developing a risk-based audit strategy, an IS auditor should conduct a risk
assessment to ensure that:
Master01 | September, 2024/2025 | Latest update
, 2 | P a g e | © copyright 2024/2025 | Grade A+
a. segregation of duties to mitigate risks is in place
b. all the relevant vulnerabilities and threats are identified
c. regularity compliance is adhered to
d. business is profitable
✓ :~~ b. all the relevant vulnerabilities and threats are identified
IS auditor identified certain threats and vulnerabilities in a business process. Next,
an IS auditor should:
a. identify stakeholder for that business process
b. identifies information. assets and the underlying systems
c. discloses the threats and impacts to management
d. identifies and evaluates the existing controls
✓ :~~ d. identifies and evaluates the existing controls
Major advantaged of risk based approach for audit planning is:
a. Audit planning can be communicated to client in advance
b. Audit activity can be completed within allotted budget
c. use of latest technology for audit activities
Master01 | September, 2024/2025 | Latest update
, 3 | P a g e | © copyright 2024/2025 | Grade A+
d. Appropriate utilisation of resources for high risk areas
✓ :~~ d. Appropriate utilisation of resources for high risk areas
While determining the appropriate level of protection for an information asset an
IS auditor should primarily focus on:
a. Criticality of information assets
b. cost of information assets
c. Owner of information asset
d. result of vulnerability assessment
✓ :~~ a. Criticality of information assets
The decisions and actions of an IS auditor are MOST likely to affect which of the
following risks?
a. Inherent
b. Detection
c. Control
d. Business
✓ :~~ b. Detection
Master01 | September, 2024/2025 | Latest update
, 4 | P a g e | © copyright 2024/2025 | Grade A+
The risk of an IS auditor certifying existence of proper system and procedures
without using an inadequate test procedure is an example of:
a. internet risk
b. control risk
c. detection risk
d. audit risk
✓ :~~ c. Detection risk
Overall business risk for a particular threat can be expressed as:
a. a product of the probability. and impact
b. probability of occurrence
c. magnitude of impact
d. assumption of the risk assessment team
✓ :~~ a. a product of the probability. and impact
An IS auditor is evaluating management's risk assessment of information systems.
The IS auditor should FIRST review:
a. the controls already in place
Master01 | September, 2024/2025 | Latest update
