Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CISA Exam 92 Questions with Verified Answers, Exams of Information and Communications Technology (ICT)

A comprehensive set of 92 questions and verified answers related to the certified information systems auditor (cisa) exam. The questions cover a wide range of topics, including the definition of auditing, the isaca code of ethics, audit planning and risk assessment, information security controls, and various types of audits such as compliance, substantive, and statistical sampling. The document aims to help cisa exam candidates prepare for the exam by providing them with a thorough understanding of the key concepts and best practices in information systems auditing. The detailed explanations and rationale behind the correct answers make this document a valuable resource for anyone seeking to enhance their knowledge and skills in this field.

Typology: Exams

2023/2024

Available from 07/27/2024

paul-kamau-2
paul-kamau-2 🇺🇸

2.7

(3)

3.2K documents

1 / 9

Toggle sidebar

Related documents


Partial preview of the text

Download CISA Exam 92 Questions with Verified Answers and more Exams Information and Communications Technology (ICT) in PDF only on Docsity! CISA Exam 92 Questions with Verified Answers What is the definition of audit? - CORRECT ANSWER Auditing is a detailed and specific evaluation of a process, procedure, organization, job function, or system, in which results are gathered and reported. What is the purpose of ethics? - CORRECT ANSWER To mandate the professional and personal conduct of auditors According to the ISACA Code of Ethics is an auditor allowed to share the results of an audit with other personnel? - CORRECT ANSWER The auditor must maintain confidentiality of the audit unless required by legal authority Should the IS audit plan be integrated into the overall audit plan for the organization? - CORRECT ANSWER The IS Audit function must fulfill all organizational audit objectives. An IS Auditor is best advised to follow the standards provided by ISACA for conducting an planning IS Audits - CORRECT ANSWER ISACA audit standards are recommendations for planning IS audits. ISACA Audit standard S2 Independence refers to what? - CORRECT ANSWER An Auditor should be independent of the area being audited Standard S4 Professional Competence, requires the auditor to have the skills to conduct the audit? - CORRECT ANSWER appropriate continuing professional education The basis for an audit plan should be what? - CORRECT ANSWER Risk Audit findings and conclusions are supported by what? - CORRECT ANSWER Evidence When an auditor uses the assistance of outside experts, what obligations does the auditor have to review the work of the experts? - CORRECT ANSWER The auditor must apply additional test procedures if the work of outside experts is not adequate When an auditor is planning an information system audit and suspects a potential control weakness, what are they obligated to do? - CORRECT ANSWER The auditor must consider the materiality of the weakness and plan the audit accordingly. What role does risk assessment have in audit planning? - CORRECT ANSWER Risk assessment is used to determine the priorities for audit and allocation of audit resources. What steps should an auditor take when a material irregularity is discovered? - CORRECT ANSWER The auditor should communicate the irregularity to management in a timely manner What is the risk to an audit if unusual relationships exist between staff members in the area being audited? - CORRECT ANSWER The auditor may be provided inaccurate evidence True or False? Supervision of the information systems audit staff should not be necessary if the staff is adequately trained and experienced - CORRECT ANSWER True Once an audit is completed and submitted does the auditor have any further responsibility? - CORRECT ANSWER Yes, the auditor should follow up to ensure that management addressed any audit issues in a timely manner IT governance means: - CORRECT ANSWER The IT function aligns with business mission, values and objectives Relationships with third parties may: - CORRECT ANSWER Require the organization to comply with the security standards of the third party True or False? The organization does not have to worry about the impact of third party relationships on the security program - CORRECT ANSWER False If the materiality is minimal then: - CORRECT ANSWER It may be ignored The determination of materiality is: - CORRECT ANSWER Based on the judgment of the auditor An example of a preventative control is: - CORRECT ANSWER B) A security policy An example of a detective control is: - CORRECT ANSWER Review of audit logs A corrective control is designed to: - CORRECT ANSWER Restore systems to normal An example of a corrective control is: - CORRECT ANSWER A business continuity plan An organization implements a procedure to control changes to the configuration of an information system. This would be an example of a(n): - CORRECT ANSWER Administrative Control Administrative controls are used to: - CORRECT ANSWER Monitor compliance with policy Internal controls may be: - CORRECT ANSWER either manual or automated The development of an IS Audit strategy will include: - CORRECT ANSWER Identification of controls to be evaluated Once the audit strategy is developed, the auditor will: - CORRECT ANSWER Communicate the strategy to management. What control classification would an auditor use to monitor an organization's internal corporate network in order to report any unauthorized access attempts? - CORRECT ANSWER Detective The audit charter is an important document. What is included in the audit charter? - CORRECT ANSWER The scope of the audit function Developing an audit plan requires the determination of required personnel resources and? - CORRECT ANSWER Arranging for access to the audit area The audit plan must be designed to ensure compliance with laws and regulations, this will require the knowledge of the regulations and? - CORRECT ANSWER A review to ensure management were aware of regulations when developing policies and procedures The audit plan will be based on: - CORRECT ANSWER The stated objectives of the audit The purpose of audit objectives is to establish whether internal controls are minimizing risk and? - CORRECT ANSWER functioning properly A operational audit is designed to test? - CORRECT ANSWER The effectiveness of the organization's internal control environment What is the purpose of a specialized audit? - CORRECT ANSWER A specialized audit tests the services provided by an external organization What is a primary consideration when performing a forensic audit? - CORRECT ANSWER Maintaining proper evidence handling and management techniques What is the purpose of audit planning? - CORRECT ANSWER Audit planning provides a clear overview of the audit before the audit commences What is the most critical step in audit planning? - CORRECT ANSWER Focus on high risk areas How do laws and regulations affect an audit plan? - CORRECT ANSWER The audit plan must be designed to test for compliance with laws and regulations What is the responsibility of the auditor in relation to fraud - CORRECT ANSWER The auditor must always be watchful for fraud while performing an audit Who should be able to see an audit methodology document? - CORRECT ANSWER The audit methodology document is used to communicate with all audit team members When an auditor finds a minor violation of policy or procedures, what should their course of action be? - CORRECT ANSWER Include the violation in the audit report When an auditor finds a problem that is outside the scope of the audit plan, what should be done? - CORRECT ANSWER Consult with audit management about adjusting the scope of the problem An auditor has found a problem and notified management. The problem was immediately fixed. Should the problem be included in the audit report? - CORRECT ANSWER Yes, all material findings should be in the report, but noted as fixed. True or False? An audit that finds no serious issues may not require the preparation of an audit report - CORRECT ANSWER False All data gathered during an audit is considered? - CORRECT ANSWER audit evidence Common methods of gathering information during an audit include: - CORRECT ANSWER Interviewing When using observation as an audit data gathering method, what is an important concern? - CORRECT ANSWER Do not disrupt business operations What is a characteristic of a divisional organization structure? - CORRECT ANSWER Teams operate as separate units within the parent organization What is the advantage of using CAATS to support an audit - CORRECT ANSWER CAATS provide an effective way to collect and analyze data from different electronic systems