Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A comprehensive overview of the key concepts and principles related to the cisa (certified information systems auditor) exam. It covers a wide range of topics, including the major phases of the audit process, various types of controls and risk assessment, and the role of information technology in modern business operations. Designed to help individuals prepare for the cisa exam by providing a detailed understanding of the core competencies required for this certification. The content is structured in a clear and concise manner, making it an invaluable resource for both aspiring and experienced information systems auditors. Whether you are a university student, a lifelong learner, or a professional seeking to enhance your skills, this document can serve as a valuable study guide and reference material to help you succeed in the cisa exam and excel in the field of information systems auditing.
Typology: Exams
1 / 7
Planning, fieldwork/documentation, and reporting/follow-up - CORRECT ANSWER Major phases of the typical audit process Audit Charter - CORRECT ANSWER An overarching document that covers the entire scope of audit activities in an entire entity. Engagement Letter - CORRECT ANSWER More focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind. Short-Term Planning - CORRECT ANSWER Considers audit issues that will be covered during the year. Long-Term Planning - CORRECT ANSWER Audit plans that will consider risk-related issues regarding changes in the organization's risk-related issues regarding changes in the organization's IT strategic direction that will affect the IT environment. Risk Factors - CORRECT ANSWER Factors that influence the frequency and/or business impact of risk scenarios. Business Process Control Assurance - CORRECT ANSWER Evaluates controls at the process and activity levels. Business to business (B2B) - CORRECT ANSWER Business conducted between organizations. Consumer-to-consumer (C2C) - CORRECT ANSWER Business conducted between customers, primarily using third-party platforms. Single-tier Econmerce Architecture - CORRECT ANSWER Client-based application running on a single computer.
Two-tier Econmerce Architecture - CORRECT ANSWER Composed of the client and the server. Three-tier Econmerce Architecture - CORRECT ANSWER Comprised of the presentation-tier display that user can access directly, application-tier that controls an application's functionality by performing detailed processing, and the data-tier comprises of database servers. Mobile Code - CORRECT ANSWER software transferred between systems (I.e. across a network) and executed on a local system using cross-platform code without explicit installation by the recipient computer. XSL (Extensible Stylesheet Language) - CORRECT ANSWER Defines how an XML document is to be presented. XML Query - CORRECT ANSWER Deals with querying XML format data. XML Encryption - CORRECT ANSWER Deals with encrypting, decrypting, and digitally signing XML documents. loose coupling - CORRECT ANSWER If the format of a web services message changes, the receiving web services will still work. Metadata - CORRECT ANSWER Data about data; the business meaning of the data. Confidentiality - CORRECT ANSWER the act of holding information in confidence, not to be released to unauthorized individuals. integrity - CORRECT ANSWER Ensuring that data has not been altered or deleted in both storage and transit. Availability - CORRECT ANSWER Data is available whenever it is needed and without failure. Authentication and Nonreputation - CORRECT ANSWER All parties in an electronic transaction are trusted before the transaction is executed and ensuring the
parties cannot deny that the transaction was completed and the terms on which it was completed. Top-Level Commitment - CORRECT ANSWER E-commerce can not succeed without a clear vision and strong commitment from the top of an organization. Business Process Reconfiguration - CORRECT ANSWER How technology can reconfigure some of it's basic business processes. Middleware - CORRECT ANSWER Independent software and services that distributed business applications use to share computing resources across heterogenous technologies. Interconnection Agreements - CORRECT ANSWER Prepared prior to an e- commerce agreement; accepting terms of use. Firewall Mechanisms - CORRECT ANSWER Mediate between the private network and the public network (the internet). E-commerce application logs - CORRECT ANSWER Are used to monitor by responsible personnel. Electronic Data Interchange (EDI) - CORRECT ANSWER Replaced traditional paper document exchanges. Translation software - CORRECT ANSWER Helps build a map and shows how the data fields from the application correspond to elements of an EDI standard, later will use the map to convert data back and forth. Traditional EDI processes - CORRECT ANSWER 1. Communications handler
VAN (Value Added Network) - CORRECT ANSWER Computerized message switching and storage to provide electronic mailbox services similar to a post office. EDI interface - CORRECT ANSWER Manipulated and routes data between the application system and the communications handler. Application system - CORRECT ANSWER Processes the data sent to, or received from, the trading partners. Audit Monitors - CORRECT ANSWER Device that can be installed at an EDI workstation to capture transactions as they are received. Expert systems - CORRECT ANSWER Determines the audit significance of transactions and provide a report for the auditor's use. Integrated Manufacturing System (IMS) - CORRECT ANSWER Integrated processing and planning resources used in manufacturing-type environments into one system. interactive Voice Response (IVR) - CORRECT ANSWER A phone technology that allows computers to detect voice and touch tones; can be used to control almost any function in which the interface can be broken down into a series of simple menu choices. Effective Control - CORRECT ANSWER Prevents, detects, and/or contains an incident and enables recovery from a risk event. Control Objective - CORRECT ANSWER An objective of one or more operational area(s) or role(s) to be achieved in order to contribute to the fulfillment of strategic goals. Preventative Controls - CORRECT ANSWER Detect problems before they arise, attempt to predict potential problems and make adjustments. Detective Control - CORRECT ANSWER Will report the occurrence of an error.
Corrective Control - CORRECT ANSWER Minimize the impact of a threat, remedy problems discovered, identify the cause of problems, help minimize future occurrences of the problem. Control Measure - CORRECT ANSWER An activity contributing the the fulfillment of a control objective. Authorization - CORRECT ANSWER Each transaction is authorized and entered only once. Validation - CORRECT ANSWER Each input is validated and will not cause negative impact if the processing of transactions. Accuracy and Completeness - CORRECT ANSWER Transactions are recorded accurately and entered into the system for the proper period. Compensating Control - CORRECT ANSWER One stronger control supports a weaker one. Overlapping Controls - CORRECT ANSWER Two strong controls; either may be adequate, but the two compliment each other. General Controls - CORRECT ANSWER 1. Internal accounting controls
Business risk - CORRECT ANSWER Concerns about the probably effects of an uncertain event on achieving business objectives. Audit Risk - CORRECT ANSWER Risk that information collected may contain material error that may go undetected during the course of the audit. Inherent Risk - CORRECT ANSWER the risk level or exposure of the process/entity to be audited without taking into account the controls that management has implemented. Exists independent of an audit and can occur because of the nature of the business. Control Risk - CORRECT ANSWER risk that a material error exists and would not be prevented or detected on a timely basis by the system of internal controls. Detection Risk - CORRECT ANSWER the risk that material errors or misstatements that have occurred will not be detected by the IS auditor. Overall Audit Risk - CORRECT ANSWER the probability that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred. Statistical Sampling Risk - CORRECT ANSWER the risk that incorrect assumptions are made about the characteristics of a population from which a sample is selected. risk assessment - CORRECT ANSWER Identify, quantify, and prioritize risk against criteria for risk acceptance and objectives relevant to the organization. Risk mitigation - CORRECT ANSWER Applying appropriate controls to reduce the risk Risk Acceptance - CORRECT ANSWER Knowingly and objectively not taking action, provided the risk clearly satisfies the organization's policy and criteria for risk acceptance. Risk Avoidance - CORRECT ANSWER avoiding an act that would create a risk
Risk sharing/transfer - CORRECT ANSWER Transferring the associated risk to other parties (e.g. insurers or suppliers) Risk analysis - CORRECT ANSWER Help identify risk and vulnerabilities so an IS auditor can determine the controls needed to mitigate the risk. Risk - CORRECT ANSWER Combination of the probability of an event and it's consequence. Risk Assessment Process - CORRECT ANSWER Iterative lifecycle that begins with identifying business objectives, information assets, and the underlying systems or information resources that generate, store, use, or manipulate the assets critical to achieving these objectives. Risk Assessment - CORRECT ANSWER Performed to identify vulnerabilities and threatens and determine the probability of occurrence and the resulting impact and additional safeguards that would mitigate this impact to a level acceptable to management. Risk Appetite - CORRECT ANSWER The level of risk that an organization is willing to accept. IS Audit - CORRECT ANSWER