



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
CISA Study Notes CISA Study Notes.
Typology: Exams
1 / 6
This page cannot be seen from the preview
Don't miss anything!




What is the PRIMARY objective of an IS audit? - ANSWERTo provide assurance that IT controls are adequate, effective, and support business objectives What should an auditor do FIRST when planning an audit? - ANSWERConduct a risk assessment to identify high-risk areas What makes audit evidence sufficient? - ANSWERIt is enough in quantity to support the auditor's conclusions What makes audit evidence appropriate? - ANSWERIt is relevant, reliable, and obtained from a credible source What is inherent risk? - ANSWERThe risk that exists before any controls are applied What is control risk? - ANSWERThe risk that existing controls fail to prevent or detect a material error What is detection risk? - ANSWERThe risk that the auditor fails to detect a material error during the audit What is the correct order of the audit process? - ANSWERPlanning โ Fieldwork โ Reporting โ Follow-up
What does independence mean for an IS auditor? - ANSWERThe auditor has no personal, financial, or professional conflict of interest with the area being audited What is the auditor's PRIMARY responsibility when discovering fraud? - ANSWERReport it to management and document findings โ not investigate independently When should an auditor use statistical sampling? - ANSWERWhen results need to be projected to the entire population with measurable confidence What is the difference between audit standards and audit guidelines? - ANSWERStandards are mandatory. Guidelines are recommended best practices. What is a compliance audit? - ANSWERAn audit that checks whether the organisation is following laws, regulations, or policies What is an operational audit? - ANSWERAn audit that evaluates the efficiency and effectiveness of business processes What type of evidence is MOST reliable? - ANSWEREvidence obtained directly by the auditor through observation or re-performance What is re-performance as audit evidence? - ANSWERThe auditor independently re-executes a control to verify it works correctly
Who owns audit working papers? - ANSWERThe audit organisation โ not the client or auditee What is a control objective? - ANSWERA statement of the desired result or purpose a control is meant to achieve What is the difference between a general control and an application control?
What is continuous auditing? - ANSWERAn approach where audit evidence is collected and evaluated on an ongoing, automated basis What is the purpose of a control self-assessment (CSA)? - ANSWERManagement and staff evaluate the effectiveness of their own controls โ facilitated by the auditor What is sampling risk? - ANSWERThe risk that the sample selected does not represent the full population accurately What is attribute sampling used for? - ANSWERTesting whether a control is working โ measuring the rate of deviation What is variable sampling used for? - ANSWEREstimating the value of a population โ used in substantive testing What should an auditor consider when assessing IT general controls? - ANSWERAccess controls, change management, operations, and physical security What is the auditor's responsibility regarding confidentiality of audit findings?