CISA Study Notes CISA Study Notes., Exams of Advanced Education

CISA Study Notes CISA Study Notes.

Typology: Exams

2025/2026

Available from 05/15/2026

samuel_mwiti
samuel_mwiti ๐Ÿ‡บ๐Ÿ‡ธ

9.2K documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 | P a g e
CISA Study Notes CISA Study Notes.
What is the PRIMARY objective of an IS audit? - ANSWERTo provide assurance
that IT controls are adequate, effective, and support business objectives
What should an auditor do FIRST when planning an audit? - ANSWERConduct
a risk assessment to identify high-risk areas
What makes audit evidence sufficient? - ANSWERIt is enough in quantity to
support the auditor's conclusions
What makes audit evidence appropriate? - ANSWERIt is relevant, reliable,
and obtained from a credible source
What is inherent risk? - ANSWERThe risk that exists before any controls are
applied
What is control risk? - ANSWERThe risk that existing controls fail to prevent or
detect a material error
What is detection risk? - ANSWERThe risk that the auditor fails to detect a
material error during the audit
What is the correct order of the audit process? - ANSWERPlanning โ†’
Fieldwork โ†’ Reporting โ†’ Follow-up
pf3
pf4
pf5

Partial preview of the text

Download CISA Study Notes CISA Study Notes. and more Exams Advanced Education in PDF only on Docsity!

CISA Study Notes CISA Study Notes.

What is the PRIMARY objective of an IS audit? - ANSWERTo provide assurance that IT controls are adequate, effective, and support business objectives What should an auditor do FIRST when planning an audit? - ANSWERConduct a risk assessment to identify high-risk areas What makes audit evidence sufficient? - ANSWERIt is enough in quantity to support the auditor's conclusions What makes audit evidence appropriate? - ANSWERIt is relevant, reliable, and obtained from a credible source What is inherent risk? - ANSWERThe risk that exists before any controls are applied What is control risk? - ANSWERThe risk that existing controls fail to prevent or detect a material error What is detection risk? - ANSWERThe risk that the auditor fails to detect a material error during the audit What is the correct order of the audit process? - ANSWERPlanning โ†’ Fieldwork โ†’ Reporting โ†’ Follow-up

What does independence mean for an IS auditor? - ANSWERThe auditor has no personal, financial, or professional conflict of interest with the area being audited What is the auditor's PRIMARY responsibility when discovering fraud? - ANSWERReport it to management and document findings โ€” not investigate independently When should an auditor use statistical sampling? - ANSWERWhen results need to be projected to the entire population with measurable confidence What is the difference between audit standards and audit guidelines? - ANSWERStandards are mandatory. Guidelines are recommended best practices. What is a compliance audit? - ANSWERAn audit that checks whether the organisation is following laws, regulations, or policies What is an operational audit? - ANSWERAn audit that evaluates the efficiency and effectiveness of business processes What type of evidence is MOST reliable? - ANSWEREvidence obtained directly by the auditor through observation or re-performance What is re-performance as audit evidence? - ANSWERThe auditor independently re-executes a control to verify it works correctly

Who owns audit working papers? - ANSWERThe audit organisation โ€” not the client or auditee What is a control objective? - ANSWERA statement of the desired result or purpose a control is meant to achieve What is the difference between a general control and an application control?

  • ANSWERGeneral controls apply across all systems. Application controls apply to specific systems or processes. What is an IS auditor's role during system development? - ANSWERAdvisory โ€” reviewing controls being built in, not making development decisions What is the FIRST step when an auditor identifies a control weakness? - ANSWERDocument the finding and assess its risk impact before reporting What is a finding in an audit report? - ANSWERA specific condition identified during the audit that differs from the expected standard What does an audit opinion express? - ANSWERThe auditor's professional judgement on whether controls are adequate and effective What is a qualified audit opinion? - ANSWERAn opinion that is mostly positive but notes specific exceptions or limitations What is follow-up in the audit process? - ANSWERVerifying that management has implemented the agreed corrective actions from prior audits

What is continuous auditing? - ANSWERAn approach where audit evidence is collected and evaluated on an ongoing, automated basis What is the purpose of a control self-assessment (CSA)? - ANSWERManagement and staff evaluate the effectiveness of their own controls โ€” facilitated by the auditor What is sampling risk? - ANSWERThe risk that the sample selected does not represent the full population accurately What is attribute sampling used for? - ANSWERTesting whether a control is working โ€” measuring the rate of deviation What is variable sampling used for? - ANSWEREstimating the value of a population โ€” used in substantive testing What should an auditor consider when assessing IT general controls? - ANSWERAccess controls, change management, operations, and physical security What is the auditor's responsibility regarding confidentiality of audit findings?

  • ANSWERFindings must only be shared with authorised parties โ€” not disclosed publicly or inappropriately What is due professional care in auditing? - ANSWERApplying the skill and diligence expected of a competent, reasonable auditor