CISA: Domain #2, Part A: IT Governance
All documents for this subject (37)
Seller
Follow
lydiaomutho
Content preview
Cisa - Execution 1-3
An IS auditor is reviewing access to an application to determine whether recently added
accounts were appropriately authorized. This is an example of:
a. variable sampling.
b. substantive testing.
c. compliance testing.
d. stop-or-go sampling. - ANS-C
This determines whether controls are being applied in compliance with policy. This includes
tests to determine whether new accounts were appropriately authorized.
The decisions and actions of an IS auditor are MOST likely to affect which of the following types
of risk?
a. Inherent
b. Detection
c. Control
d. Business - ANS-b.
This is directly affected by the IS auditor's selection of audit procedures and techniques.
Detection risk is the risk that a review will not detect or notice a material issue.
Which audit technique provides the BEST evidence of the segregation of duties in an IT
department?
a. Discussion with management
b. Review of the organization chart
c. Observation and interviews
d. Testing of user access rights - ANS-C
Based on the observations and interviews, the IS auditor can evaluate the segregation of duties.
By observing the IT staff performing their tasks, an IS auditor can identify whether they are
performing any incompatible operations. By interviewing the IT staff, the auditor can get an
overview of the tasks performed.
Which of the following forms of evidence would an IS auditor consider the MOST reliable?
a. An oral statement from the auditee
b. The results of a test performed by an external IS auditor
c. An internally generated computer accounting report
d. A confirmation letter received from an outside source - ANS-B
An independent test that is performed by an IS auditor should always be considered a more
reliable source of evidence than a confirmation letter from a third party, because the letter is the
, result of an analysis of the process and may not be based on authoritative audit techniques. An
audit should consist of a combination of inspection, observation and inquiry by an IS auditor as
determined by risk. This provides a standard methodology and reasonable assurance that the
controls and test results are accurate.
The BEST method of confirming the accuracy of a system tax calculation is by:
a. review and analysis of the source code of the calculation programs.
b. recreating program logic using generalized audit software to calculate monthly totals.
c. preparing simulated transactions for processing and comparing the results to predetermined
results.
d. automatic flowcharting and analysis of the source code of the calculation programs. - ANS-C
This is the best method for confirming the accuracy of a tax calculation.
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling,
when:
a. the probability of error must be objectively quantified.
b. the auditor wants to avoid sampling risk.
c. generalized audit software is unavailable.
d. the tolerable error rate cannot be determined. - ANS-A
Given an expected error rate and confidence level, statistical sampling is an objective method of
sampling, which helps an IS auditor determine the sample size and quantify the probability of
error (confidence coefficient).
In the process of evaluating program change controls, an IS auditor would use source code
comparison software to:
a. examine source program changes without information from IS personnel.
b. detect a source program change made between acquiring a copy of the source and the
comparison run.
c. identify and validate any differences between the control copy and the production program.
d. ensure that all changes made in the current source copy are tested. - ANS-A
When an IS auditor uses a source code comparison to examine source program changes
without information from IS personnel, the IS auditor has an objective, independent and
relatively complete assurance of program changes, because the source code comparison
identifies the changes.
Which of the following audit techniques would BEST help an IS auditor in determining whether
there have been unauthorized program changes since the last authorized program update?
a. Test data run
b. Code review
c. Automated code comparison
d. Review of code migration procedures - ANS-C
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.