CISA Domain 1 Verified Exam Questions
and Answers
An IS auditor is conducting a compliance test to determine whether controls support
management policies and procedures. The test will assist the IS auditor to determine: -
answerThat the control is operating as designed
Compliance tests can be ...
An IS auditor is conducting a compliance test to determine whether controls support
management policies and procedures. The test will assist the IS auditor to determine: -
answer✔✔That the control is operating as designed
Compliance tests can be used to test the existence and effectiveness of a defined process.
Understanding the objective of a compliance test is important. IS auditors want reasonable
assurance that the controls they are relying on are effective. An effective control is one that
meets management expectations and objectives.
When developing a risk management program, what is the first activity to be performed? -
answer✔✔Inventory of assets.
Identification of the assets to be protected is the first step in developing a risk management
program.
The primary purpose of an IT forensic audit is: - answer✔✔The systemic collection and analysis
of evidence after a system irregularity.
Due to resource constraints of the IS audit team, the audit plan as originally approved cannot be
completed. Assuming that the situation is communicated in the audit report, which course of
action is most acceptable:
Test the adequacy of the control design
Test the operational effectiveness of the control
Focus on auditing high risk areas
Relying on management testing of controls. - answer✔✔Focus on high risk areas. Reducing the
scope and focusing on auditing high-risk areas is the bets course of action.
While planning an IS audit, an assessment of risk should be made to provide: -
answer✔✔Reasonable assurance that the audit will cover material items.
ISACA IS Audit and Assurance Guideline 2202 (Risk Assessment in Planning) states that the
applied risk assessment approach should help with the prioritization and scheduling process of
the IS audit and assurance work. It should support the selection process of areas and items of
audit interest and the decision process to design and conduct particular IS audit engagements.
Which of the following best describes the purpose of performing a risk assessment in the
planning phase of an IS audit:
Establish adequate staffing requirements to complete the IS audit
To provide reasonable assurance that all material items will be addressed
To determine the skills required to perform the IS audit
To develop the audit program and procedures - answer✔✔To provide reasonable assurance that
all material items will be addressed.
A risk assessment helps focus the audit procedures on the highest risk areas included in the scope
of the audit.
A financial institution with multiple branch offices has an automated control that requires the
branch manager to approve transactions more than a certain amount. What type of audit control
is this? - answer✔✔Preventative.
An IS auditor is validating a control that involved a review of system generated exception
reports. Which of the following is the best evidence of the effectiveness of the control.
1- Walkthrough with the reviewer of the operation of the control
2- System generated exception report for the review period with the reviewers sign off
3- A sample system generated exceptions report for the review period, with follow-up action
items noted by the reviewer
4- Management's confirmation of the effectiveness of the control for the review period. -
answer✔✔A sample system generated exceptions report for the review period, with follow-up
action items noted by the reviewer.
A sample of a system generated report with evidence that the reviewer followed up on the
exception represents the best possible evidence of the effective operation of the control because
there is documented evidence that the reviewer has reviewed and taken actions based on the
exception report.
Which of the following is the most important skill an IS auditor should develop to understand the
constraints of conducting an audit:
4 - Knowledge of internal controls - answer✔✔Project Management
The internal audit department has written some scripts that are used for continuous auditing of
some information systems. The IT department has asked for copies of the scripts so that they can
use them for setting up a continuous monitoring process on key systems. Would sharing these
scripts with IT effect the ability of IS auditors to independently and objectively audit the IT
function? - answer✔✔No. Sharing the scripts is permissible as long as IT recognizes that audits
may still be conducted in areas not covered in the scripts.
IS Audit can still review all aspects of the systems. They may not be able to review the
effectiveness of the scripts themselves, but they can still audit the systems.
When slecting audit procedures, an IS auditor should use professional judgement to ensure that: -
answer✔✔Sufficient evidence will be collected.
Procedures are processes an IS auditor may follow in an audit engagement. In determining the
appropriateness of any specific procedure, an IS auditor should use professional judgment
appropriate to the specific circumstance. Professional judgement involves a subjective and often
qualitative evaluation of conditions arising in the course of an audit. Judgment address a grey
area where binary (yes/no) decisions are not appropriate and the IS auditor's past experience
plays a key role in making a judgement. The IS auditor should use judgement in assessing the
sufficiency of evidence to be collected. ISACA's guidelines provide information on how to meet
the standards when performing IS audit work.
During the planning s stage of an IS audit, the primary goal of an IS auditor is to -
answer✔✔Address audit objectives
ISACA IS Audit and Assurance Standards requires that an IS auditor plan the audit work to
address the audit objectives.
An IS auditor is verifying that some of the policies have not been approved by managedment (as
required by policy), but the employee strictly follow the policies. What should the IS auditor do
first?
A) Ignore the absences of management approval because the employee follow the policies
B) Recommend immediate management approval of the policies
C) Emphasize the importance of approval to management
D) Report the absence of documented approval. - answer✔✔D) Reoirt the absence of
documented approval.
The IS auditor must report the findings. Unapproved policies may present a potential risk to the
organization, even if they are being followed, because this technically may prevent manament
from enforcing the policies in some cases, and may present legal issues.
An IS auditor has been assigned to conduct a test that compares job run logs to computer job
schedules. Which of the following observations would be of the GREATEST concern to the IS
auditor.
A) There are a growing number of emergency changes.
B) There were instances when some jobs were not completed on time
C) There were instances when some jobs were overridden by computer operators
D) Evidence shows that only scheduled jobs were run. - answer✔✔C) There were instances
when some jobs were overridden by computer operators.
The overriding of computer processing jobs by computer operators could lead to unauthorized
changes to data programs.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.