Cisa exam stuvia 2024 - Study guides, Class notes & Summaries

Chapter 1 - ANSWER Source code - ANSWERuncompiled, archive code Object code - ANSWERcompiled code that is distributed and put into production; not able to be read by humans Inherent risk - ANSWERthe risk that an error could occur assuming no compensating control exist Control risk - ANSWERthe risk that an error exists that would not be prevented by internal controls Detection risk - ANSWERthe risk that an error exists, but is not detected. The risk that an IS auditor may use an in...

When evaluating the collective effect of preventive, detective and corrective controls within a process, an IS auditor should be aware of which of the following? A. The point at which controls are exercised as data flow through the system B. Only preventive and detective controls are relevant C. Corrective controls are regarded as compensating D. Classification allows an IS auditor to determine which controls are missing - ANSWERA. An IS auditor who has discovered unauthorized transaction...

Completing a Risk Analysis. - ANSWERWhat is the most important consideration before implementing a new technology? Indemnity Clause - ANSWERWhat is a clause that holds providers financially liable for violations? Agreed upon performance metrics in the SLA - ANSWERWhat is the best reference for vendor's ability to meet its SLA? Integrated Test Facility (ITF) - ANSWERWhat creates a fictitious entity in the database to process test transactions simultaneously with live input Its adva...

Planning, fieldwork/documentation, and reporting/follow-up - ANSWERMajor phases of the typical audit process Audit Charter - ANSWERAn overarching document that covers the entire scope of audit activities in an entire entity. Engagement Letter - ANSWERMore focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind. Short-Term Planning - ANSWERConsiders audit issues that will be covered during the year. Long-Term Planning ...

Who is responsible for the governance of the enterprise? - ANSWERBoard of Directors What is corporate governance's purpose? - ANSWERto help build an environment of trust, transparency, and accountability to foster long-term investment, financial stability, and business integrity All stakeholders provide ______ into IT-decision making processes - ANSWERinput IT resource management - ANSWERmaintain updated inventory of IT assets and address risk management Performance management - A...

Who should approve the audit charter of an organization? - ANSWERSenior management What should the content of an audit charter be? - ANSWERThe scope, authority, and responsibilities of the audit function What is the prime reason for review of an organization chart? - ANSWERTo understand the authority and responsibility of individuals The actions of an IS auditor are primarily influenced by - ANSWERAudit charter Which document provides the overall authority for an auditor to perform a...

Which of the following is the BEST preventive control to protect the confidentiality of data on a corporate smartphone in the event it is lost? a) Biometric authentication for the device b) Remote data wipe program c) Encryption of the data stored on the device d) Password for device authentication - ANSWERc) Encryption of the data stored on the device Note the question asks about a PREVENTATIVE control to protect CONFIDENTIALITY. Confidentiality entails the efforts to keep data private, ...

A1-1: The internal audit department has written some scripts that are used for continuous auditing of some information systems. The IT department has asked for copies of the script so that they can use them for setting up a continuous monitoring process on key systems. Would sharing these with IT affect the ability of the IS auditors to independently and objectively audit the IT function? - ANSWERC. Sharing the scripts is permissible as long as IT recognizes that audits still may still be conduc...