Which of the following is NOT part of the audit report?

Expectation and obligation of client and auditor

In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:

verify if management's action mitigates the identified risk

mark the recommendation as satisfied and close the finding

re-perform the audit to assess the changed control environment

escalate the deviation to the audit committee

An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined the user list was not system-generated. Which of the following should be the GREATEST concern?

Source of the user list reviewed

Availability of the user list reviewed

Confidentiality of the user list reviewed

Completeness of the user list reviewed

An IS auditor submitted audit reports and scheduled a follow-up audit engagement with a client. The client has requested to engage the services of the same auditor to develop enhanced controls. What is the GREATEST concern with this request?

It would a possible conflict of interest.

It would require the approval of the audit manager.

It would be beyond the original audit scope.

It would require a change to the audit plan.

Which of the following is NOT a guideline published for giving direction to IS auditors?

Which of the following is not a guideline published for giving direction to IS auditors?

When planning an IS audit, which of the following factors is least likely to be relevant to the scope of the engagement?

The amount of controls currently in place

The concerns of management for ensuring that controls are sufficient and working properly.

The type of business, management, culture, and risk tolerance

Before concluding that internal controls can be relied upon, the IS auditor should:

discuss the internal control weakness with the auditee

document the system of internal control

Which of the following is an example of a preventive control?

Back up and recovery procedures

f senior management is not committed to strategic planning, how likely is it that a company's implementation of IT will be successful?

Strategic planning does not affect the success of a company's implementation of IT

Management is not committed to strategic planning

The PRIMARY objective of an audit of IT security policies is to ensure that:

security and control policies support business and IT objectives.

they are distributed and available to all staff.

there is a published organizational chart with functional descriptions.

duties are appropriately segregated

Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

Unauthorized users may have access to originate, modify or delete data.

User management coordination does not exist.

Specific user accountability cannot be established.

Audit recommendations may not be implemented.

When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:

effective support of an executive sponsor

establishment of a review board

selection of a security process owner.

When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:

articulates the IT mission and vision.

incorporates state of the art technology.

addresses the required operational controls.

specifies project management practices.

The ultimate purpose of IT governance is to:

Decentralize IT resources across the organization

What should an IS auditor do if he or she observes that project-approval procedures do not exist?

Recommend to management that formal approval procedures be adopted and documented

Advise senior management to invest in project-management training for the staff

Create project-approval procedures for future project implementations

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

The system does not have a maintenance plan.

The system contains several minor defects.

The system deployment was delayed by three weeks.

The system was over budget by 15%.

CISA Quiz

Authored by Ganesh Pathuri

English

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

25 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which of the following is the FIRST step performed prior to creating a risk ranking for the annual internal IS audit plan?

Prioritise the identified risk.

Define the audit universe.

Identify the critical controls.

Determine the testing approach.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which of the following is the MOST critical step when planning an IS audit?

Review findings from prior audits.

Executive management's approval of the audit plan.

Review IS security policies and procedures.

Perform Risk Assessment

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The PRIMARY advantage of a continuous audit approach is that it:

Does not require an IS auditor to collect evidence on system reliability while processing is taking place

Requires the IS auditor to review and follow up immediately on all information collected

Can improve system security when used in time-sharing environments that process a large number of transactions

Does not depend on the complexity of an organizations computer systems.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

An IS Auditor is performing an audit of a remotely managed server backup. The IS Auditor reviews the log for one day and finds one case where logging on a server has failed with the result that backup restarts can not be confirmed. What should the auditor do?

Issue an Audit finding

Seek an explanation from IS management

Review the classification of data held on the server

Expand the sample of logs reviewed

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

During the planning stage of an IS Audit, the PRIMARY goal of an IS Auditor is to:

Address Audit objectives

Collect sufficient evidence

Specify appropriate tests

Minimize audit resources

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Overall business risk for particular threat can be expressed as:

A Product of probability and magnitude of impact if threat successfully exploits the vulnerability

The magnitude of impact should a threat source successfully exploit the vulnerability

The likelihood of given threat source exploiting a given vulnerability

The collective judgement of the risk assessment team

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

hich of the following is NOT a function of the audit working papers

Show compliance with standards

Show how results were deduced

Show management’s role

Show due care was exercised

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

21 questions

Appearance

Quiz

•

5th Grade - Professio...

20 questions

Revision

Quiz

•

Professional Development

20 questions

Conversation III Partial 1

Quiz

•

6th Grade - Professio...

20 questions

Business words. Present Simple, Continuous, Past Simple

Quiz

•

Professional Development

20 questions

BB2 Lesson 13 Buổi 14

Quiz

•

Professional Development

20 questions

Grammar Test

Quiz

•

Professional Development

20 questions

Review unit 1a&b

Quiz

•

Professional Development

20 questions

IELTS

Quiz

•

10th Grade - Professi...

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for English

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

35 questions

World War Two 8th G

Quiz

•

6th Grade - Professio...

7 questions

DOL REC: Solutions & Solubility Curves

Quiz

•

Professional Development

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development