CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 179
1. Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?
A) Multiple cycles of backup files remain available.
B) Access controls establish accountability for e-mail activity.
C) Data classification regulates what information should be communicated via e-mail.
D) Within the enterprise, a clear policy for using e-mail ensures that evidence is available.
2. An IS auditor is assigned to perform a post implementation review of an application system. Which pf the following situations may have impaired the independence of the IS auditor? The IS auditor:
A) implemented a specific control during the development of the application system.
B) designed an embedded audit module exclusively for auditing the application system.
C) participated as a member of the application system project team, but did not have operational responsibilities.
D) provided consulting advice concerning application system best practices.
3. The PRIMARY advantage of a continuous audit approach is that it:
A) does not require an IS auditor to collect evidence on system reliability while processing is taking place.
B) requires the IS auditor to review and follow up immediately on all information collected.
C) can improve system security when used in time-sharing environments that process a large number of transactions.
D) does not depend on the complexity of an organization's computer systems.
4. When developing a risk-based audit strategy, an IS auditor conduct a risk assessment to ensure that:
A) controls needed to mitigate risks are in place.
B) vulnerabilities and threats are identified.
C) audit risks are considered.
D) a gap analysis is appropriate.
5. To ensure that audit resources deliver the best value to the organization, the FIRST step would be to:
A) schedule the audits and monitor the time spent on each audit.
B) train the IS audit staff on current technology used in the company.
C) develop the audit plan on the basis of a detailed risk assessment.
D) monitor progress of audits and initiate cost control measures.
A) Multiple cycles of backup files remain available.
B) Access controls establish accountability for e-mail activity.
C) Data classification regulates what information should be communicated via e-mail.
D) Within the enterprise, a clear policy for using e-mail ensures that evidence is available.
2. An IS auditor is assigned to perform a post implementation review of an application system. Which pf the following situations may have impaired the independence of the IS auditor? The IS auditor:
A) implemented a specific control during the development of the application system.
B) designed an embedded audit module exclusively for auditing the application system.
C) participated as a member of the application system project team, but did not have operational responsibilities.
D) provided consulting advice concerning application system best practices.
3. The PRIMARY advantage of a continuous audit approach is that it:
A) does not require an IS auditor to collect evidence on system reliability while processing is taking place.
B) requires the IS auditor to review and follow up immediately on all information collected.
C) can improve system security when used in time-sharing environments that process a large number of transactions.
D) does not depend on the complexity of an organization's computer systems.
4. When developing a risk-based audit strategy, an IS auditor conduct a risk assessment to ensure that:
A) controls needed to mitigate risks are in place.
B) vulnerabilities and threats are identified.
C) audit risks are considered.
D) a gap analysis is appropriate.
5. To ensure that audit resources deliver the best value to the organization, the FIRST step would be to:
A) schedule the audits and monitor the time spent on each audit.
B) train the IS audit staff on current technology used in the company.
C) develop the audit plan on the basis of a detailed risk assessment.
D) monitor progress of audits and initiate cost control measures.
1. Right Answer: A
Explanation: Backup files containing documents that supposedly have been deleted could be recovered from these files. Access controls may help establish accountability for the issuance of a particular document, but this does not provide evidence of the e-mail. Data classification standards may be in place with regards to what should be communicated via e-mail, but the creation of the policy does not provide the information required for litigation purposes.
2. Right Answer: A
Explanation: Independence may be impaired if an IS auditor is, or has been, actively involved in the development, acquisition and implementation of the application system.Choices B and C are situations that do not impair an IS auditor's independence. Choice D is incorrect because an IS auditor's independence is not impaired by providing advice on known best practices.
3. Right Answer: C
Explanation: The use of continuous auditing techniques can improve system security when used in time- sharing environments that process a large number of transactions, but leave a scarce paper trail. Choice A is incorrect since the continuous audit approach often does require an IS auditor to collect evidence on system reliability while processing is taking place. Choice B is incorrect since an IS auditor normally would review and follow up only on material deficiencies or errors detected. Choice D is incorrect since the use of continuous audit techniques depends on the complexity of an organization's computer systems.
4. Right Answer: B
Explanation: In developing a risk-based audit strategy, it is critical that the risks and vulnerabilities be understood. This will determine the areas to be audited and the extent of coverage.Understanding whether appropriate controls required to mitigate risks are in place is a resultant effect of an audit. Audit risks are inherent aspects of auditing, are directly related to the audit process and are not relevant to the risk analysis of the environment to be audited. A gap analysis would normally be done to compare the actual state to an expected or desirable state.
5. Right Answer: C
Explanation: Monitoring the time (choice A) and audit programs {choice D), as well as adequate training (choice B), will improve the IS audit staff's productivity (efficiency and performance), but that which delivers value to the organization are the resources and efforts being dedicated to, and focused on, the higher-risk areas.
Explanation: Backup files containing documents that supposedly have been deleted could be recovered from these files. Access controls may help establish accountability for the issuance of a particular document, but this does not provide evidence of the e-mail. Data classification standards may be in place with regards to what should be communicated via e-mail, but the creation of the policy does not provide the information required for litigation purposes.
2. Right Answer: A
Explanation: Independence may be impaired if an IS auditor is, or has been, actively involved in the development, acquisition and implementation of the application system.Choices B and C are situations that do not impair an IS auditor's independence. Choice D is incorrect because an IS auditor's independence is not impaired by providing advice on known best practices.
3. Right Answer: C
Explanation: The use of continuous auditing techniques can improve system security when used in time- sharing environments that process a large number of transactions, but leave a scarce paper trail. Choice A is incorrect since the continuous audit approach often does require an IS auditor to collect evidence on system reliability while processing is taking place. Choice B is incorrect since an IS auditor normally would review and follow up only on material deficiencies or errors detected. Choice D is incorrect since the use of continuous audit techniques depends on the complexity of an organization's computer systems.
4. Right Answer: B
Explanation: In developing a risk-based audit strategy, it is critical that the risks and vulnerabilities be understood. This will determine the areas to be audited and the extent of coverage.Understanding whether appropriate controls required to mitigate risks are in place is a resultant effect of an audit. Audit risks are inherent aspects of auditing, are directly related to the audit process and are not relevant to the risk analysis of the environment to be audited. A gap analysis would normally be done to compare the actual state to an expected or desirable state.
5. Right Answer: C
Explanation: Monitoring the time (choice A) and audit programs {choice D), as well as adequate training (choice B), will improve the IS audit staff's productivity (efficiency and performance), but that which delivers value to the organization are the resources and efforts being dedicated to, and focused on, the higher-risk areas.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment