CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 180
1. An organization's IS audit charter should specify the:
A) short- and long-term plans for IS audit engagements
B) objectives and scope of IS audit engagements.
C) detailed training plan for the IS audit staff.
D) role of the IS audit function.
2. An IS auditor is evaluating management's risk assessment of information systems. The IS auditor should FIRST review:
A) the controls already in place.
B) the effectiveness of the controls in place.
C) the mechanism for monitoring the risks related to the assets.
D) the threats/vulnerabilities affecting the assets.
3. In planning an audit, the MOST critical step is the identification of the:
A) areas of high risk.
B) skill sets of the audit staff.
C) test steps in the audit.
D) time allotted for the audit.
4. The extent to which data will be collected during an IS audit should be determined based on the:
A) availability of critical and required information.
B) auditor's familiarity with the circumstances.
C) auditee's ability to find relevant evidence.
D) purpose and scope of the audit being done.
5. While planning an audit, an assessment of risk should be made to provide:
A) reasonable assurance that the audit will cover material items.
B) definite assurance that material items will be covered during the audit work.
C) reasonable assurance that all items will be covered by the audit.
D) sufficient assurance that all items will be covered during the audit work.
A) short- and long-term plans for IS audit engagements
B) objectives and scope of IS audit engagements.
C) detailed training plan for the IS audit staff.
D) role of the IS audit function.
2. An IS auditor is evaluating management's risk assessment of information systems. The IS auditor should FIRST review:
A) the controls already in place.
B) the effectiveness of the controls in place.
C) the mechanism for monitoring the risks related to the assets.
D) the threats/vulnerabilities affecting the assets.
3. In planning an audit, the MOST critical step is the identification of the:
A) areas of high risk.
B) skill sets of the audit staff.
C) test steps in the audit.
D) time allotted for the audit.
4. The extent to which data will be collected during an IS audit should be determined based on the:
A) availability of critical and required information.
B) auditor's familiarity with the circumstances.
C) auditee's ability to find relevant evidence.
D) purpose and scope of the audit being done.
5. While planning an audit, an assessment of risk should be made to provide:
A) reasonable assurance that the audit will cover material items.
B) definite assurance that material items will be covered during the audit work.
C) reasonable assurance that all items will be covered by the audit.
D) sufficient assurance that all items will be covered during the audit work.
1. Right Answer: D
Explanation: An IS audit charter establishes the role of the information systems audit function. The charter should describe the overall authority, scope, and responsibilities of the audit function. It should be approved by the highest level of management and, if available, by the audit committee. Short- term and long-term planning is the responsibility of audit management. The objectives and scope of each IS audit should be agreed to in an engagement letter. A training plan, based on the audit plan, should be developed by audit management.
2. Right Answer: D
Explanation: One of the key factors to be considered while assessing the risks related to the use of various information systems is the threats and vulnerabilities affecting the assets. The risks related to the use of information assets should be evaluated in isolation from the installed controls. Similarly, the effectiveness of the controls should be considered during the risk mitigation stage and not during the risk assessment phase A mechanism to continuously monitor the risks related to assets should be put in place during the risk monitoring function that follows the risk assessment phase.
3. Right Answer: A
Explanation: When designing an audit plan, it is important to identify the areas of highest risk to determine the areas to be audited. The skill sets of the audit staff should have been considered before deciding and selecting the audit. Test steps for the audit are not as critical as identifying the areas of risk, and the time allotted for an audit is determined by the areas to be audited, which are primarily selected based on the identification of risks.
4. Right Answer: D
Explanation: The extent to which data will be collected during an IS audit should be related directly to the scope and purpose of the audit. An audit with a narrow purpose and scope would result most likely in less data collection, than an audit with a wider purpose and scope. The scope of an IS audit should not be constrained by the ease of obtaining the information or by the auditor's familiarity with the area being audited. Collecting all the required evidence is a required element of an IS audit, and the scope of the audit should not be limited by the auditee's ability to find relevant evidence.
5. Right Answer: A
Explanation: The ISACA IS Auditing Guideline G15 on planning the IS audit states, 'An assessment of risk should be made to provide reasonable assurance that material items will be adequately covered during the audit work. This assessment should identify areas with a relatively high risk of the existence of material problems.' Definite assurance that material items will be covered during the audit work is an impractical proposition. Reasonable assurance that all items will be covered during the audit work is not the correct answer, as material items need to be covered, not all items.
Explanation: An IS audit charter establishes the role of the information systems audit function. The charter should describe the overall authority, scope, and responsibilities of the audit function. It should be approved by the highest level of management and, if available, by the audit committee. Short- term and long-term planning is the responsibility of audit management. The objectives and scope of each IS audit should be agreed to in an engagement letter. A training plan, based on the audit plan, should be developed by audit management.
2. Right Answer: D
Explanation: One of the key factors to be considered while assessing the risks related to the use of various information systems is the threats and vulnerabilities affecting the assets. The risks related to the use of information assets should be evaluated in isolation from the installed controls. Similarly, the effectiveness of the controls should be considered during the risk mitigation stage and not during the risk assessment phase A mechanism to continuously monitor the risks related to assets should be put in place during the risk monitoring function that follows the risk assessment phase.
3. Right Answer: A
Explanation: When designing an audit plan, it is important to identify the areas of highest risk to determine the areas to be audited. The skill sets of the audit staff should have been considered before deciding and selecting the audit. Test steps for the audit are not as critical as identifying the areas of risk, and the time allotted for an audit is determined by the areas to be audited, which are primarily selected based on the identification of risks.
4. Right Answer: D
Explanation: The extent to which data will be collected during an IS audit should be related directly to the scope and purpose of the audit. An audit with a narrow purpose and scope would result most likely in less data collection, than an audit with a wider purpose and scope. The scope of an IS audit should not be constrained by the ease of obtaining the information or by the auditor's familiarity with the area being audited. Collecting all the required evidence is a required element of an IS audit, and the scope of the audit should not be limited by the auditee's ability to find relevant evidence.
5. Right Answer: A
Explanation: The ISACA IS Auditing Guideline G15 on planning the IS audit states, 'An assessment of risk should be made to provide reasonable assurance that material items will be adequately covered during the audit work. This assessment should identify areas with a relatively high risk of the existence of material problems.' Definite assurance that material items will be covered during the audit work is an impractical proposition. Reasonable assurance that all items will be covered during the audit work is not the correct answer, as material items need to be covered, not all items.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment