CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 181
1. An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:
A) the probability of error must be objectively quantified.
B) the auditor wishes to avoid sampling risk.
C) generalized audit software is unavailable.
D) the tolerable error rate cannot be determined.
2. During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:
A) address audit objectives.
B) collect sufficient evidence.
C) specify appropriate tests.
D) minimize audit resources.
3. When selecting audit procedures, an IS auditor should use professional judgment to ensure that:
A) sufficient evidence will be collected.
B) all significant deficiencies identified will be corrected within a reasonable period.
C) all material weaknesses will be identified.
D) audit costs will be kept at a minimum level.
4. An IS auditor evaluating logical access controls should FIRST:
A) document the controls applied to the potential access paths to the system.
B) test controls over the access paths to determine if they are functional.
C) evaluate the security environment in relation to written policies and practices
D) obtain an understanding of the security risks to information processing.
5. The PRIMARY purpose of an IT forensic audit is:
A) to participate in investigations related to corporate fraud.
B) the systematic collection of evidence after a system irregularity.
C) to assess the correctness of an organization's financial statements
D) to determine that there has been criminal activity.
A) the probability of error must be objectively quantified.
B) the auditor wishes to avoid sampling risk.
C) generalized audit software is unavailable.
D) the tolerable error rate cannot be determined.
2. During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:
A) address audit objectives.
B) collect sufficient evidence.
C) specify appropriate tests.
D) minimize audit resources.
3. When selecting audit procedures, an IS auditor should use professional judgment to ensure that:
A) sufficient evidence will be collected.
B) all significant deficiencies identified will be corrected within a reasonable period.
C) all material weaknesses will be identified.
D) audit costs will be kept at a minimum level.
4. An IS auditor evaluating logical access controls should FIRST:
A) document the controls applied to the potential access paths to the system.
B) test controls over the access paths to determine if they are functional.
C) evaluate the security environment in relation to written policies and practices
D) obtain an understanding of the security risks to information processing.
5. The PRIMARY purpose of an IT forensic audit is:
A) to participate in investigations related to corporate fraud.
B) the systematic collection of evidence after a system irregularity.
C) to assess the correctness of an organization's financial statements
D) to determine that there has been criminal activity.
1. Right Answer: A
Explanation: Given an expected error rate and confidence level, statistical sampling is an objective method of sampling, which helps an IS auditor determine the sample size and quantify the probability of error (confidence coefficient). Choice B is incorrect because sampling risk is the risk of a sample not being representative of the population. This risk exists for both judgment and statistical samples. Choice C is incorrect because statistical sampling does not require the use of generalized audit software. Choice D is incorrect because the tolerable error rate must be predetermined for both judgment and statistical sampling.
2. Right Answer: A
Explanation: ISACA auditing standards require that an IS auditor plan the audit work to address the audit objectives. Choice B is incorrect because the auditor does not collect evidence in the planning stage of an audit. Choices C and D are incorrect because they are not the primary goals of audit planning. The activities described in choices B, C and D are all undertaken to address audit objectives and are thus secondary to choice A.
3. Right Answer: A
Explanation: Procedures are processes an IS auditor may follow in an audit engagement. In determining the appropriateness of any specific procedure, an IS auditor should use professional judgment appropriate to the specific circumstances. Professional judgment involves a subjective and often qualitative evaluation of conditions arising in the course of an audit. Judgment addresses a grey area where binary (yes/no) decisions are not appropriate and the auditor's past experience plays a key role in making a judgment. ISACA's guidelines provide information on how to meet the standards when performing IS audit work. Identifying material weaknesses is the result of appropriate competence, experience and thoroughness in planning and executing the audit and not of professional judgment.Professional judgment is not a primary input to the financial aspects of the audit.
4. Right Answer: D
Explanation: When evaluating logical access controls, an IS auditor should first obtain an understanding of the security risks facing information processing by reviewing relevant documentation, by inquiries, and by conducting a risk assessment. Documentation and evaluation is the second step in assessing the adequacy, efficiency and effectiveness, thus identifying deficiencies or redundancy in controls. The third step is to test the access paths-to determine if the controls are functioning. Lastly, the lS auditor evaluates the security environment to assess its adequacy by reviewing the written policies, observing practices and comparing them to appropriate security best practices.
5. Right Answer: B
Explanation: Choice B describes a forensic audit. The evidence collected could then be used in judicial proceedings. Forensic audits are not limited to corporate fraud.Assessing the correctness of an organization's financial statements is not the purpose of a forensic audit. Drawing a conclusion to criminal activity would be part of a legal process and not the objective of a forensic audit.
Explanation: Given an expected error rate and confidence level, statistical sampling is an objective method of sampling, which helps an IS auditor determine the sample size and quantify the probability of error (confidence coefficient). Choice B is incorrect because sampling risk is the risk of a sample not being representative of the population. This risk exists for both judgment and statistical samples. Choice C is incorrect because statistical sampling does not require the use of generalized audit software. Choice D is incorrect because the tolerable error rate must be predetermined for both judgment and statistical sampling.
2. Right Answer: A
Explanation: ISACA auditing standards require that an IS auditor plan the audit work to address the audit objectives. Choice B is incorrect because the auditor does not collect evidence in the planning stage of an audit. Choices C and D are incorrect because they are not the primary goals of audit planning. The activities described in choices B, C and D are all undertaken to address audit objectives and are thus secondary to choice A.
3. Right Answer: A
Explanation: Procedures are processes an IS auditor may follow in an audit engagement. In determining the appropriateness of any specific procedure, an IS auditor should use professional judgment appropriate to the specific circumstances. Professional judgment involves a subjective and often qualitative evaluation of conditions arising in the course of an audit. Judgment addresses a grey area where binary (yes/no) decisions are not appropriate and the auditor's past experience plays a key role in making a judgment. ISACA's guidelines provide information on how to meet the standards when performing IS audit work. Identifying material weaknesses is the result of appropriate competence, experience and thoroughness in planning and executing the audit and not of professional judgment.Professional judgment is not a primary input to the financial aspects of the audit.
4. Right Answer: D
Explanation: When evaluating logical access controls, an IS auditor should first obtain an understanding of the security risks facing information processing by reviewing relevant documentation, by inquiries, and by conducting a risk assessment. Documentation and evaluation is the second step in assessing the adequacy, efficiency and effectiveness, thus identifying deficiencies or redundancy in controls. The third step is to test the access paths-to determine if the controls are functioning. Lastly, the lS auditor evaluates the security environment to assess its adequacy by reviewing the written policies, observing practices and comparing them to appropriate security best practices.
5. Right Answer: B
Explanation: Choice B describes a forensic audit. The evidence collected could then be used in judicial proceedings. Forensic audits are not limited to corporate fraud.Assessing the correctness of an organization's financial statements is not the purpose of a forensic audit. Drawing a conclusion to criminal activity would be part of a legal process and not the objective of a forensic audit.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment