CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 183
1. The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?
A) Test data
B) Generalized audit software
C) Integrated test facility
D) Embedded audit module
2. During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:
A) create the procedures document.
B) terminate the audit.
C) conduct compliance testing.
D) identify and evaluate existing practices.
3. In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:
A) identify and assess the risk assessment process used by management.
B) identify information assets and the underlying systems.
C) disclose the threats and impacts to management.
D) identify and evaluate the existing controls.
4. Which of the following should be of MOST concern to an IS auditor?
A) Lack of reporting of a successful attack on the network
B) Failure to notify police of an attempted intrusion
C) Lack of periodic examination of access rights
D) Lack of notification to the public of an intrusion
5. Which of the following would normally be the MOST reliable evidence for an auditor?
A) A confirmation letter received from a third party verifying an account balance
B) Assurance from line management that an application is working as designed
C) Trend data obtained from World Wide Web (Internet) sources
D) Ratio analysts developed by the IS auditor from reports supplied by line management
A) Test data
B) Generalized audit software
C) Integrated test facility
D) Embedded audit module
2. During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:
A) create the procedures document.
B) terminate the audit.
C) conduct compliance testing.
D) identify and evaluate existing practices.
3. In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:
A) identify and assess the risk assessment process used by management.
B) identify information assets and the underlying systems.
C) disclose the threats and impacts to management.
D) identify and evaluate the existing controls.
4. Which of the following should be of MOST concern to an IS auditor?
A) Lack of reporting of a successful attack on the network
B) Failure to notify police of an attempted intrusion
C) Lack of periodic examination of access rights
D) Lack of notification to the public of an intrusion
5. Which of the following would normally be the MOST reliable evidence for an auditor?
A) A confirmation letter received from a third party verifying an account balance
B) Assurance from line management that an application is working as designed
C) Trend data obtained from World Wide Web (Internet) sources
D) Ratio analysts developed by the IS auditor from reports supplied by line management
1. Right Answer: B
Explanation: Generalized audit software features include mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking and recomputations. An IS auditor, using generalized audit software, could design appropriate tests to recompute the payroll, thereby determining if there were overpayments and to whom they were made. Test data would test for the existence of controls that might prevent overpayments, but it would not detect specific, previous miscalculations. Neither an integrated test facility nor an embedded audit module would detect errors for a previous period.
2. Right Answer: D
Explanation: One of the main objectives of an audit is to identify potential risks; therefore, the most proactive approach would be to identify and evaluate the existing security practices being followed by the organization. IS auditors should not prepare documentation, as doing so could jeopardize their independence. Terminating the audit may prevent achieving one of the basic audit objectives, i.e., identification of potential risks. Since there are no documented procedures, there is no basis against which to test compliance.
3. Right Answer: D
Explanation: It is important for an IS auditor to identify and evaluate the existing controls and security once the potential threats and possible impacts are identified. Upon completion of an audit an IS auditor should describe and discuss with management the threats and potential impacts on the assets.
4. Right Answer: A
Explanation: Not reporting an intrusion is equivalent to an IS auditor hiding a malicious intrusion, which would be a professional mistake. Although notification to the police may be required and the lack of a periodic examination of access rights might be a concern, they do not represent as big a concern as the failure to report the attack.Reporting to the public is not a requirement and is dependent on the organization's desire, or lack thereof, to make the intrusion known.
5. Right Answer: A
Explanation: Evidence obtained from independent third parties almost always is considered to be the most reliable. Choices B, C and D would not be considered as reliable.
Explanation: Generalized audit software features include mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking and recomputations. An IS auditor, using generalized audit software, could design appropriate tests to recompute the payroll, thereby determining if there were overpayments and to whom they were made. Test data would test for the existence of controls that might prevent overpayments, but it would not detect specific, previous miscalculations. Neither an integrated test facility nor an embedded audit module would detect errors for a previous period.
2. Right Answer: D
Explanation: One of the main objectives of an audit is to identify potential risks; therefore, the most proactive approach would be to identify and evaluate the existing security practices being followed by the organization. IS auditors should not prepare documentation, as doing so could jeopardize their independence. Terminating the audit may prevent achieving one of the basic audit objectives, i.e., identification of potential risks. Since there are no documented procedures, there is no basis against which to test compliance.
3. Right Answer: D
Explanation: It is important for an IS auditor to identify and evaluate the existing controls and security once the potential threats and possible impacts are identified. Upon completion of an audit an IS auditor should describe and discuss with management the threats and potential impacts on the assets.
4. Right Answer: A
Explanation: Not reporting an intrusion is equivalent to an IS auditor hiding a malicious intrusion, which would be a professional mistake. Although notification to the police may be required and the lack of a periodic examination of access rights might be a concern, they do not represent as big a concern as the failure to report the attack.Reporting to the public is not a requirement and is dependent on the organization's desire, or lack thereof, to make the intrusion known.
5. Right Answer: A
Explanation: Evidence obtained from independent third parties almost always is considered to be the most reliable. Choices B, C and D would not be considered as reliable.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment