1. Right Answer: C
Explanation: The risk that material errors or misstatements that have occurred will not be detected by an IS auditor. Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial statements. An auditor must apply audit procedures to detect material misstatements in the financial statements whether due to fraud or error. Misapplication or omission of critical audit procedures may result in a material misstatement remaining undetected by the auditor. Some detection risk is always present due to the inherent limitations of the audit such as the use of sampling for the selection of transactions. Detection risk can be reduced by auditors by increasing the number of sampled transactions for detailed testing.For your exam you should know below information about audit risk:Audit risk (also referred to as residual risk) refers to the risk that an auditor may issue unqualified report due to the auditor's failure to detect material misstatement either due to error or fraud. This risk is composed of inherent risk (IR), control risk (CR) and detection risk (DR), and can be calculated thus:AR = IR Ã? CR Ã? DR -Inherent Risk -Auditors must determine risks when working with clients. One type of risk to be aware of is inherent risk. While assessing this level of risk, you ignore whether the client has internal controls in place (such as a secondary review of financial statements) in order to help mitigate the inherent risk. You consider the strength of the internal controls when assessing the client's control risk. Your job when assessing inherent risk is to evaluate how susceptible the financial statement assertions are to material misstatement given the nature of the client's business. A few key factors can increase inherent risk.Environment and external factors: Here are some examples of environment and external factors that can lead to high inherent risk:Rapid change: A business whose inventory becomes obsolete quickly experiences high inherent risk.Expiring patents: Any business in the pharmaceutical industry also has inherently risky environment and external factors. Drug patents eventually expire, which means the company faces competition from other manufacturers marketing the same drug under a generic label.State of the economy: The general level of economic growth is another external factor affecting all businesses.Availability of financing: Another external factor is interest rates and the associated availability of financing. If your client is having problems meeting its short-term cash payments, available loans with low interest rates may mean the difference between your client staying in business or having to close its doors.Prior-period misstatements: If a company has made mistakes in prior years that weren't material (meaning they weren't significant enough to have to change), those errors still exist in the financial statements. You have to aggregate prior-period misstatements with current year misstatements to see if you need to ask the client to adjust the account for the total misstatement.You may think an understatement in one year compensates for an overstatement in another year. In auditing, this assumption isn't true. Say you work a cash register and one night the register comes up $20 short. The next week, you somehow came up $20 over my draw count. The $20 differences are added together to represent the total amount of your mistakes which is $40 and not zero. Zero would indicate no mistakes at all had occurred.Susceptibility to theft or fraud: If a certain asset is susceptible to theft or fraud, the account or balance level may be considered inherently risky. For example, if a client has a lot of customers who pay in cash, the balance sheet cash account is going to have risk associated with theft or fraud because of the fact that cash is more easily diverted than customer checks or credit card payments.Looking at industry statistics relating to inventory theft, you may also decide to consider the inventory account as inherently risky. Small inventory items can further increase the risk of this account valuation being incorrect because those items are easier to conceal (and therefore easier to steal).Control Risk -Control risk has been defined under International Standards of Auditing (ISAs) as following:The risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's internal control.In simple words control risk is the probability that a material misstatement exists in an assertion because that misstatement was not either prevented from entering entity's financial information or it was not detected and corrected by the internal control system of the entity.It is the responsibility of the management and those charged with governance to implement internal control system and maintain it appropriately which includes managing control risk.There can be many reasons for control risk to arise and why it cannot be eliminated absolutely. But some of them are as follows:Cost-benefit constraints -Circumvention of controls -Inappropriate design of controlsInappropriate application of controlsLack of control environment and accountabilityNovel situations -Outdated controls -Inappropriate segregation of dutiesDetection Risk -Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial statements.An auditor must apply audit procedures to detect material misstatements in the financial statements whether due to fraud or error. Misapplication or omission of critical audit procedures may result in a material misstatement remaining undetected by the auditor. Some detection risk is always present due to the inherent limitations of the audit such as the use of sampling for the selection of transactions.Detection risk can be reduced by auditors by increasing the number of sampled transactions for detailed testing.The following answers are incorrect:Inherent Risk - It is the risk level or exposure of a process or entity to be audited without taking into account the control that management has implemented.Control Risk - The risk that material error exist that would not be prevented or detected on timely basis by the system of internal controls.Overall audit risk - The probability that information or financial report may contain material errors and that the auditor may not detect an error that has occurred. An objective in formulating the audit approach is to limit the audit risk in the area under security so the overall audit risk is at sufficiently low level at the completion of the examination.The following reference(s) were/was used to create this question:CISA review manual 2014 page number 50http://en.wikipedia.org/wiki/Audit_riskhttp://www.dummies.com/how-to/content/how-to-assess-inherent-risk-in-an-audit.html http://pakaccountants.com/what-is-control-risk/ http://accounting-simplified.com/audit/risk-assessment/audit-risk.html

2. Right Answer: A
Explanation: The word INCORRECTLY is the keyword used in the question. You need to find out an option which incorrectly describes Control Self-assessment.For your exam you should know the information below about control self-assessment:Control self-assessment is an assessment of controls made by the staff and management of the unit or units involved. It is a management technique that assures stakeholders, customers and other parties that the internal controls of the organization are reliable.Benefits of CSA -Early detection of risk -More efficient and improved internal controlsCreation of cohesive teams through employee involvementDeveloping a sense of ownership of the controls in the employees and process owners, and reducing their resistance to control improvement initiativesIncreased employee awareness of organizational objectives, and knowledge of risk and internal controlsHighly motivated employees -Improved audit training process -Reduction in control cost -Assurance provided to stakeholders and customersTraditional and CSA attributes -Traditional Historical CSA -Assign duties/supervises staff Empowered/accountable employeesPolicy/rule driven Continuous improvement/learning curveLimited employee participation Extensive employee participation and trainingNarrow stakeholders focus Broad stakeholders focusAuditors and other specialist Staff at all level, in all functions, are the primary control analystsThe following answers are incorrect:The other options specified are correctly describes about CSA.The following reference(s) were/was used to create this question:CISA review manual 2014 page number 61, 62 and 63

3. Right Answer: A
Explanation: The keyword INCORRECTLY is used in the question. You need to find out an option which incorrectly describes the traditional approach.For your exam you should know the information below about control self-assessment and traditional approach:The traditional approach can be summarized as any approach in which the primary responsibility for analyzing and reporting on internal control and risk is assigned to auditor and to lesser extent, controller department and outside consultants.Control self-assessment is an assessment of controls made by the staff and management of the unit or units involved. It is a management technique that assures stakeholders, customers and other parties that the internal controls of the organization are reliable.Benefits of CSA -Early detection of risk -More efficient and improved internal controlsCreation of cohesive teams through employee involvementDeveloping a sense of ownership of the controls in the employees and process owners, and reducing their resistance to control improvement initiativesIncreased employee awareness of organizational objectives, and knowledge of risk and internal controlsHighly motivated employees -Improved audit training process -Reduction in control cost -Assurance provided to stakeholders and customersTraditional and CSA attributes -Traditional Historical CSA -Assign duties/supervises staff Empowered/accountable employeesPolicy/rule driven Continuous improvement/learning curveLimited employee participation Extensive employee participation and trainingNarrow stakeholders focus Broad stakeholders focusAuditors and other specialist Staff at all level, in all functions, are the primary control analystsThe following answers are incorrect:The other options specified are correctly describes about traditional approach.The following reference(s) were/was used to create this question:CISA review manual 2014 page number 61, 62 and 63

4. Right Answer: B
Explanation: Control self-assessment is an assessment of controls made by staff and management within the unit or units involved. It is a management technique that assures stakeholders, customers and other parties that the internal controls of the organization are reliable. The CSA approach requires extensive employee participations and training. This will help to employee understand more about business risks. This will insure the detection of risk in timely manner.For your exam you should know the information below about control self-assessment:Benefits of CSA -Early detection of risk -More efficient and improved internal controlsCreation of cohesive teams through employee involvementDeveloping a sense of ownership of the controls in the employees and process owners, and reducing their resistance to control improvement initiativesIncreased employee awareness of organizational objectives, and knowledge of risk and internal controlsHighly motivated employees -Improved audit training process -Reduction in control cost -Assurance provided to stakeholders and customersTraditional and CSA attributes -Traditional Historical CSA -Assign duties/supervises staff Empowered/accountable employeesPolicy/rule driven Continuous improvement/learning curveLimited employee participation Extensive employee participation and trainingNarrow stakeholders focus Broad stakeholders focusAuditors and other specialist Staff at all level, in all functions, are the primary control analystsThe following answers are incorrect:The other options specified are incorrectly describes about CSA.The following reference(s) were/was used to create this question:CISA review manual 2014 page number 61, 62 and 63

5. Right Answer: D
Explanation: A procedure used during accounting audits to check for errors in balance sheets and other financial documentation. A substantive test might involve checking a random sample of transactions for errors, comparing account balances to find discrepancies, or analysis and review of procedures used to execute and record transactions.Substantive testing is the stage of an audit when the auditor gathers evidence as to the extent of misstatements in client's accounting records or other information.This evidence is referred to as substantive evidence and is an important factor in determining the auditor's opinion on the financial statements as a whole. The audit procedures used to gather this evidence are referred to as substantive procedures, or substantive tests.Substantive procedures (or substantive tests) are those activities performed by the auditor during the substantive testing stage of the audit that gather evidence as to the completeness, validity and/or accuracy of account balances and underlying classes of transactions.Account balances and underlying classes of transaction must not contain any material misstatements. They must be materially complete, valid and accurate.Auditors gather evidence about these assertions by undertaking substantive procedures, which may include:Physically examining inventory on balance date as evidence that inventory shown in the accounting records actually exists (validity assertion);Arranging for suppliers to confirm in writing the details of the amount owing at balance date as evidence that accounts payable is complete (completeness assertion); and Making inquiries of management about the collectability of customers' accounts as evidence that trade debtors is accurate as to its valuation.Evidence that an account balance or class of transaction is not complete, valid or accurate is evidence of a substantive misstatement.The following answers are incorrect:Compliance Testing - Compliance testing is basically an audit of a system carried out against a known criterion.Sanity testing - Testing to determine if a new software version is performing well enough to accept it for a major testing effort. If application is crashing for initial use, then system is not stable enough for further testing and build or application is assigned to fix.Recovery testing '' Testing how well a system recovers from crashes, hardware failures, or other catastrophic problems.The following reference(s) were/was used to create this question:CISA review manual 2014 page number 52 and 53http://www.businessdictionary.com/definition/compliance-test.html