CISA(1-100), CISA(101-200), CISA201-300, CISA(301-
400), CISA(401-500), CISA(501-600), CISA(601-700),
CISA(701-800), CISA(801-900), CISA(901-1000) Test
2 – Questions With Verified Solutions
Save
Terms in this set (1495)
,The internal audit department has A. The ability of IT to continuously monitor and
written some scripts that are used for address any issues on IT systems would not affect the
continuous auditing of some ability of IS audit to perform a comprehensive audit.
information systems. The IT
department has asked for copies of B. Sharing the scripts may be required by policy for
the scripts so that they can use them the sake of quality assurance and configuration
for setting up a continuous monitoring management, but that would not impair the ability to
process on key systems. Would audit.
sharing these scripts with IT affect the
ability of the IS auditors to CORRECT C. IS audit can still review all aspects of
independently and objectively audit the systems. They may not be able to review the
the IT function? effectiveness of the scripts themselves, but they can
still audit the systems.
Select an answer:
A. D. An audit of an IS system would encompass more
Sharing the scripts is not permitted than just the controls covered in the scripts.
because it would give IT the ability to
pre-audit systems and avoid an
accurate, comprehensive audit.
B.
Sharing the scripts is required
because IT must have the ability to
review all programs and software that
runs on IS systems regardless of audit
independence.
C.
Sharing the scripts is permissible as
long as IT recognizes that audits may
still be conducted in areas not
covered in the scripts.
D.
Sharing the scripts is not permitted
because it would mean that the
,An audit charter should: A. The audit charter should not be subject to
changes in technology and should not significantly
A. change over time. The charter should be approved at
be dynamic and change to coincide the highest level of management.
with the changing nature of
technology and the audit profession. B. An audit charter will state the authority and
reporting requirements for the audit but not the
B. details of maintenance of internal controls.
clearly state audit objectives for, and
the delegation of, authority to the C. An audit charter would not be at a detailed level
maintenance and review of internal and, therefore, would not include specific audit
controls. objectives or procedures.
C. CORRECT D. An audit charter should state
document the audit procedures management's objectives for and delegation of
designed to achieve the planned audit authority to IS auditors.
objectives.
D.
outline the overall authority, scope
and responsibilities of the audit
function.
, The PRIMARY advantage of a A. The continuous audit approach often does require
continuous audit approach is that it: an IS auditor to collect evidence on system reliability
while processing is taking place.
Select an answer:
A. CORRECT B. Continuous audit allows audit and
does not require an IS auditor to response to audit issues in a timely manner because
collect evidence on system reliability audit findings are gathered in near real time.
while processing is taking place.
C. Responsibility for enforcement and monitoring of
B. controls is primarily the responsibility of
allows the IS auditor to review and management.
follow up on audit issues in a timely
manner. D. The use of continuous audit is not based on the
complexity or number of systems being monitored.
C.
places the responsibility for
enforcement and monitoring of
controls on the security department
instead of audit.
D.
simplifies the extraction and
correlation of data from multiple and
complex systems.
400), CISA(401-500), CISA(501-600), CISA(601-700),
CISA(701-800), CISA(801-900), CISA(901-1000) Test
2 – Questions With Verified Solutions
Save
Terms in this set (1495)
,The internal audit department has A. The ability of IT to continuously monitor and
written some scripts that are used for address any issues on IT systems would not affect the
continuous auditing of some ability of IS audit to perform a comprehensive audit.
information systems. The IT
department has asked for copies of B. Sharing the scripts may be required by policy for
the scripts so that they can use them the sake of quality assurance and configuration
for setting up a continuous monitoring management, but that would not impair the ability to
process on key systems. Would audit.
sharing these scripts with IT affect the
ability of the IS auditors to CORRECT C. IS audit can still review all aspects of
independently and objectively audit the systems. They may not be able to review the
the IT function? effectiveness of the scripts themselves, but they can
still audit the systems.
Select an answer:
A. D. An audit of an IS system would encompass more
Sharing the scripts is not permitted than just the controls covered in the scripts.
because it would give IT the ability to
pre-audit systems and avoid an
accurate, comprehensive audit.
B.
Sharing the scripts is required
because IT must have the ability to
review all programs and software that
runs on IS systems regardless of audit
independence.
C.
Sharing the scripts is permissible as
long as IT recognizes that audits may
still be conducted in areas not
covered in the scripts.
D.
Sharing the scripts is not permitted
because it would mean that the
,An audit charter should: A. The audit charter should not be subject to
changes in technology and should not significantly
A. change over time. The charter should be approved at
be dynamic and change to coincide the highest level of management.
with the changing nature of
technology and the audit profession. B. An audit charter will state the authority and
reporting requirements for the audit but not the
B. details of maintenance of internal controls.
clearly state audit objectives for, and
the delegation of, authority to the C. An audit charter would not be at a detailed level
maintenance and review of internal and, therefore, would not include specific audit
controls. objectives or procedures.
C. CORRECT D. An audit charter should state
document the audit procedures management's objectives for and delegation of
designed to achieve the planned audit authority to IS auditors.
objectives.
D.
outline the overall authority, scope
and responsibilities of the audit
function.
, The PRIMARY advantage of a A. The continuous audit approach often does require
continuous audit approach is that it: an IS auditor to collect evidence on system reliability
while processing is taking place.
Select an answer:
A. CORRECT B. Continuous audit allows audit and
does not require an IS auditor to response to audit issues in a timely manner because
collect evidence on system reliability audit findings are gathered in near real time.
while processing is taking place.
C. Responsibility for enforcement and monitoring of
B. controls is primarily the responsibility of
allows the IS auditor to review and management.
follow up on audit issues in a timely
manner. D. The use of continuous audit is not based on the
complexity or number of systems being monitored.
C.
places the responsibility for
enforcement and monitoring of
controls on the security department
instead of audit.
D.
simplifies the extraction and
correlation of data from multiple and
complex systems.
