CISA - Chapter 1 Questions With
Solutions!!
Audit Charter
(P.32) - ANSWERThe overarching document that outlines the scope, authority, and
responsibilities of the internal audit function. (General audits)
Engagement Letter
(P.32) - ANSWERThe overarching document that outlines the scope, authority, and
responsibilities of the external audit function. (Focused audits)
Detective Controls
(P.43) - ANSWERUse controls that detect and report the occurrence of an error,
omission, or malicious act.
Corrective Controls
(P.43) - ANSWERCorrect errors arising from a problem; modify the processing
system(s) to minimize future occurrence of problems.
Risk Factors
(P.33) - ANSWERFactors that influence the frequency and/or impact of risk
scenarios (e.g., reputation).
*High- damage lasting 6+ months
*Med- 3-6 months to recover
*Low- Less than 3 months to recover
General Standards
(P.36)
-ISACA Standards & Guidelines 1/3- - ANSWERThe guiding principles under with
the IS assurance professional operates. Conduct, ethics, independence, objectivity
and due care, knowledge, competency and skill.
Performance Standards
(P.36)
-ISACA Standards & Guidelines 2/3- - ANSWERDeal with the conduct of the
assignment - planning, scoping, risk and materiality, resource mobilization,
supervision and assignment management, evidence, and the exercising of
professional judgment and due care.
IT Risk Framework - ANSWERIntegrates management of IT risk into overall
enterprise risk management in order to make well informed decisions about the
extent, appetite, tolerances of risk.
Risk-Based Audit
, (P.48-57) - ANSWERUsed to assess risks and to assist auditor in making the
decision to perform compliance/substantive testing.
ITAF
(P.40-41) - ANSWERComprehensive reference model that establishes standards by
general, performance, or reporting, and defines terms and concepts specific to IT.
Internal Controls
(P.42) - ANSWERPolicies, procedures, practices, and organizational structures that
are implemented to reduce risk.
Preventive Controls
(P.43) - ANSWERDetect problems before they arise, monitors both operations and
inputs, attempts to predict potential problems before they occur and adjust
accordingly, prevent and error, omission, or malicious act.
Reporting Standards
(P.36)
-ISACA Standards & Guidelines 3/3- - ANSWERAddress the types of reports, means
of communication, and the information being communicated.
Risk Analysis
(P.41) - ANSWERThe initial steps of risk management: analyzing the value of assets
to the business, identifying threats to those assets and evaluating how vulnerable
each asset is to those threats.
IS Control Objective
(P.43) - ANSWERStatements of the desired result or purpose to be achieved by
implementing a controls around IS processes.
COBIT 5
(P.44) - ANSWERFramework that assists enterprises in achieving their objectives for
the governance and management of enterprise IT (GEIT).
Governance
(P.44) - ANSWEREnsures that stakeholders needs, conditions, and options are
evaluated to determine balanced, agreed-on enterprise objectives to be achieve
Operational Controls
(P.45) - ANSWERControls around day to day operations; to ensure that all
objectives are achieved
Administrative Controls
(P.45) - ANSWERControls around operational efficiency.
Organizational Security
(P.45) - ANSWERControls around the proper usage of assets.
Solutions!!
Audit Charter
(P.32) - ANSWERThe overarching document that outlines the scope, authority, and
responsibilities of the internal audit function. (General audits)
Engagement Letter
(P.32) - ANSWERThe overarching document that outlines the scope, authority, and
responsibilities of the external audit function. (Focused audits)
Detective Controls
(P.43) - ANSWERUse controls that detect and report the occurrence of an error,
omission, or malicious act.
Corrective Controls
(P.43) - ANSWERCorrect errors arising from a problem; modify the processing
system(s) to minimize future occurrence of problems.
Risk Factors
(P.33) - ANSWERFactors that influence the frequency and/or impact of risk
scenarios (e.g., reputation).
*High- damage lasting 6+ months
*Med- 3-6 months to recover
*Low- Less than 3 months to recover
General Standards
(P.36)
-ISACA Standards & Guidelines 1/3- - ANSWERThe guiding principles under with
the IS assurance professional operates. Conduct, ethics, independence, objectivity
and due care, knowledge, competency and skill.
Performance Standards
(P.36)
-ISACA Standards & Guidelines 2/3- - ANSWERDeal with the conduct of the
assignment - planning, scoping, risk and materiality, resource mobilization,
supervision and assignment management, evidence, and the exercising of
professional judgment and due care.
IT Risk Framework - ANSWERIntegrates management of IT risk into overall
enterprise risk management in order to make well informed decisions about the
extent, appetite, tolerances of risk.
Risk-Based Audit
, (P.48-57) - ANSWERUsed to assess risks and to assist auditor in making the
decision to perform compliance/substantive testing.
ITAF
(P.40-41) - ANSWERComprehensive reference model that establishes standards by
general, performance, or reporting, and defines terms and concepts specific to IT.
Internal Controls
(P.42) - ANSWERPolicies, procedures, practices, and organizational structures that
are implemented to reduce risk.
Preventive Controls
(P.43) - ANSWERDetect problems before they arise, monitors both operations and
inputs, attempts to predict potential problems before they occur and adjust
accordingly, prevent and error, omission, or malicious act.
Reporting Standards
(P.36)
-ISACA Standards & Guidelines 3/3- - ANSWERAddress the types of reports, means
of communication, and the information being communicated.
Risk Analysis
(P.41) - ANSWERThe initial steps of risk management: analyzing the value of assets
to the business, identifying threats to those assets and evaluating how vulnerable
each asset is to those threats.
IS Control Objective
(P.43) - ANSWERStatements of the desired result or purpose to be achieved by
implementing a controls around IS processes.
COBIT 5
(P.44) - ANSWERFramework that assists enterprises in achieving their objectives for
the governance and management of enterprise IT (GEIT).
Governance
(P.44) - ANSWEREnsures that stakeholders needs, conditions, and options are
evaluated to determine balanced, agreed-on enterprise objectives to be achieve
Operational Controls
(P.45) - ANSWERControls around day to day operations; to ensure that all
objectives are achieved
Administrative Controls
(P.45) - ANSWERControls around operational efficiency.
Organizational Security
(P.45) - ANSWERControls around the proper usage of assets.
