CISA questions WithnCorrect
Solutions!!
What is the definition of audit? - ANSWERAuditing is a detailed and specific
evaluation of a process, procedure, organization, job function, or system, in which
results are gathered and reported.
What is the purpose of ethics? - ANSWERTo mandate the professional and personal
conduct of auditors
According to the ISACA Code of Ethics is an auditor allowed to share the results of
an audit with other personnel? - ANSWERThe auditor must maintain confidentiality
of the audit unless required by legal authority
Should the IS audit plan be integrated into the overall audit plan for the organization?
- ANSWERThe IS Audit function must fulfill all organizational audit objectives.
An IS Auditor is best advised to follow the standards provided by ISACA for
conducting an planning IS Audits - ANSWERISACA audit standards are
recommendations for planning IS audits.
ISACA Audit standard S2 Independence refers to what? - ANSWERAn Auditor
should be independent of the area being audited
Standard S4 Professional Competence, requires the auditor to have the skills to
conduct the audit? - ANSWERappropriate continuing professional education
The basis for an audit plan should be what? - ANSWERRisk
Audit findings and conclusions are supported by what? - ANSWEREvidence
Once an audit is completed and submitted does the auditor have any further
responsibility? - ANSWERYes, the auditor should follow up to ensure that
management addressed any audit issues in a timely manner
IT governance means: - ANSWERThe IT function aligns with business mission,
values and objectives
When an auditor uses the assistance of outside experts, what obligations does the
auditor have to review the work of the experts? - ANSWERThe auditor must apply
additional test procedures if the work of outside experts is not adequate
When an auditor is planning an information system audit and suspects a potential
control weakness, what are they obligated to do? - ANSWERThe auditor must
consider the materiality of the weakness and plan the audit accordingly.
, What role does risk assessment have in audit planning? - ANSWERRisk assessment
is used to determine the priorities for audit and allocation of audit resources.
What steps should an auditor take when a material irregularity is discovered? -
ANSWERThe auditor should communicate the irregularity to management in a timely
manner
What is the risk to an audit if unusual relationships exist between staff members in
the area being audited? - ANSWERThe auditor may be provided inaccurate
evidence
True or False? Supervision of the information systems audit staff should not be
necessary if the staff is adequately trained and experienced - ANSWERTrue
Relationships with third parties may: - ANSWERRequire the organization to comply
with the security standards of the third party
True or False? The organization does not have to worry about the impact of third
party relationships on the security program - ANSWERFalse
The role of an Information Systems Security Steering Committee is to: -
ANSWERProvide feedback from all areas of the organization
The most effective tool a security department has is: - ANSWERA security
awareness program
The role of Audit in relation to Information Security is: - ANSWERThe validate the
effectiveness of the security program against established metrics
Who should be responsible for development of a risk management strategy? -
ANSWERThe Security Manager
The security requirements of each member of the organization should be
documented in: - ANSWERTheir job descriptions
True/False: The only real risk mitigation technique is based on effective
implementation of technical controls. - ANSWERFalse
Should a risk assessment consider controls that are planned but not yet
implemented? - ANSWERYes, because it would not be appropriate to recommend
implementing controls that are already planned
What could be the greatest challenge to implementing a new security strategy? -
ANSWERObtaining buy-in from employees
Which forms of wireless media operate only when there are no obstacles in the
transmission path? - ANSWERSpread spectrum
Solutions!!
What is the definition of audit? - ANSWERAuditing is a detailed and specific
evaluation of a process, procedure, organization, job function, or system, in which
results are gathered and reported.
What is the purpose of ethics? - ANSWERTo mandate the professional and personal
conduct of auditors
According to the ISACA Code of Ethics is an auditor allowed to share the results of
an audit with other personnel? - ANSWERThe auditor must maintain confidentiality
of the audit unless required by legal authority
Should the IS audit plan be integrated into the overall audit plan for the organization?
- ANSWERThe IS Audit function must fulfill all organizational audit objectives.
An IS Auditor is best advised to follow the standards provided by ISACA for
conducting an planning IS Audits - ANSWERISACA audit standards are
recommendations for planning IS audits.
ISACA Audit standard S2 Independence refers to what? - ANSWERAn Auditor
should be independent of the area being audited
Standard S4 Professional Competence, requires the auditor to have the skills to
conduct the audit? - ANSWERappropriate continuing professional education
The basis for an audit plan should be what? - ANSWERRisk
Audit findings and conclusions are supported by what? - ANSWEREvidence
Once an audit is completed and submitted does the auditor have any further
responsibility? - ANSWERYes, the auditor should follow up to ensure that
management addressed any audit issues in a timely manner
IT governance means: - ANSWERThe IT function aligns with business mission,
values and objectives
When an auditor uses the assistance of outside experts, what obligations does the
auditor have to review the work of the experts? - ANSWERThe auditor must apply
additional test procedures if the work of outside experts is not adequate
When an auditor is planning an information system audit and suspects a potential
control weakness, what are they obligated to do? - ANSWERThe auditor must
consider the materiality of the weakness and plan the audit accordingly.
, What role does risk assessment have in audit planning? - ANSWERRisk assessment
is used to determine the priorities for audit and allocation of audit resources.
What steps should an auditor take when a material irregularity is discovered? -
ANSWERThe auditor should communicate the irregularity to management in a timely
manner
What is the risk to an audit if unusual relationships exist between staff members in
the area being audited? - ANSWERThe auditor may be provided inaccurate
evidence
True or False? Supervision of the information systems audit staff should not be
necessary if the staff is adequately trained and experienced - ANSWERTrue
Relationships with third parties may: - ANSWERRequire the organization to comply
with the security standards of the third party
True or False? The organization does not have to worry about the impact of third
party relationships on the security program - ANSWERFalse
The role of an Information Systems Security Steering Committee is to: -
ANSWERProvide feedback from all areas of the organization
The most effective tool a security department has is: - ANSWERA security
awareness program
The role of Audit in relation to Information Security is: - ANSWERThe validate the
effectiveness of the security program against established metrics
Who should be responsible for development of a risk management strategy? -
ANSWERThe Security Manager
The security requirements of each member of the organization should be
documented in: - ANSWERTheir job descriptions
True/False: The only real risk mitigation technique is based on effective
implementation of technical controls. - ANSWERFalse
Should a risk assessment consider controls that are planned but not yet
implemented? - ANSWERYes, because it would not be appropriate to recommend
implementing controls that are already planned
What could be the greatest challenge to implementing a new security strategy? -
ANSWERObtaining buy-in from employees
Which forms of wireless media operate only when there are no obstacles in the
transmission path? - ANSWERSpread spectrum
