CISA Domain 1 questions with correct answers

Interviewing and Observing Personnel Correct Answer-Actual Functions - An adequate test to ensure that the individual who is assigned and authorized to perform a particular function is the person who is actually doing the job. Actual Processes and Procedures - allows the IS auditor to gain evidence of compliance and observe deviations, if any. Security Awareness - Should be observed to verify an individuals understanding and practice of good preventive and detective security measures. Reporting Relationships - Should be observed to ensure that assigned responsibilities and adequate segregation of duties are being practiced. Observation Drawbacks - The observer may interfere with the observed environment. People when observed may change their behaviors. Statistical Sampling Correct Answer-An objective (math based) method of determining the sample size and selection criteria Uses the mathematical laws of probability. IS auditor quantitatively decides how closely the sample should represent the population Nonstatistical Sampling Correct Answer-Use auditor judgement to determine the method of sampling. These judgements are based on subjective (decision based) judgement as to which items/transactions are the most material and most risky Attribute Sampling Correct Answer-Sampling model used to estimate the rate of occurrence of a specific quality in a population. Answers the question of "how many" Types: Stop-or-go Sampling - Sampling model that helps prevent excessive sampling of an attribute by allowing an audit test to be stopped at the earliest possible moment. Used when very few errors will be f