Doshi Aspects from CISA Exam
Perspective Questions &
Answers(RATED A+)
Who should approve the audit charter of an organization? - ANSWERSenior
management
What should the content of an audit charter be? - ANSWERThe scope, authority,
and responsibilities of the audit function
What is the prime reason for review of an organization chart? - ANSWERTo
understand the authority and responsibility of individuals
The actions of an IS auditor are primarily influenced by - ANSWERAudit charter
Which document provides the overall authority for an auditor to perform an audit? -
ANSWERAudit charter
What is the primary reason for the audit function directly reporting to the audit
committee? - ANSWERThe audit function must be independent of the business
function and should have direct access to the audit committee of the board
What is the first step in risk-based audit planning? - ANSWERTo identify areas of
high risk
What is a major benefit of risk-based audit planning? - ANSWERThe utilization of
resources for high-risk areas
What is the first step to conduct a data center review? - ANSWERTo evaluate
vulnerabilities and threats related to data center location
What is the major risk of EDI transactions? - ANSWERThe absence of agreement (in
the absence of a trading partner agreement, there could be uncertainty related to
specific legal liability).
What is the objective of encryption ? - ANSWERTo ensure the integrity and
confidentiality of transactions.
How are inbound t
In risk-based audit planning, an IS auditor's first step is to identify what? -
ANSWERHigh risk areas
Once threats and vulnerabilities are identified, what should be the next step? -
ANSWERIdentify and evaluate existing controls
ransactions controlled in an EDI environment? - ANSWERInbound transactions are
controlled via logs of the receipt of inbound transactions, the use of segment count
totals, and the use of check digits to detect transposition and transcription errors.
, What is the objective of key verification control? - ANSWERKey verification is a
method where data is entered a second time and compared with the initial data entry
to ensure that the data entered is correct. This is generally used in EFT transactions,
where another employee re-enters the same data to perform this check before any
money is transferred.
What is the objective of nonrepudiation? - ANSWERNom-repudiation ensures that a
transaction is enforceable and that the claimed sender cannot later deny generating
and sending the message.
What is the most important component of the artificial intelligence /expert system
area? - ANSWERKnowledge base (The knowledge base contains specific
information or fact patterns associated with a particular subject matter and the rules
for interpreting these facts; therefore, strict access control should be implemented
and monitored to ensure the integrity of the decision rules)
Segregation of duties is an example of which type of control? -
ANSWERPreventative Control
Controls that enable a risk or deficiency to be corrected before a loss occurs are
known as what? - ANSWERCorrective Control
Controls that directly mitigate a risk or lack of controls directly acting upon a risk are
know as what? - ANSWERCompensating Control
The most important step in a risk assessment is to identify - ANSWERThreats and
vulnerabilities
What is the advantage of risk based audit planning? - ANSWERResources can be
utilized for high risk areas
What does the level of protection of information assets depend on? -
ANSWERCriticality of assets
What is risk before controls are applied known as? - ANSWERInherent risk/gross
risk (after the implementation of controls, it is known as residual risk/net risk).
What does the information systems audit provide? - ANSWERReasonable
assurance about coverage of material items.
What is the first step of an audit project? - ANSWERTo develop an audit plan.
What is risk that is influenced by the actions of an auditor known as? -
ANSWERDetection risk
What is audit risk? - ANSWERAudit risk is the sum total of inherent risk, control risk,
and detection risk
What is risk the product of? - ANSWERProbability and impact
Perspective Questions &
Answers(RATED A+)
Who should approve the audit charter of an organization? - ANSWERSenior
management
What should the content of an audit charter be? - ANSWERThe scope, authority,
and responsibilities of the audit function
What is the prime reason for review of an organization chart? - ANSWERTo
understand the authority and responsibility of individuals
The actions of an IS auditor are primarily influenced by - ANSWERAudit charter
Which document provides the overall authority for an auditor to perform an audit? -
ANSWERAudit charter
What is the primary reason for the audit function directly reporting to the audit
committee? - ANSWERThe audit function must be independent of the business
function and should have direct access to the audit committee of the board
What is the first step in risk-based audit planning? - ANSWERTo identify areas of
high risk
What is a major benefit of risk-based audit planning? - ANSWERThe utilization of
resources for high-risk areas
What is the first step to conduct a data center review? - ANSWERTo evaluate
vulnerabilities and threats related to data center location
What is the major risk of EDI transactions? - ANSWERThe absence of agreement (in
the absence of a trading partner agreement, there could be uncertainty related to
specific legal liability).
What is the objective of encryption ? - ANSWERTo ensure the integrity and
confidentiality of transactions.
How are inbound t
In risk-based audit planning, an IS auditor's first step is to identify what? -
ANSWERHigh risk areas
Once threats and vulnerabilities are identified, what should be the next step? -
ANSWERIdentify and evaluate existing controls
ransactions controlled in an EDI environment? - ANSWERInbound transactions are
controlled via logs of the receipt of inbound transactions, the use of segment count
totals, and the use of check digits to detect transposition and transcription errors.
, What is the objective of key verification control? - ANSWERKey verification is a
method where data is entered a second time and compared with the initial data entry
to ensure that the data entered is correct. This is generally used in EFT transactions,
where another employee re-enters the same data to perform this check before any
money is transferred.
What is the objective of nonrepudiation? - ANSWERNom-repudiation ensures that a
transaction is enforceable and that the claimed sender cannot later deny generating
and sending the message.
What is the most important component of the artificial intelligence /expert system
area? - ANSWERKnowledge base (The knowledge base contains specific
information or fact patterns associated with a particular subject matter and the rules
for interpreting these facts; therefore, strict access control should be implemented
and monitored to ensure the integrity of the decision rules)
Segregation of duties is an example of which type of control? -
ANSWERPreventative Control
Controls that enable a risk or deficiency to be corrected before a loss occurs are
known as what? - ANSWERCorrective Control
Controls that directly mitigate a risk or lack of controls directly acting upon a risk are
know as what? - ANSWERCompensating Control
The most important step in a risk assessment is to identify - ANSWERThreats and
vulnerabilities
What is the advantage of risk based audit planning? - ANSWERResources can be
utilized for high risk areas
What does the level of protection of information assets depend on? -
ANSWERCriticality of assets
What is risk before controls are applied known as? - ANSWERInherent risk/gross
risk (after the implementation of controls, it is known as residual risk/net risk).
What does the information systems audit provide? - ANSWERReasonable
assurance about coverage of material items.
What is the first step of an audit project? - ANSWERTo develop an audit plan.
What is risk that is influenced by the actions of an auditor known as? -
ANSWERDetection risk
What is audit risk? - ANSWERAudit risk is the sum total of inherent risk, control risk,
and detection risk
What is risk the product of? - ANSWERProbability and impact
