CISA EXAM 2 QUESTIONS AND
100% CORRECT ANSWERS!!
The final decision to include a material finding in an audit report should be made by the:
audit committee.
auditee's manager.
IS auditor.
chief executive officer of the organization.
C
An organization uses a bank to process its weekly payroll. Time sheets and payroll
adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to
the bank, which prepares checks and reports for distribution. To BEST ensure payroll data
accuracy:
payroll reports should be compared to input forms.
gross payroll should be recalculated manually.
checks should be compared to input forms.
checks should be reconciled with output reports.
A
An external IS auditor issues an audit report pointing out the lack of firewall protection
features at the perimeter network gateway and recommending a specific vendor product
to address this vulnerability. The IS auditor has failed to exercise: professional
independence.
organizational independence.
technical competence.
professional competence.
A
A long-term IT employee with a strong technical background and broad managerial
experience has applied for a vacant position in the IS audit department. Determining
,whether to hire this individual for this position should be PRIMARILYbased on the
individual's experience and:
length of service, because this will help ensure technical competence.
age, because training in audit techniques may be impractical.
IT knowledge, because this will bring enhanced credibility to the audit
function. ability,
D
During a risk analysis, an IS auditor identifies threats and potential impacts. Next, the
IS auditor should:
ensure the risk assessment is aligned to management's risk assessment process.
identify information assets and the underlying systems.
disclose the threats and impacts to management.
identify and evaluate the existing controls.
D
Which of the following controls would an IS auditor look for in an environment where
duties cannot be appropriately segregated? Overlapping controls
Boundary controls
Access controls
Compensating controls
D
In planning an IS audit, the MOST critical step is the identification of the:
areas of significant risk.
skill sets of the audit staff.
test steps in the audit.
time allotted for the audit.
A
, The purpose of a checksum on an amount field in an electronic data
interchange communication of financial transactions is to ensure: integrity.
authenticity.
authorization.
nonrepudiation.
A
While planning an IS audit, an assessment of risk should be made to provide:
reasonable assurance that the audit will cover material items.
definite assurance that material items will be covered during the audit work.
reasonable assurance that all items will be covered by the audit.
sufficient assurance that all items will be covered during the audit work.
A
An audit charter should:
be dynamic and change to coincide with the changing nature of technology and the
audit profession.
clearly state audit objectives for, and the delegation of, authority to the maintenance and
review of internal controls.
document the audit procedures designed to achieve the planned audit objectives.
outline the overall authority, scope and responsibilities of the audit function.
D
An IS auditor who has discovered unauthorized transactions during a review of electronic
data interchange (EDI) transactions is likely to recommend improving the: EDI trading
partner agreements.
physical controls for terminals.
authentication techniques for sending and receiving messages.
program change control procedures.
C
100% CORRECT ANSWERS!!
The final decision to include a material finding in an audit report should be made by the:
audit committee.
auditee's manager.
IS auditor.
chief executive officer of the organization.
C
An organization uses a bank to process its weekly payroll. Time sheets and payroll
adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to
the bank, which prepares checks and reports for distribution. To BEST ensure payroll data
accuracy:
payroll reports should be compared to input forms.
gross payroll should be recalculated manually.
checks should be compared to input forms.
checks should be reconciled with output reports.
A
An external IS auditor issues an audit report pointing out the lack of firewall protection
features at the perimeter network gateway and recommending a specific vendor product
to address this vulnerability. The IS auditor has failed to exercise: professional
independence.
organizational independence.
technical competence.
professional competence.
A
A long-term IT employee with a strong technical background and broad managerial
experience has applied for a vacant position in the IS audit department. Determining
,whether to hire this individual for this position should be PRIMARILYbased on the
individual's experience and:
length of service, because this will help ensure technical competence.
age, because training in audit techniques may be impractical.
IT knowledge, because this will bring enhanced credibility to the audit
function. ability,
D
During a risk analysis, an IS auditor identifies threats and potential impacts. Next, the
IS auditor should:
ensure the risk assessment is aligned to management's risk assessment process.
identify information assets and the underlying systems.
disclose the threats and impacts to management.
identify and evaluate the existing controls.
D
Which of the following controls would an IS auditor look for in an environment where
duties cannot be appropriately segregated? Overlapping controls
Boundary controls
Access controls
Compensating controls
D
In planning an IS audit, the MOST critical step is the identification of the:
areas of significant risk.
skill sets of the audit staff.
test steps in the audit.
time allotted for the audit.
A
, The purpose of a checksum on an amount field in an electronic data
interchange communication of financial transactions is to ensure: integrity.
authenticity.
authorization.
nonrepudiation.
A
While planning an IS audit, an assessment of risk should be made to provide:
reasonable assurance that the audit will cover material items.
definite assurance that material items will be covered during the audit work.
reasonable assurance that all items will be covered by the audit.
sufficient assurance that all items will be covered during the audit work.
A
An audit charter should:
be dynamic and change to coincide with the changing nature of technology and the
audit profession.
clearly state audit objectives for, and the delegation of, authority to the maintenance and
review of internal controls.
document the audit procedures designed to achieve the planned audit objectives.
outline the overall authority, scope and responsibilities of the audit function.
D
An IS auditor who has discovered unauthorized transactions during a review of electronic
data interchange (EDI) transactions is likely to recommend improving the: EDI trading
partner agreements.
physical controls for terminals.
authentication techniques for sending and receiving messages.
program change control procedures.
C
