ACC 516 Exam 1 - Ch.1 CISA Questions
Solved 100%
A1-1: The internal audit department has written some scripts that are used for
continuous auditing of some information systems. The IT department has asked for
copies of the script so that they can use them for setting up a continuous monitoring
process on key systems. Would sharing these with IT affect the ability of the IS
auditors to independently and objectively audit the IT function? - ANSWERC.
Sharing the scripts is permissible as long as IT recognizes that audits still may still
be conducted in areas not covered by the scripts.
A1-3: An IS auditor is developing and audit plan for an environment that includes
new systems. The company's management wants the IS auditor to focus on recently
implemented systems. How should the IS auditor respond? - ANSWERC. Determine
the highest risk systems and plan accordingly.
A1-4: An IS auditor revising security controls for a critical web based system prior to
implementation. The results of the of the penetration test of are inconclusive, and the
results will not be finalized prior to implementation. Which of the following is the
BEST option for the IS auditor? - ANSWERA. Publish a report based on the
available information, highlighting the potential security weakness and the
requirement for follow-up audit testing.
A1-2: Which of the following is the BEST factor for determining the required extent of
data collection during the planning phase of an IS compliance audit? - ANSWERC.
Purpose, objective and scope of the audit
A1-9: For a retail business with a large volume of transactions, which of the following
audit techniques is the MOST appropriate for addressing emerging risk? -
ANSWERD. Continuous auditing
A1-10: An IS auditor is reviewing access to an application to determine whether
recently added accounts were appropriately authorized. This is an example of: -
ANSWERC. Compliance Testing
A1-5: An IS auditor is verifying IT policies and found that some of the policies have
not been approved by management (as required by policy), but the employees
strictly follow the policies. What should the IS auditor do first? - ANSWERD. Report
the absence of document approval
A1-6: An IS auditor found that the enterprise architecture (EA) recently adopted by
an organization has an adequate current-state representation. However, the
organization has started a separate project to develop a future-state representation.
The IS auditor should: - ANSWERB. Report this issue as a finding in the audit report
Solved 100%
A1-1: The internal audit department has written some scripts that are used for
continuous auditing of some information systems. The IT department has asked for
copies of the script so that they can use them for setting up a continuous monitoring
process on key systems. Would sharing these with IT affect the ability of the IS
auditors to independently and objectively audit the IT function? - ANSWERC.
Sharing the scripts is permissible as long as IT recognizes that audits still may still
be conducted in areas not covered by the scripts.
A1-3: An IS auditor is developing and audit plan for an environment that includes
new systems. The company's management wants the IS auditor to focus on recently
implemented systems. How should the IS auditor respond? - ANSWERC. Determine
the highest risk systems and plan accordingly.
A1-4: An IS auditor revising security controls for a critical web based system prior to
implementation. The results of the of the penetration test of are inconclusive, and the
results will not be finalized prior to implementation. Which of the following is the
BEST option for the IS auditor? - ANSWERA. Publish a report based on the
available information, highlighting the potential security weakness and the
requirement for follow-up audit testing.
A1-2: Which of the following is the BEST factor for determining the required extent of
data collection during the planning phase of an IS compliance audit? - ANSWERC.
Purpose, objective and scope of the audit
A1-9: For a retail business with a large volume of transactions, which of the following
audit techniques is the MOST appropriate for addressing emerging risk? -
ANSWERD. Continuous auditing
A1-10: An IS auditor is reviewing access to an application to determine whether
recently added accounts were appropriately authorized. This is an example of: -
ANSWERC. Compliance Testing
A1-5: An IS auditor is verifying IT policies and found that some of the policies have
not been approved by management (as required by policy), but the employees
strictly follow the policies. What should the IS auditor do first? - ANSWERD. Report
the absence of document approval
A1-6: An IS auditor found that the enterprise architecture (EA) recently adopted by
an organization has an adequate current-state representation. However, the
organization has started a separate project to develop a future-state representation.
The IS auditor should: - ANSWERB. Report this issue as a finding in the audit report
