CISA Certification - Chapter 1 Auditing
Process Correct 100%
Audit Function - ANSWEREnsures that the diverse tasks performed and achieved by
the audit team will fulfill objectives, while preserving audit independence and
competence.
Information Systems - ANSWERThe combination of strategic, managerial, and
operational activities involved in gathering, processing, storing, distributing and using
information and its related technologies.
Information Technology - ANSWERThe hardware, software, communication and
other facilities used to input, store, process, transmit and output data in whatever
form.
IS vs. IT - ANSWERInformation System has an IT component that interacts with the
process components.
IS Audit - ANSWERThe formal examination, interview and/or testing of information
systems determining IS compliance, IS data and info appropriate levels of CIA, and
IS operations are efficient and excellent.
Audit Charter - ANSWERAn overarching document that covers the entire scope of
audit activities in an entity.
Engagement Letter - ANSWERFocused on a particular audit exercise that is sought
to be initiated in an organization with a specific objective in mind.
Short-term Audit Planning - ANSWERTakes into account audit issues that will be
covered during the year.
Long-term Audit Planning - ANSWERTake into account risk-related issues regarding
changes in the organization's IT strategic direction that will affect the organization's
IT environment.
Audit Universe - ANSWERLists all of the processes that may be considered for audit.
Legal Requirements - ANSWERLaw, regulatory and contractual agreements placed
on audit or IS audit, and legal requirements placed on the auditee and its systems,
data management, reporting, etc. This impacts the audit scope and audit objectives.
Legal Issues - ANSWERImpact the organization's business operations in terms of
compliance with ergonomic regulations, HIPAA, Protection of Personal Data
Directives and Electronic Commerce within the European Community, and fraud
prevention within banking organizations.
Standards - ANSWERTo be followed by the IS auditor.
, Guidelines - ANSWERProvide assistance on how the auditor can implement
standards in various audit assignments.
Tools and techniques - ANSWERNot intended to provide exhaustive guidance to the
auditor when performing an audit. Provide examples of steps the auditor may follow
in specific audit assignments to implement the standards.
Risk Analysis - ANSWERPart of audit planning and helps identify risk and
vulnerabilities so the IS auditor can determine the controls needed to mitigate risk.
Risk - ANSWERThe combination of the probability of an event and its consequence.
Adverse impact(s) that could occur to organizational operations (including mission,
functions, image, reputation), organizational assets, individuals, other organizations
due to the potential for unauthorized access, use, disclosure, disruption,
modification, or destruction of information and/or information systems.
ITAF - ANSWERA comprehensive and good practice setting reference model.
Business Risk - ANSWERMay negatively impact the assets, processes or objectives
of a specific business or organization.
Internal Controls - ANSWERComposed of policies, procedures, practices and
organizational structures that are implemented to reduce risk to the organization.
Developed to provide reasonable assurance to management that the organization's
business objectives will be achieved and risk events will be prevented, or detected
and corrected.
Control Objectives - ANSWERStatements of the desired result or purpose to be
achieved by implementing control activities (procedures). Also it refers to how an
internal control should function.
COBIT 5 - ANSWERProvides a comprehensive framework that assists enterprises in
achieving their objectives for the governance and management of enterprise IT
(GEIT). It helps enterprises create optimal value from IT by maintaining a balance
between realizing benefits and optimizing risk levels and resource use.
Governance - ANSWEREnsures that stakeholder needs, conditions and options are
evaluated to determine balanced, agreed-on enterprise objectives to be achieved;
setting direction through prioritization and decision making; and monitoring
performance and compliance against agreed-on direction and objectives.
Specialized Audits - ANSWERSpecialized reviews examining areas such as services
performed by third parties.
Forensic Audits - ANSWERSpecialized in discovering, disclosing and following up on
fraud and crimes. The purpose is the development of evidence for review by law
enforcement and judicial authorities.
Process Correct 100%
Audit Function - ANSWEREnsures that the diverse tasks performed and achieved by
the audit team will fulfill objectives, while preserving audit independence and
competence.
Information Systems - ANSWERThe combination of strategic, managerial, and
operational activities involved in gathering, processing, storing, distributing and using
information and its related technologies.
Information Technology - ANSWERThe hardware, software, communication and
other facilities used to input, store, process, transmit and output data in whatever
form.
IS vs. IT - ANSWERInformation System has an IT component that interacts with the
process components.
IS Audit - ANSWERThe formal examination, interview and/or testing of information
systems determining IS compliance, IS data and info appropriate levels of CIA, and
IS operations are efficient and excellent.
Audit Charter - ANSWERAn overarching document that covers the entire scope of
audit activities in an entity.
Engagement Letter - ANSWERFocused on a particular audit exercise that is sought
to be initiated in an organization with a specific objective in mind.
Short-term Audit Planning - ANSWERTakes into account audit issues that will be
covered during the year.
Long-term Audit Planning - ANSWERTake into account risk-related issues regarding
changes in the organization's IT strategic direction that will affect the organization's
IT environment.
Audit Universe - ANSWERLists all of the processes that may be considered for audit.
Legal Requirements - ANSWERLaw, regulatory and contractual agreements placed
on audit or IS audit, and legal requirements placed on the auditee and its systems,
data management, reporting, etc. This impacts the audit scope and audit objectives.
Legal Issues - ANSWERImpact the organization's business operations in terms of
compliance with ergonomic regulations, HIPAA, Protection of Personal Data
Directives and Electronic Commerce within the European Community, and fraud
prevention within banking organizations.
Standards - ANSWERTo be followed by the IS auditor.
, Guidelines - ANSWERProvide assistance on how the auditor can implement
standards in various audit assignments.
Tools and techniques - ANSWERNot intended to provide exhaustive guidance to the
auditor when performing an audit. Provide examples of steps the auditor may follow
in specific audit assignments to implement the standards.
Risk Analysis - ANSWERPart of audit planning and helps identify risk and
vulnerabilities so the IS auditor can determine the controls needed to mitigate risk.
Risk - ANSWERThe combination of the probability of an event and its consequence.
Adverse impact(s) that could occur to organizational operations (including mission,
functions, image, reputation), organizational assets, individuals, other organizations
due to the potential for unauthorized access, use, disclosure, disruption,
modification, or destruction of information and/or information systems.
ITAF - ANSWERA comprehensive and good practice setting reference model.
Business Risk - ANSWERMay negatively impact the assets, processes or objectives
of a specific business or organization.
Internal Controls - ANSWERComposed of policies, procedures, practices and
organizational structures that are implemented to reduce risk to the organization.
Developed to provide reasonable assurance to management that the organization's
business objectives will be achieved and risk events will be prevented, or detected
and corrected.
Control Objectives - ANSWERStatements of the desired result or purpose to be
achieved by implementing control activities (procedures). Also it refers to how an
internal control should function.
COBIT 5 - ANSWERProvides a comprehensive framework that assists enterprises in
achieving their objectives for the governance and management of enterprise IT
(GEIT). It helps enterprises create optimal value from IT by maintaining a balance
between realizing benefits and optimizing risk levels and resource use.
Governance - ANSWEREnsures that stakeholder needs, conditions and options are
evaluated to determine balanced, agreed-on enterprise objectives to be achieved;
setting direction through prioritization and decision making; and monitoring
performance and compliance against agreed-on direction and objectives.
Specialized Audits - ANSWERSpecialized reviews examining areas such as services
performed by third parties.
Forensic Audits - ANSWERSpecialized in discovering, disclosing and following up on
fraud and crimes. The purpose is the development of evidence for review by law
enforcement and judicial authorities.
