CISA exam

In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:A . mark the recommendation as satisfied and close the findingB . verify if management’s action mitigates the identified riskC . re-perform the audit...

Which of the following is the most important benefit of control self-assessment (CSA)? A. CSA is a policy/rule driven B. In CSA approach, risk is identified sooner C. CSA requires limited employee participations D. In CSA, resources are being used in an effective manner.View AnswerAnswer: B Explanation: Control self-assessment is...

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?A . The system does not have a maintenance planB . The system contains several minor defectsC . The system was over budget by 15%D . The system deployment was delayed by three weeksView AnswerAnswer:...

Which of the following audit mainly focuses on discovering and disclosing on frauds and crimes?A . Compliance AuditB . Financial AuditC . Integrated AuditD . Forensic auditView AnswerAnswer: D Explanation: Forensic audit is the activity that consists of gathering, verifying, processing, analyzing of and reporting on data in order to...

An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor’s BEST recommendation for the organization?A . Continue using the existing application since it meets the current requirementsB . Prepare a maintenance plan...

The MAIN benefit of using an integrated test facility (ITF) as an online auditing technique is that it enables:A . a cost-effective approach to application controls auditB . auditors to investigate fraudulent transactionsC . auditors to test without impacting production dataD . the integration of financial and audit testsView AnswerAnswer:...

Which of the following audit assess accuracy of financial reporting?A . Compliance AuditB . Financial AuditC . Operational AuditD . Forensic auditView AnswerAnswer: B Explanation: A financial audit, or more accurately, an audit of financial statements, is the verification of the financial statements of a legal entity, with a view...

An IS auditor reviewing a new application for compliance with information privacy principles should be the MOST concerned with:A . nonrepudiationB . collection limitationC . availabilityD . awarenessView AnswerAnswer: B

Sam is the security Manager of a financial institute. Senior management has requested he performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that risk mitigation...

Which of the following control is intended to discourage a potential attacker?A . DeterrentB . PreventiveC . CorrectiveD . RecoveryView AnswerAnswer: A Explanation: Deterrent Control are intended to discourage a potential attacker For your exam you should know below information about different security controls Deterrent Controls Deterrent Controls are intended...