CISA exam

Which of the following statement INCORRECTLY describes the traditional audit approach in comparison to the Control self-assessment approach?A . In traditional approach, Staffs at all level, in all functions, are the primary control analyst.B . Traditional approach assigns duties/supervises staffC . Traditional approach is a policy driven approachD . Traditional...

An auditor notes the administrator user ID is shared among three financial managers to perform month-end updates. Which of the following is the BEST recommendation to ensure the administrator ID in the financial system is controlled effectively?A . Implement use of individual software tokensB . Conduct employee awareness trainingC ....

Which of the following audit techniques is MOST appropriate for verifying application program controls?A . Statistical samplingB . Code reviewC . Confirmation of accountsD . Use of test dataView AnswerAnswer: D

An IS auditor is reviewing an organization’s network vulnerability scan results. Which of the following processes would the scan results MOST likely feed into?A . Firewall maintenanceB . Patch managementC . Incident responseD . Traffic managementView AnswerAnswer: A

Which of the following is the BEST way to facilitate proper follow-up for audit findings?A . Schedule a follow-up audit for two weeks after the initial audit was completed.B . Conduct a surprise audit to determine whether remediation is in progress.C . Conduct a follow-up audit when findings escalate to...

While planning a security audit, an IS auditor is made aware of a security review carried out by external consultants. It is MOST important for the auditor to:A . re-perform the security review.B . accept the findings and conclusions of the consultants.C . review similar reports issued by the consultants.D...

An organization is considering outsourcing the processing of customer insurance claims. An IS auditor notes that customer data will be sent offshore for processing. Which of the following would be the BEST way to address the risk of exposing customer data?A . Require background checks on all service provider personnel...

An IS auditor submitted audit reports and scheduled a follow-up audit engagement with a client. The client has requested to engage the services of the same auditor to develop enhanced controls. What is the GREATEST concern with this request?A . It would require the approval of the audit manager.B ....

An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor’s BEST recommendation for the organization?A . Continue using the existing application since it meets the current requirementsB . Prepare a maintenance plan...

Which of the following audit include specific tests of control to demonstrate adherence to specific regulatory or industry standard?A . Compliance AuditB . Financial AuditC . Operational AuditD . Forensic auditView AnswerAnswer: A A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security...