Could You Pass This CISA Certification Test? Trivia Quiz.
Some of the benefits of being a qualified Certified Information System Auditor is that you can maximise people’s earning potentials. You can also erect a high level of sophistication and discipline, which will help you in the handling of sensitive and classified information with a great of care and secretion. This quiz is aimed at testing your knowledge on CISA auditing.
- 1.
The PRIMARY reason an IS auditor performs a functional walkthrough during the preliminary phase of an audit assignment is to:
- A.
Plan substantive testing.
- B.
Comply with auditing standards.
- C.
Understand the business process
- D.
Identify control weakness.
Correct Answer
C. Understand the business processExplanation
During the preliminary phase of an audit assignment, an IS auditor performs a functional walkthrough primarily to understand the business process. This involves gaining a comprehensive understanding of how the system and its components operate, the flow of data, and the interdependencies between various processes. By conducting a functional walkthrough, the auditor can identify the key activities, controls, and potential risks associated with the business process, which in turn helps in planning the substantive testing and identifying any control weaknesses that may exist. Complying with auditing standards is important but not the primary reason for conducting a functional walkthrough.Rate this question:
-
- 2.
In the process of evaluating program change controls, an IS auditor would use source code comparison software to:
- A.
Examine source program changes without information from IS personnel.
- B.
Detect a source program change made between acquiring a copy of the source and the comparison run.
- C.
Confirm that the control copy is the current version of the production program.
- D.
Ensure that all changes made in the current source copy are detected.
Correct Answer
A. Examine source program changes without information from IS personnel.Explanation
Source code comparison software is used by an IS auditor to examine source program changes without relying on information from IS personnel. This software allows the auditor to compare the current version of the source code with a previous version, highlighting any changes that have been made. By using this software, the auditor can independently verify the accuracy and completeness of the program changes without relying on potentially biased or incomplete information from IS personnel.Rate this question:
-
- 3.
An IS auditor issues an audit report pointing out the lack of firewall protection features at the perimeter network gateway and recommends a vendor product to address this vulnerability. The IS auditor has failed to exercise:
- A.
Professional competence
- B.
Technical competence.
- C.
Organisational independence.
- D.
Professional independence.
Correct Answer
D. Professional independence.Explanation
The IS auditor has failed to exercise professional independence. Professional independence refers to the ability of the auditor to maintain an unbiased and objective approach in their audit activities. In this scenario, the auditor recommends a specific vendor product to address the firewall protection features, which may indicate a lack of impartiality and independence. The auditor should have provided a more neutral recommendation, such as suggesting multiple vendor options or recommending a thorough evaluation of different products to address the vulnerability.Rate this question:
-
- 4.
The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:
- A.
Comply with regulatory requirements.
- B.
Provide a basis for drawing reasonable conclusions
- C.
Ensure complete audit coverage.
- D.
Perform the audit according to the defined scope
Correct Answer
B. Provide a basis for drawing reasonable conclusionsExplanation
The most important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to provide a basis for drawing reasonable conclusions. This means that the auditor needs to gather enough evidence that is relevant and reliable in order to support their conclusions about the effectiveness and efficiency of the information systems being audited. Without sufficient and appropriate audit evidence, the auditor's conclusions may be unfounded or inaccurate, which could lead to incorrect assessments of risk and inadequate recommendations for improvement. Therefore, obtaining the right kind and amount of evidence is crucial for ensuring the credibility and validity of the audit process.Rate this question:
-
- 5.
Which one do you like?
- A.
Include the statement of management in the audit report.
- B.
Reconfirm with management the usage of the software.
- C.
Discuss the issue with senior management since reporting this could have a negative impact on the organisation.
- D.
Identify whether such software is, indeed, being used by the organisation.
Correct Answer
D. Identify whether such software is, indeed, being used by the organisation.Explanation
The correct answer is "Identify whether such software is, indeed, being used by the organization." This answer is the most appropriate because it directly addresses the question of whether the software is being used by the organization. The other options involve actions such as including a statement in the audit report, reconfirming with management, or discussing the issue with senior management, which may be important steps but do not directly answer the question of whether the software is being used.Rate this question:
-
- 6.
An IS auditor interviewing a payroll clerk finds that the answers do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should:
- A.
Conclude that the controls are inadequate.
- B.
Expand the scope to include substantive testing.
- C.
Suspend the audit
- D.
Place greater reliance on previous audits.
Correct Answer
B. Expand the scope to include substantive testing.Explanation
The IS auditor should expand the scope to include substantive testing because the payroll clerk's answers do not align with the job descriptions and documented procedures. Substantive testing involves obtaining evidence to evaluate the accuracy and completeness of data, which can help identify any control deficiencies or potential fraud. By expanding the scope to include substantive testing, the auditor can gather more information and assess the effectiveness of controls in place. This will provide a more comprehensive understanding of the payroll processes and help identify any areas of concern.Rate this question:
-
- 7.
When performing a computer forensic investigation, in regard to the evidence gathered, an IS auditor should be MOST concerned with:
- A.
Analysis.
- B.
Preservation.
- C.
Evaluation.
- D.
Disclosure.
Correct Answer
B. Preservation.Explanation
In computer forensic investigations, preservation of evidence is of utmost importance. The IS auditor needs to ensure that the evidence collected is not tampered with, altered, or destroyed in any way. Preservation involves securing and protecting the evidence to maintain its integrity and authenticity. It includes taking proper measures to prevent unauthorized access, maintaining chain of custody, and creating backup copies of the evidence. By prioritizing preservation, the IS auditor can ensure that the evidence remains intact and can be effectively analyzed, evaluated, and disclosed as needed during the investigation process.Rate this question:
-
- 8.
While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the:
- A.
Audit trail of the versioning of the work papers.
- B.
Approval of the audit phases.
- C.
Access rights to the work papers.
- D.
Confidentiality of the work papers.
Correct Answer
D. Confidentiality of the work papers.Explanation
The fact that the sensitive electronic work papers were not encrypted means that they are vulnerable to unauthorized access. This lack of encryption compromises the confidentiality of the work papers, as anyone who gains access to them can view their contents. Encryption is an essential security measure to protect sensitive information and ensure that only authorized individuals can access it. Therefore, the correct answer is the confidentiality of the work papers.Rate this question:
-
- 9.
Which of the following is an advantage of an integrated test facility (ITF)?
- A.
It uses actual master files or dummies, and the IS auditor does not have to review the source of the transaction.
- B.
Periodic testing does not require separate test processes.
- C.
It validates application systems and tests the ongoing operation of the system.
- D.
The need to prepare test data is eliminated.
Correct Answer
B. Periodic testing does not require separate test processes.Explanation
An integrated test facility (ITF) is a testing environment that uses actual master files or dummies, eliminating the need for the IS auditor to review the source of the transaction. This allows for more accurate testing of the application systems and ongoing operation of the system. Additionally, the ITF also eliminates the need to prepare test data, making the testing process more efficient. However, the advantage mentioned in the correct answer is that periodic testing does not require separate test processes, which further enhances the efficiency of the testing process.Rate this question:
-
- 10.
An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:
- A.
Review data file access records to test the librarian function.
- B.
Compare utilization records to operations schedules.
- C.
Interview programmers about the procedures currently being followed.
- D.
Evaluate the record retention plans for off-premises storage.
Correct Answer
C. Interview programmers about the procedures currently being followed.Explanation
To determine whether access to program documentation is restricted to authorized persons, the IS auditor would most likely interview programmers about the procedures currently being followed. By conducting interviews, the auditor can gather information about the existing processes and controls in place to restrict access to program documentation. This will help the auditor assess whether the procedures are effective in ensuring that only authorized individuals have access to the documentation. Reviewing data file access records, comparing utilization records to operations schedules, and evaluating record retention plans for off-premises storage are not directly related to determining access restrictions to program documentation.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 22, 2023Quiz Edited by
ProProfs Editorial Team -
Jun 22, 2019Quiz Created by
AdewumiKoju
- ACA Quizzes
- ACCA Quizzes
- ACE Quizzes
- BCBA Quizzes
- CCP Quizzes
- CDC Quizzes
- CDCs Quizzes
- CISCO Quizzes
- CISSP Quizzes
- CompTIA Quizzes
- CPA Quizzes
- CPAT Quizzes
- CPFA Quizzes
- CPP Quizzes
- CPT Quizzes
- CSA Quizzes
- CSET Quizzes
- CST Quizzes
- CSWIP Quizzes
- FTCE Quizzes
- HIPAA Quizzes
- IAHCSMM Quizzes
- ISTQB Quizzes
- LEED Ga Quizzes
- MBLEx Quizzes
- NCIDQ Quizzes
- PMP Quizzes
- PRAXIS Quizzes
- PTCB Quizzes
- Six Sigma Quizzes
- TEAS Quizzes
Back to top