IT AudITing CISA Trivia Questions! Quiz
Quite a number of growing companies are coming to understand the importance of CISA; therefore it is mandatory for their intending employee to pass the Certified Information System Auditors. The program is ideal for managers, system administrators, technical staff, security professionals and auditors. This short will test knowledge on Certified Information System Auditors.
- 1.
When selecting audit procedures, an IS auditor should use professional judgment to ensure that:
- A.
All significant deficiencies identified will be corrected within a reasonable period.
- B.
All material weaknesses will be identified.
- C.
Sufficient evidence will be collected.
- D.
Audit costs will be kept at a lower level.
Correct Answer
C. Sufficient evidence will be collected.Explanation
An IS auditor should use professional judgment to ensure that sufficient evidence will be collected. This is because the purpose of an audit is to gather evidence and evaluate it in order to form an opinion on the adequacy and effectiveness of controls, as well as to identify any areas of concern. Without sufficient evidence, the auditor will not be able to make informed conclusions or recommendations. Therefore, it is crucial for the auditor to prioritize the collection of appropriate and relevant evidence during the audit process.Rate this question:
-
- 2.
The PRIMARY goal of an IS auditor during the planning stage of an IS audit, is to:
- A.
Address audit objectives.
- B.
Collect sufficient evidence.
- C.
Specify appropriate tests.
- D.
Minimize audit resources
Correct Answer
A. Address audit objectives.Explanation
During the planning stage of an IS audit, the primary goal of an IS auditor is to address audit objectives. This means that the auditor needs to identify and understand the specific goals and objectives of the audit in order to plan the audit activities accordingly. By addressing audit objectives, the auditor can ensure that the audit is focused and targeted towards achieving the desired outcomes. This helps in determining the scope of the audit, identifying the key areas to be assessed, and planning the necessary audit procedures and tests to be performed.Rate this question:
-
- 3.
An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:
- A.
The auditor wishes to avoid sampling risk.
- B.
Generalized audit software is unavailable.
- C.
The probability of error must be objectively quantified.
- D.
The tolerable error rate cannot be determined.
Correct Answer
C. The probability of error must be objectively quantified.Explanation
Statistical sampling is used when the probability of error needs to be objectively quantified. This method allows the auditor to select a sample size based on statistical calculations, ensuring a representative sample that can provide a reliable estimate of the population. On the other hand, judgment sampling relies on the auditor's subjective judgment, which may introduce bias and increase the risk of sampling errors. Therefore, in situations where objectivity and quantification of error probability are crucial, statistical sampling is the preferred approach.Rate this question:
-
- 4.
While planning an audit, an assessment of risk should be made to provide:
- A.
Definite assurance that material items will be duly covered during the auditing.
- B.
Reasonable assurance that the audit will cover material items.
- C.
Reasonable assurance that the auditor will duly cover all items.
- D.
Sufficient assurance that all items will be duly covered during the audit work
Correct Answer
B. Reasonable assurance that the audit will cover material items.Explanation
When planning an audit, it is important to assess the risk in order to provide reasonable assurance that the audit will cover material items. This means that the auditor aims to address the significant and important areas of the financial statements and related transactions, ensuring that the audit work is focused on areas that have a higher risk of material misstatement. By focusing on material items, the auditor can provide reasonable assurance to stakeholders that the financial statements are free from material misstatements and are reliable.Rate this question:
-
- 5.
In planning an audit, the MOST critical step is the identification of the:
- A.
Skill sets of the audit staff.
- B.
Test steps in the audit.
- C.
Time allotted for the audit.
- D.
Areas of high risk.
Correct Answer
D. Areas of high risk.Explanation
In planning an audit, the identification of areas of high risk is the most critical step. This is because it allows the auditor to focus their efforts and resources on the areas that are most likely to contain material misstatements or fraud. By identifying these high-risk areas, the auditor can then develop appropriate audit procedures and allocate sufficient time and resources to address the identified risks effectively. This step is crucial in ensuring that the audit is conducted efficiently and effectively, and that the auditor can provide reasonable assurance on the fairness of the financial statements.Rate this question:
-
- 6.
To ensure that audit resources deliver the best value to the organization, the FIRST step would be to:
- A.
Schedule the audits and monitor the time incurred on each audit.
- B.
Train the IS auditing staff on current technology used in the company.
- C.
Develop the audit plan based on a detailed risk assessment.
- D.
Monitor the progress of audits and initiate cost control measures.
Correct Answer
C. Develop the audit plan based on a detailed risk assessment.Explanation
The first step to ensure that audit resources deliver the best value to the organization is to develop the audit plan based on a detailed risk assessment. This step is crucial because it helps identify the areas of highest risk and prioritize them for audit. By conducting a risk assessment, the organization can allocate its resources effectively and focus on the areas that are most critical. This ensures that the audits are targeted and provide valuable insights to the organization. Scheduling audits, training staff, and monitoring progress are important steps, but they should come after the audit plan is developed based on risk assessment.Rate this question:
-
- 7.
An IS auditor evaluating logical access controls should FIRST:
- A.
Obtain an understanding of the security risks to information processing.
- B.
Test controls over the access paths to determine if they are functional or not.
- C.
Evaluate the security environment regarding written policies and practices.
- D.
Document the controls that will be applied to the potential access paths to the system.
Correct Answer
A. Obtain an understanding of the security risks to information processing.Explanation
The first step for an IS auditor evaluating logical access controls is to obtain an understanding of the security risks to information processing. This is important because it allows the auditor to identify potential vulnerabilities and threats that could compromise the security of the system. By understanding the security risks, the auditor can then develop an appropriate audit plan and prioritize their evaluation of controls. This step also helps in determining the scope of the audit and focusing on areas that pose the highest risk to information processing.Rate this question:
-
- 8.
The extent to which data will be collected during an IS audit should be determined based on the: Mark one answer:
- A.
Auditee's ability to find relevant evidence.
- B.
Auditor's familiarity with the circumstances.
- C.
Purpose and scope of the audit are done.
- D.
Availability of critical and required information.
Correct Answer
C. Purpose and scope of the audit are done.Explanation
The extent to which data will be collected during an IS audit should be determined based on the purpose and scope of the audit. This means that the data collection should align with the specific objectives and boundaries set for the audit. The purpose and scope define what areas or processes will be examined and what goals the audit aims to achieve. Therefore, the data collection should be tailored to gather relevant information that supports the audit's purpose and scope.Rate this question:
-
- 9.
When an IS auditor is evaluating the management's risk assessment of information systems. What should the IS auditor review first?
- A.
The effectiveness of the controls in place.
- B.
The mechanism for monitoring the risks which are related to the assets.
- C.
The threats/vulnerabilities affecting the assets.
- D.
The controls already in place.
Correct Answer
C. The threats/vulnerabilities affecting the assets.Explanation
The IS auditor should review the threats/vulnerabilities affecting the assets first because understanding the potential risks and vulnerabilities is crucial in evaluating the management's risk assessment. By identifying and assessing the threats and vulnerabilities, the auditor can determine the effectiveness of the controls in place and the mechanism for monitoring risks. This review helps the auditor gain insights into the overall risk landscape and enables them to provide valuable recommendations for improving the management's risk assessment of information systems.Rate this question:
-
- 10.
To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:
- A.
The entire message and thereafter enciphering the message digest using the sender’s private key.
- B.
Any arbitrary part of the message and thereafter enciphering the message digest using the sender’s private key.
- C.
The entire message and thereafter enciphering the message using the sender’s private key.
- D.
The entire message and thereafter enciphering the message along with the message digest using the sender’s private key.
Correct Answer
A. The entire message and thereafter encipHering the message digest using the sender’s private key.Explanation
To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against the entire message. The message digest acts as a unique identifier for the message. Then, the sender enciphers the message digest using their private key. This process ensures that the message cannot be tampered with and verifies the authenticity of the sender. By encrypting the message digest with the sender's private key, it can be decrypted using the corresponding public key, confirming that the message has not been altered and was indeed sent by the claimed sender.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Jun 22, 2019Quiz Created by
AdewumiKoju
- ACA Quizzes
- ACCA Quizzes
- ACE Quizzes
- BCBA Quizzes
- CCP Quizzes
- CDC Quizzes
- CDCs Quizzes
- CISCO Quizzes
- CISSP Quizzes
- CompTIA Quizzes
- CPA Quizzes
- CPAT Quizzes
- CPFA Quizzes
- CPP Quizzes
- CPT Quizzes
- CSA Quizzes
- CSET Quizzes
- CST Quizzes
- CSWIP Quizzes
- FTCE Quizzes
- HIPAA Quizzes
- IAHCSMM Quizzes
- ISTQB Quizzes
- LEED Ga Quizzes
- MBLEx Quizzes
- NCIDQ Quizzes
- PMP Quizzes
- PRAXIS Quizzes
- PTCB Quizzes
- Six Sigma Quizzes
- TEAS Quizzes
Back to top