FREE Certified Information Systems Auditor MCQ Questions and Answers

Question 1

The management is starting to wonder about the timeline and completion of an audit project that is going far too long. This audit might be deficient in:

Accepted Answer

Effective project management

Answer

When an audit project extends beyond its expected timeline and management expresses concern, it indicates a breakdown in the audit's planning, execution, or monitoring. Effective project management for an audit involves clearly defining scope, setting realistic timelines, allocating resources efficiently, and consistently tracking progress. A deficiency in these areas leads to delays and concerns about the project's completion.

Question 2

Which statement regarding the ISACA Audit Standards and Audit Guidelines is accurate?

Accepted Answer

ISACA Audit Standards are mandatory

Answer

ISACA's IT Audit and Assurance Standards are mandatory requirements for all ISACA members and certification holders, including CISA-certified professionals. These standards provide the foundational principles and requirements for conducting professional IS audits. While ISACA Audit Guidelines offer helpful advice and best practices, they are not mandatory.

Question 3

Can an auditor depend on the audit client's risk estimate for audit planning?

Accepted Answer

Yes, if the risk assessment was performed by a qualified external entity

Answer

An auditor can rely on a client's risk assessment for audit planning, but only under specific conditions. The assessment must have been performed by a qualified external entity, ensuring objectivity and adherence to professional standards. However, the auditor must still exercise professional skepticism and evaluate the adequacy and appropriateness of the client's assessment before incorporating it into their own audit plan.

Question 4

The user account request and fulfillment process is being audited by an auditor. The auditor cannot inspect every transaction in the event population because there are hundreds of them. A random sample of transactions and some of the transactions for privileged access requests are wanted by the auditor. This kind of sampling is referred to as:

Accepted Answer

Judgmental sampling

Answer

Judgmental sampling involves the auditor using their professional expertise and knowledge to select specific items for examination. In this scenario, the auditor is not only taking a random sample but also specifically choosing transactions related to privileged access requests due to their higher risk. This deliberate selection based on auditor judgment, rather than purely statistical methods or stratification, characterizes judgmental sampling.

Question 5

A plan for an audit is being created by an auditor for the accounts payment function. The auditor wishes to choose transactions from low, medium, and big payment amounts rather than randomly choosing transactions to investigate. Which example methodology fits this approach the best?

Accepted Answer

Stratified sampling

Answer

Stratified sampling involves dividing the entire population into distinct, homogeneous subgroups (strata) based on specific characteristics, and then drawing samples from each stratum. By choosing transactions from low, medium, and big payment amounts, the auditor is creating strata based on transaction value. This method ensures that all relevant categories are represented in the sample, providing a more comprehensive and targeted review.

CISA - Certified Information Systems Auditor Practice Test

CISA - Certified Information Systems Auditor Practice Test

FREE Certified Information Systems Auditor MCQ Questions and Answers