FREE Certified Information Systems Auditor Trivia Questions and Answers

Question 1

An auditor is reviewing the background check procedure while inspecting a company's hiring procedure.
The auditor is primarily concerned with whether background checks are conducted on all employees and whether the results of those checks result in decisions not to hire someone.
Which of the following methods for gathering evidence will support this audit goal?

Accepted Answer

Get a copy of the background check ledger that lists the names of the applicants, the findings of the background checks, and the choices to hire or not to hire.

Answer

Request the full contents of background checks along with hire/no-hire decisions.

Answer

Examine the background check procedure and make a note of the qualities that are mentioned for each candidate.

Answer

Request the hire/no-hire decisions from the auditee.

Question 2

Which risk categories should be taken into account when planning an audit, as per ISACA Audit Standard 1202?

Accepted Answer

Business risk

Answer

Cybersecurity risk

Answer

Fraud risk

Answer

Financial risk

Question 3

Which of the following best exemplifies a user account provisioning process control self-assessment?

Accepted Answer

Reconciliation of all user account changes with ticketing system requests that have been granted

Answer

Verifies that user account updates were only made by authorized persons

Answer

Active Directory should be checked to make sure that only domain administrators can modify user account permissions.

Answer

Verification that the right people approved all changes to user accounts

Question 4

What could happen if an IS auditor breaks the ISACA Code of Professional Ethics when they are members of ISACA and CISA certified?

Accepted Answer

Loss of ISACA certifications

Answer

Imprisonment

Answer

Termination of employment

Answer

Fines

Question 5

The audit client argues with the conclusions after receiving a Sarbanes-Oxley audit report from an auditor that lists 12 exceptions. The unhappy audit customer demands a $25,000 fee in exchange for the removal of any six conclusions from the report. The validity of each of the 12 findings was confirmed after a review of the audit findings. How ought the auditor to move forward?

Accepted Answer

The auditor should report the matter to his or her manager.

Answer

The auditor should reject the payment and remove six of the findings.

Answer

The auditor should report the incident to the audit client's audit committee.

Answer

The auditor should reject the payment and meet the auditee halfway by removing three of the findings.

Question 6

An audit of a change control procedure is being conducted. The control owner provided the following description of the procedure during a walkthrough: "Before Wednesday at 5 o'clock, engineers organize their changes and email the IT manager to inform them. The engineers then carry out their modifications on Friday night during the change window." What conclusions, if any, should the auditor mention?

Accepted Answer

The change control process lacks review and approval steps.

Answer

The change control process is fine as is, but could be improved by creating a ledger of changes.

Answer

The change control process is fine as is.

Answer

The change control process lacks a review step.

Question 7

The audit charter ought to:

Accepted Answer

outline the overall authority, scope and responsibilities of the audit function.

Answer

document the audit procedures designed to achieve the planned audit objectives.

Answer

be dynamic and change to coincide with the changing nature of technology and the audit profession.

Answer

clearly state audit objectives for, and the delegation of, authority to the maintenance and review of internal controls