ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 12

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1211

Question

What type of approach to the development of organizational policies is often driven by risk assessment?

A. Bottom-up
B. Top-down
C. Comprehensive
D. Integrated

Answer

B. Top-down

Explanation

A bottom-up approach to the development of organizational policies is often driven by risk assessment.

CISA Question 1212

Question

A PRIMARY benefit derived by an organization employing control self-assessment (CSA) techniques is that CSA:

A. can identify high-risk areas for detailed review.
B. allows IS auditors to independently assess risk.
C. can be used as a replacement for traditional audits.
D. allows management to relinquish responsibility for control.

Answer

A. can identify high-risk areas for detailed review.

Explanation

CSA is predicated on the review of high-risk areas that either need immediate attention or a more thorough review at a later date. Choice B is incorrect, because CSA requires the involvement of auditors and line management. What occurs is that the internal audit function shifts some of the control monitoring responsibilities to the functional areas. Choice C is incorrect because CSA is not a replacement for traditional audits. CSA is not intended to replace audit’s responsibilities, but to enhance them. Choice D is incorrect, because CSA does not allow management to relinquish its responsibility for control.

CISA Question 1213

Question

What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?

A. Business risk
B. Detection risk
C. Residual risk
D. Inherent risk

Answer

B. Detection risk

Explanation

Detection risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist.

CISA Question 1214

Question

The use of statistical sampling procedures helps minimize:

A. Detection risk
B. Business risk
C. Controls risk
D. Compliance risk

Answer

A. Detection risk

Explanation

The use of statistical sampling procedures helps minimize detection risk.

CISA Question 1215

Question

After an IS auditor has identified threats and potential impacts, the auditor should:

A. Identify and evaluate the existing controls
B. Conduct a business impact analysis (BIA)
C. Report on existing controls
D. Propose new controls

Answer

A. Identify and evaluate the existing controls

Explanation

After an IS auditor has identified threats and potential impacts, the auditor should then identify and evaluate the existing controls.

CISA Question 1216

Question

How does the process of systems auditing benefit from using a risk-based approach to audit planning?

A. Controls testing starts earlier.
B. Auditing resources are allocated to the areas of highest concern.
C. Auditing risk is reduced.
D. Controls testing is more thorough.

Answer

B. Auditing resources are allocated to the areas of highest concern.

Explanation

Allocation of auditing resources to the areas of highest concern is a benefit of a risk-based approach to audit planning.

CISA Question 1217

Question

The PRIMARY purpose of audit trails is to:

A. improve response time for users.
B. establish accountability and responsibility for processed transactions.
C. improve the operational efficiency of the system.
D. provide useful information to auditors who may wish to track transactions

Answer

B. establish accountability and responsibility for processed transactions.

Explanation

Enabling audit trails helps in establishing the accountability and responsibility of processed transactions by tracing transactions through the system. The objective of enabling software to provide audit trails is not to improve system efficiency, since it often involves additional processing which may in fact reduce response time for users. Enabling audit trails involves storage and thus occupies disk space.

CISA Question 1218

Question

As compared to understanding an organization’s IT process from evidence directly collected, how valuable are prior audit reports as evidence?

A. The same value.
B. Greater value.
C. Lesser value.
D. Prior audit reports are not relevant.

Answer

C. Lesser value.

Explanation

Prior audit reports are considered of lesser value to an IS auditor attempting to gain an understanding of an organization’s IT process than evidence directly collected.

CISA Question 1219

Question

IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

A. True
B. False

Answer

A. True

Explanation

IS auditors are most likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. Think of it this way: If any reliance is placed on internal controls, that reliance must be validated through compliance testing. High control risk results in little reliance on internal controls, which results in additional substantive testing.

CISA Question 1220

Question

What is the primary objective of a control self-assessment (CSA) program?

A. Enhancement of the audit responsibility
B. Elimination of the audit responsibility
C. Replacement of the audit responsibility
D. Integrity of the audit responsibility

Answer

A. Enhancement of the audit responsibility

Explanation

Audit responsibility enhancement is an objective of a control self-assessment (CSA) program.