The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1581
- Question
- Answer
- Explanation
- CISA Question 1582
- Question
- Answer
- Explanation
- CISA Question 1583
- Question
- Answer
- Explanation
- CISA Question 1584
- Question
- Answer
- Explanation
- CISA Question 1585
- Question
- Answer
- Explanation
- CISA Question 1586
- Question
- Answer
- Explanation
- CISA Question 1587
- Question
- Answer
- Explanation
- CISA Question 1588
- Question
- Answer
- Explanation
- CISA Question 1589
- Question
- Answer
- Explanation
- CISA Question 1590
- Question
- Answer
- Explanation
CISA Question 1581
Question
In-house personnel performing IS audits should possess which of the following knowledge and/or skills (Choose two.):
A. information systems knowledge commensurate with the scope of the IT environment in question
B. sufficient analytical skills to determine root cause of deficiencies in question
C. sufficient knowledge on secure system coding
D. sufficient knowledge on secure platform development
E. information systems knowledge commensurate outside of the scope of the IT environment in question
Answer
A. information systems knowledge commensurate with the scope of the IT environment in question
B. sufficient analytical skills to determine root cause of deficiencies in question
Explanation
Personnel performing IT audits should have information systems knowledge commensurate with the scope of the institution’s IT environment.
They should also possess sufficient analytical skills to determine the root cause of deficiencies.
CISA Question 1582
Question
The ability of the internal IS audit function to achieve desired objectives depends largely on:
A. the training of audit personnel
B. the background of audit personnel
C. the independence of audit personnel
D. the performance of audit personnel
E. None of the choices.
Answer
C. the independence of audit personnel
Explanation
The ability of the internal audit function to achieve desired objectives depends largely on the independence of audit personnel. Top management should ensure that the audit department does not participate in activities that may compromise its independence.
CISA Question 1583
Question
Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (Choose four.)
A. A maximum length for audit cycles.
B. The timing of risk assessments.
C. Documentation requirements.
D. Guidelines for handling special cases.
E. None of the choices.
Answer
A. A maximum length for audit cycles.
B. The timing of risk assessments.
C. Documentation requirements.
D. Guidelines for handling special cases.
Explanation
A well-written risk assessment guidelines should specify a maximum length for audit cycles based on the risk scores and the timing of risk assessments for each department or activity. There should be documentation requirements to support scoring decisions. There should also be guidelines for overriding risk assessments in special cases and the circumstances under which they can be overridden.
CISA Question 1584
Question
Your final audit report should be issued:
A. after an agreement on the observations is reached.
B. before an agreement on the observations is reached.
C. if an agreement on the observations cannot reached.
D. without mentioning the observations.
E. None of the choices.
Answer
A. after an agreement on the observations is reached.
Explanation
Reporting can take the forms of verbal presentation, an issue paper or a written audit report summarizing observations and management’s responses. After agreement is reached on the observations, a final report can be issued.
CISA Question 1585
Question
IS audits should be selected through a risk analysis process to concentrate on:
A. those areas of greatest risk and opportunity for improvements.
B. those areas of least risk and opportunity for improvements.
C. those areas of the greatest financial value.
D. areas led by the key people of the organization.
E. random events.
F. irregular events.
Answer
A. those areas of greatest risk and opportunity for improvements.
Explanation
Audits are typically selected through a risk analysis process to concentrate on those areas of greatest risk and opportunity for improvements.
Audit topics are supposed to be chosen based on potential for cost savings and service improvements.
CISA Question 1586
Question
What should be done to determine the appropriate level of audit coverage for an organization’s IT environment?
A. determine the company’s quarterly budget requirement.
B. define an effective assessment methodology.
C. calculate the company’s yearly budget requirement.
D. define an effective system upgrade methodology.
E. define an effective network implementation methodology.
Answer
B. define an effective assessment methodology.
Explanation
To determine the appropriate level of audit coverage for the organization’s IT environment, you must define an effective assessment methodology and provide objective information to prioritize the allocation of audit resources properly.
CISA Question 1587
Question
Which of the following correctly describes the purpose of an Electronic data processing audit?
A. to collect and evaluate evidence of an organization’s information systems, practices, and operations.
B. to ensure document validity.
C. to verify data accuracy.
D. to collect and evaluate benefits brought by an organization’s information systems to its bottom line.
E. None of the choices.
Answer
A. to collect and evaluate evidence of an organization’s information systems, practices, and operations.
Explanation
An Electronic data processing (EDP) audit is an IT audit. It is the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations.
CISA Question 1588
Question
The use of risk assessment tools for classifying risk factors should be formalized in your IT audit effort through:
A. the use of risk controls.
B. the use of computer assisted functions.
C. using computer assisted audit technology tools.
D. the development of written guidelines.
E. None of the choices.
Answer
D. the development of written guidelines.
Explanation
A successful risk-based IT audit program could be based on an effective scoring system. In establishing a scoring system, management should consider all relevant risk factors and avoid subjectivity. Auditors should develop written guidelines on the use of risk assessment tools and risk factors and review these guidelines with the audit committee.
CISA Question 1589
Question
A successful risk-based IT audit program should be based on:
A. an effective scoring system.
B. an effective PERT diagram.
C. an effective departmental brainstorm session.
D. an effective organization-wide brainstorm session.
E. an effective yearly budget.
F. None of the choices.
Answer
A. an effective scoring system.
Explanation
A successful risk-based IT audit program could be based on an effective scoring system. In establishing a scoring system, management should consider all relevant risk factors and avoid subjectivity. Auditors should develop written guidelines on the use of risk assessment tools and risk factors and review these guidelines with the audit committee.
CISA Question 1590
Question
Talking about application system audit, focus should always be placed on (Choose five.)
A. performance and controls of the system
B. the ability to limit unauthorized access and manipulation
C. input of data are processed correctly
D. output of data are processed correctly
E. changes to the system are properly authorized
F. None of the choices.
Answer
A. performance and controls of the system
B. the ability to limit unauthorized access and manipulation
C. input of data are processed correctly
D. output of data are processed correctly
E. changes to the system are properly authorized
Explanation
Talking about application system audit, focus should be placed on the performance and controls of the system, its ability to limit unauthorized access and manipulation, that input and output of data are processed correctly on the system, that any changes to the system are authorized, and that users have access to the system.