The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3161
- Question
- Answer
- CISA Question 3162
- Question
- Answer
- CISA Question 3163
- Question
- Answer
- CISA Question 3164
- Question
- Answer
- CISA Question 3165
- Question
- Answer
- CISA Question 3166
- Question
- Answer
- CISA Question 3167
- Question
- Answer
- CISA Question 3168
- Question
- Answer
- CISA Question 3169
- Question
- Answer
- CISA Question 3170
- Question
- Answer
CISA Question 3161
Question
An IS audit manager is preparing the staffing plan for an audit engagement of a cloud service provider. What should be the manager’s PRIMARY concern when made aware that a new auditor in the department previously worked for this provider?
A. Competency
B. Independence
C. Integrity
D. Professional conduct
Answer
C. Integrity
CISA Question 3162
Question
A bank’s web-hosting provider has just completed an internal IT security audit and provides only a summary of the findings to the bank’s auditor.
Which of the following should be the bank’s GREATEST concern?
A. The bank’s auditors are not independent of the service provider
B. The audit scope may not have addressed critical areas
C. The audit may be duplicative of the bank’s internal audit procedures
D. The audit procedures are not provided to the bank
Answer
A. The bank’s auditors are not independent of the service provider
CISA Question 3163
Question
Which of the following should be the PRIMARY role of an internal audit function in the management of identified business risks?
A. Operating the risk management framework
B. Establishing a risk appetite
C. Establishing a risk management framework
D. Validating enterprise risk management (ERM)
Answer
D. Validating enterprise risk management (ERM)
CISA Question 3164
Question
An IS auditor informed that several spreadsheets are being used to generate key financial information. What should the auditor verify FIRST?
A. Whether the spreadsheets meet the minimum IT general controls requirements
B. Whether the spreadsheets are being formally reviewed by the chief financial officer (CFO)
C. Whether there is a complete inventory of end-user computing (EUC) spreadsheets
D. Whether adequate documentation and training is available for spreadsheets users
Answer
C. Whether there is a complete inventory of end-user computing (EUC) spreadsheets
CISA Question 3165
Question
What is the MAIN purpose of an organization’s internal IS audit function?
A. Provide assurance to management about the effectiveness of the organization’s risk management and internal controls.
B. Identify and initiate necessary changes in the control environment to help ensure sustainable improvement.
C. Review the organization’s policies and procedures against industry best practice and standards.
D. Independently attest the organization’s compliance with applicable legal and regulatory requirements.
Answer
B. Identify and initiate necessary changes in the control environment to help ensure sustainable improvement.
CISA Question 3166
Question
Which of the following is the PRIMARY purpose of conducting follow-up audits for material observations?
A. To validate the correctness of reported findings
B. To assess the risk of the audit environment
C. To assess evidence for management reporting
D. To validate remediation efforts
Answer
D. To validate remediation efforts
CISA Question 3167
Question
An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between two systems?
A. Unauthorized alteration of account attributes
B. Inaccuracy of financial reporting
C. Inability to support new business transactions
D. Double-posting of a single journal entry
Answer
B. Inaccuracy of financial reporting
CISA Question 3168
Question
When reviewing a data classification scheme, it is MOST important for an IS auditor to determine if:
A. each information asset is assigned to a different classification.
B. senior IT managers are identified as information owners.
C. the security criteria are clearly documented for each classification.
D. the information owner is required to approve access to the asset.
Answer
C. the security criteria are clearly documented for each classification.
CISA Question 3169
Question
Internal audit is conducting an audit of customer transaction risk. Which of the following would be the BEST reason to use data analytics?
A. Transactional data is contained in multiple discrete systems that have varying levels of reliability
B. Anomalies and risk trends in the data set have yet to be defined
C. The audit is being performed to comply with regulations requiring periodic random sample testing
D. The audit focus is on a small number of predefined high-risk transactions
Answer
C. The audit is being performed to comply with regulations requiring periodic random sample testing
CISA Question 3170
Question
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization’s payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application.
The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
A. Transfer the assignment to a different audit manager despite lack of IT project management experience
B. Have a senior IS auditor manage the project with the IS audit manager performing final review
C. Outsource the audit to independent and qualified resources
D. Manage the audit since there is no one else with the appropriate experience
Answer
B. Have a senior IS auditor manage the project with the IS audit manager performing final review