Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 30

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3161

Question

An IS audit manager is preparing the staffing plan for an audit engagement of a cloud service provider. What should be the manager’s PRIMARY concern when made aware that a new auditor in the department previously worked for this provider?

A. Competency
B. Independence
C. Integrity
D. Professional conduct

Answer

C. Integrity

CISA Question 3162

Question

A bank’s web-hosting provider has just completed an internal IT security audit and provides only a summary of the findings to the bank’s auditor.
Which of the following should be the bank’s GREATEST concern?

A. The bank’s auditors are not independent of the service provider
B. The audit scope may not have addressed critical areas
C. The audit may be duplicative of the bank’s internal audit procedures
D. The audit procedures are not provided to the bank

Answer

A. The bank’s auditors are not independent of the service provider

CISA Question 3163

Question

Which of the following should be the PRIMARY role of an internal audit function in the management of identified business risks?

A. Operating the risk management framework
B. Establishing a risk appetite
C. Establishing a risk management framework
D. Validating enterprise risk management (ERM)

Answer

D. Validating enterprise risk management (ERM)

CISA Question 3164

Question

An IS auditor informed that several spreadsheets are being used to generate key financial information. What should the auditor verify FIRST?

A. Whether the spreadsheets meet the minimum IT general controls requirements
B. Whether the spreadsheets are being formally reviewed by the chief financial officer (CFO)
C. Whether there is a complete inventory of end-user computing (EUC) spreadsheets
D. Whether adequate documentation and training is available for spreadsheets users

Answer

C. Whether there is a complete inventory of end-user computing (EUC) spreadsheets

CISA Question 3165

Question

What is the MAIN purpose of an organization’s internal IS audit function?

A. Provide assurance to management about the effectiveness of the organization’s risk management and internal controls.
B. Identify and initiate necessary changes in the control environment to help ensure sustainable improvement.
C. Review the organization’s policies and procedures against industry best practice and standards.
D. Independently attest the organization’s compliance with applicable legal and regulatory requirements.

Answer

B. Identify and initiate necessary changes in the control environment to help ensure sustainable improvement.

CISA Question 3166

Question

Which of the following is the PRIMARY purpose of conducting follow-up audits for material observations?

A. To validate the correctness of reported findings
B. To assess the risk of the audit environment
C. To assess evidence for management reporting
D. To validate remediation efforts

Answer

D. To validate remediation efforts

CISA Question 3167

Question

An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between two systems?

A. Unauthorized alteration of account attributes
B. Inaccuracy of financial reporting
C. Inability to support new business transactions
D. Double-posting of a single journal entry

Answer

B. Inaccuracy of financial reporting

CISA Question 3168

Question

When reviewing a data classification scheme, it is MOST important for an IS auditor to determine if:

A. each information asset is assigned to a different classification.
B. senior IT managers are identified as information owners.
C. the security criteria are clearly documented for each classification.
D. the information owner is required to approve access to the asset.

Answer

C. the security criteria are clearly documented for each classification.

CISA Question 3169

Question

Internal audit is conducting an audit of customer transaction risk. Which of the following would be the BEST reason to use data analytics?

A. Transactional data is contained in multiple discrete systems that have varying levels of reliability
B. Anomalies and risk trends in the data set have yet to be defined
C. The audit is being performed to comply with regulations requiring periodic random sample testing
D. The audit focus is on a small number of predefined high-risk transactions

Answer

C. The audit is being performed to comply with regulations requiring periodic random sample testing

CISA Question 3170

Question

An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization’s payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application.
The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?

A. Transfer the assignment to a different audit manager despite lack of IT project management experience
B. Have a senior IS auditor manage the project with the IS audit manager performing final review
C. Outsource the audit to independent and qualified resources
D. Manage the audit since there is no one else with the appropriate experience

Answer

B. Have a senior IS auditor manage the project with the IS audit manager performing final review

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker