Certified Information Systems Auditor (CISA) - Mock Exam 6
Certified Information Systems Auditor (CISA) - Mock Exam 6
Certified Information Systems Auditor (CISA) - Mock Exam 6
3. Which of the following sampling methods is most useful when testing for
compliance?
a. Attribute sampling
b. Variable sampling
c. Stratified mean per unit
d. Difference estimation
4. Which of the following is the most likely reason e-mail systems have
become a valuable source of evidence for litigation?
a. Multiple cycles of backup files remain available.
b. Access controls establish accountability for e-mail activities.
c. Data classification regulates what information should be
communicated via e-mail.
d. Within the enterprise, a clear policy for using e-mail ensures that
evidence is available.
5. The primary advantage of a continuous audit approach is that it
_______________________.
a. Does not require an IS auditor to collect evidence on system
reliability while processing is taking place.
b. Requires the IS auditor to review and follow up immediately on all
information collected.
c. Can improve system security when used in time-sharing
environments that process a large number of transactions.
d. Does not depend on the complexity of an organisation's computer
system.
6. To ensure that audit resources deliver the best value to the organisation,
the first step would be to _____________________
a. Schedule the audits and monitor the time spent on each audit.
b. Train the IS audit staff on current technology used in the
company.
c. Develop the audit plan based on a detailed risk assessment.
d. Monitor the progress of audits and initiate cost control measures.
12. Which of the following would normally be the most reliable evidence
for an auditor?
a. A confirmation letter received from a third party verifying an
account balance.
b. Assurance from line management that an application is working as
designed.
c. Trend data obtained from World Wide Web (Internet) sources.
d. Ratio analysts developed by the IS auditor from reports supplied
by line management.
13. Which of the following would be the best population to take a sample
from when testing program changes?
a. Test library listings
b. Source program listings
c. Program change requests
d. Production library listings
16. The best method of proving the accuracy of a system tax calculation is
by _______________.
a. Detailed visual review and analysis of the source code of the
calculation programs.
b. Recreating program logic using generalised audit software to
calculate monthly total.
c. Preparing simulated transactions for processing and comparing
the results to predetermined result.
d. Automatic flowcharting and analysis of the source code of the
calculation program.
17. In an audit of an inventory application, which approach would provide
the best evidence that purchase orders are valid?
a. Testing whether inappropriate personnel can change application
parameters.
b. Tracing purchase orders to a computer listing.
c. Comparing receiving reports to purchase order details.
d. Reviewing the application documentation.
18. Which of the following online auditing techniques is most effective for
the early detection of errors or irregularities?
a. Embedded audit module
b. Integrated test facility
c. Snapshots
d. Audit hooks
20. Which of the following audit techniques would BEST aid an auditor in
determining whether there have been unauthorised program changes
since the last authorised program update?
a. Test data run
b. Code review
c. Automated code comparison
d. Review of code migration procedures
21. During a change control audit of a production system, an IS auditor finds
that the change management process is not formally documented and
that some migration procedures failed. What should the IS auditor do
next?
a. Recommend redesigning the change management process.
b. Gain more assurance on the findings through root cause analysis.
c. Recommend that program migration be stopped until the change
process is documented.
d. Document the finding and present it to management.
23. The final decision to include a material finding in an audit report should
be made by the __________________.
a. Audit committee
b. Auditee's manage
c. IS auditor
d. CEO of the organisation
24. Effective IT governance will ensure that the IT plan is consistent with the
organisation's____________________.
a. Business plan
b. Audit plan
c. Security plan
d. Investment plan
25. IT governance is primarily the responsibility of the ________________.
a. Chief executive office
b. Board of director
c. IT steering committee
d. Audit committee
34. Which of the following would an IS auditor consider the MOST relevant
to short-term planning for an IS department?
a. Allocating resources.
b. Keeping current with technology advances.
c. Conducting control self-assessment.
d. Evaluating hardware needs.
38. When developing a formal enterprise security program, the most critical
success factor (CSF) would be the_________________.
a. Establishment of a review boar
b. Creation of a security unit.
c. Effective support of an executive sponsor.
d. Selection of a security process owned.