CISA Flashcards-Domain 1





[qdeck random=”true” card_back=”none” align=”center” scroll=”true” style=”border-color: #00ff00 !important;”] [q] Audit Charter should be static in nature and should be changed only if change can be thoroughly justified.  True or False.

[a] True

 

[q] The risk that an activity would pose if no controls or other mitigating factors were in place (the gross risk or risk before controls) is called:

 

[a] Inherent Risk

[q] For compliance testing which samplin

g method is more useful ? (a) Variable Sampling (b) Attribute Sampling

[a] Attribute Sampling

[q] The risk that remains after controls are taken into account (the net risk or risk after controls) is called:

[a] Residual Risk

[q] Risk that a misstatement could occur but may not be detected and corrected or prevented by entity’s internal control mechanism is called

[a] Control Risk

[q] For compliance testing which sampling method is more useful ? (a) Variable Sampling (b) Attribute Sampling

[a] Attribute Sampling

[q] Which testing involves checking the details of the transactions? (a) Compliance testing or (b) Substantive testing

[a] Substantive testing

[q] What should be  role of an IS auditor in a control self-assessment (CSA) process?

[a] As a facilitator

[q] Purpose of CSA is to: (a) enhance the audit responsibilities or (b) replace the audit function.

 

[a]  enhance the audit responsibilities

[q] Sampling method to be used when the probability of error must be objectively quantified (i.e no subjectivity is involved).

[a] Statistical sampling

[q] For substantive testing which sampling method is more useful ? (a) Variable Sampling  (b)Attribute Sampling

[a] Variable Sampling

[q] For higher confidence coefficient sample size should be (a) high or (b) low

[a] High

[q] For compliance testing which sampling method is more useful ? (a) Variable Sampling (b) Attribute Sampling

[a] Attribute Sampling

[q] First step of Risk Assessment is to (a) identify the risk or (b) identify the assets.

[a] Identify the Assets

[q] __________ is a weakness or gap in our protection efforts. It can be in form of weak coding, missing anti-virus, weak access control and other related factors. It can be controlled by us.

(a)vulnerability or (b) threat

[a] Vulnerability

[q] What are the objective of control self assessment?

[a] Threat

[q] What is the most important success factor for CSA?

[a] Involvement of Line Management.

[q] What are the objective of control self assessment?

[a]  (i)To concentrate on areas of high risk and (ii) To enhance control monitoring by functional staff.

[q] In any given scenario, compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents i.e. test of individual transactions. True or False

[a] True

[q] Audit Charter should include detailed yearly audit calendar, audit planning, yearly resource allocation and other routine audit activities. True or False

[a] False

[q]An IS auditor should use statistical sampling and not judgment (non-statistical) sampling, when:

 

[a]the probability of error must be objectively quantified.

 

[q]An audit charter should document the audit procedures designed to achieve the planned audit objectives.

 

True or False

 

 

[a]False

 

 

[q]An integrated test facility is considered a useful audit tool because it uses the sprograms to compare processing using independently calculated data.

 

 

True or False

 

 

[a]True

 

[q]The PRIMARY purpose of an audit charter is to: (a) describe the authority and responsibilities of the audit department.  Or (b) formally document the audit department’s plan of action.

[a] (a) describe the authority and responsibilities of the audit department.

 

[q]Which of the following is an objective of a control self-assessment (CSA) program?

(a) Concentration on areas of high risk  Or  (b) Replacement of audit responsibilities

[a] (a) Concentration on areas of high risk

[q] Which of the following online auditing techniques is most effective for the early detection of errors or irregularities?

(a) Embedded audit module Or (b) Audit hooks

 

[a] Audit hooks

 

[q] Risk assessment is:

 

(a) subjective. (b)objective.

[a] (a) subjective.

 

[q] Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

(a)A substantive test of program library controls (b)A compliance test of program library controls (c) A compliance test of the program compiler controls (d) A substantive test of the program compiler controls

 

[a] (b)A compliance test of program library controls

 

[q] The PRIMARY objective of an IS audit function is to:

 

(a) determine whether information systems safeguard assets and maintain data integrity Or (b) determine the ability of the organization to detect fraud.

 

[a] (a) determine whether information systems safeguard assets and maintain data integrity

 

[q] Which of the following is a substantive test?

 

(a)Checking a list of exception reports  (b)Using a statistical sample to inventory the tape library

 

[a] Using a statistical sample to inventory the tape library

[q] Overall business risk for a particular threat can be expressed as:

(a) a product of the probability and impact. Or (b) probability of occurrence.

[a] a product of the probability and impact.

[q] In __________ testing we gather evidence with the objective of testing an organization’s compliance with control procedures.

(a)Compliance testing Or (b) Substantive testing

[a] Compliance testing

[q] In __________testing, we gather evidence to evaluate the integrity of data, a transaction or other information.

(a)Compliance testing Or (b) Substantive testing

[a] Substantive testing

[q] __________ testing checks for the presence of controls whereas __________ testing checks the integrity of contents.

[a] Compliance testing checks for the presence of controls whereas substantive testing checks the integrity of contents.
[q]Evidence gathering to evaluate the integrity of individual transactions, data or other information is called __________ testing whereas evidence gathering for the purpose of testing an organization’s compliance with control procedures is called __________ testing.

[a]Evidence gathering to evaluate the integrity of individual transactions, data or other information is called substantive testing whereas evidence gathering for the purpose of testing an organization’s compliance with control procedures is called compliance testing.

[q]The document used by the top management of organizations to delegate authority to the IS audit function is known as __________.
[a] audit charter.
[q]__________ is a technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the organization’s risk management and control processes.
[a] Control self-assessment (CSA)

[q]Confidence coefficient is a probability that sample are true representation of the population.

(i)When internal controls are strong, confidence coefficient /sample size may be __________

(ii) When internal controls are weak, confidence coefficient /sample size need to be __________

[a](i)When internal controls are strong, confidence coefficient /sample size may be lowered.

(ii) When internal controls are weak, confidence coefficient /sample size need to be increased.

[q]

(i)__________ sampling is used when an auditor is trying to determine whether a type of event has occurred, and therefore it is suited to assess the risk of fraud and to identify whether a single occurrence has taken place.

(ii)__________sampling is used when auditor believes that very few errors will be found. It prevents excessive sampling by allowing an audit test to be stopped at the earliest possible moment.

[a]
(i)Discovery sampling is used when an auditor is trying to determine whether a type of event has occurred, and therefore it is suited to assess the risk of fraud and to identify whether a single occurrence has taken place.

(ii)Stop-or-go-sampling is used when auditor believes that very few errors will be found. It prevents excessive sampling by allowing an audit test to be stopped at the earliest possible moment.

[q] The role of IS Internal Audit function should be established by an __________ approved by senior management.
[a] audit charter

[q] It should be noted that __________ is an overarching document that covers the entire scope of audit activities in an entity while an __________ is more focused on a particular audit exercise that is sought to be initiated in an organisation.

[a] It should be noted that an audit charter is an overarching document that covers the entire scope of audit activities in an entity while an engagement letter is more focused on a particular audit exercise that is sought to be initiated in an organisation.

[q]Internal Audit function should be __________ and report directly to Audit Committee or board of director.
[a] independent
[q]The __________ ideally lists all of the processes that may be considered for the audit.
[a]audit universe

[q]Risk is the combination of __________ of occurrence of an event and its __________.
[a]Risk is the combination of probability of occurrence of an event and its consequences.
[q]
(i)Controls designed to correct the errors or irregularities that have been detected are known as __________.
(ii)Controls designed to prevent errors or irregularities from occurring are known as __________.
(iii)Controls designed to detect errors or irregularities that may have occurred are known as __________.
(iv)Controls that reduce the likelihood of a deliberate act to cause a loss or an error are known as __________.
[a]
(i)Controls designed to correct the errors or irregularities that have been detected are known as corrective controls.
(ii)Controls designed to prevent errors or irregularities from occurring are known as preventive controls.
(iii)Controls designed to detect errors or irregularities that may have occurred are known as detective controls.
(iv)Controls that reduce the likelihood of a deliberate act to cause a loss or an error are known as deterrent controls.

[q]Use access control software that allows only authorized personnel to access sensitive files is an example of

(a)Preventive controls Or (b) Detective controls
[a] preventive controls

[q] A contingency planning is an example of:
(a)Preventive controls Or (b) Corrective controls
[a] Corrective controls

[q] A backup procedure is an example of:
(a)Preventive controls Or (b) Corrective controls
[a] Corrective controls

[q] A rerun procedure is an example of:
(a)Preventive controls Or (b) Corrective controls
[a] Corrective controls

[q] An “Echo” message in telecommunications protocol is an example of

(a)Detective controls Or (b) Preventive controls

[a] Detective controls

[q] A hash total is an example of

(a)Detective controls Or (b) Preventive controls

[a] Detective controls

[x] [/qdeck]