CISA EXAM QUESTIONS AND ANSWERS
ALL CORRECT
What control classification would an auditor use to monitor an organization's internal
corporate network in order to report any unauthorized access attempts? - Answer-
Detective
The audit charter is an important document. What is included in the audit charter? -
Answer- The scope of the audit function
Developing an audit plan requires the determination of required personnel resources
and? - Answer- Arranging for access to the audit area
The audit plan must be designed to ensure compliance with laws and regulations, this
will require the knowledge of the regulations and? - Answer- A review to ensure
management were aware of regulations when developing policies and procedures
The audit plan will be based on: - Answer- The stated objectives of the audit
The purpose of audit objectives is to establish whether internal controls are minimizing
risk and? - Answer- functioning properly
A operational audit is designed to test? - Answer- The effectiveness of the
organization's internal control environment
What is the purpose of a specialized audit? - Answer- A specialized audit tests the
services provided by an external organization
What is a primary consideration when performing a forensic audit? - Answer-
Maintaining proper evidence handling and management techniques
What is the purpose of audit planning? - Answer- Audit planning provides a clear
overview of the audit before the audit commences
What is the most critical step in audit planning? - Answer- Focus on high risk areas
How do laws and regulations affect an audit plan? - Answer- The audit plan must be
designed to test for compliance with laws and regulations
What is the responsibility of the auditor in relation to fraud - Answer- The auditor must
always be watchful for fraud while performing an audit
, Who should be able to see an audit methodology document? - Answer- The audit
methodology document is used to communicate with all audit team members
When an auditor finds a minor violation of policy or procedures, what should their
course of action be? - Answer- Include the violation in the audit report
When an auditor finds a problem that is outside the scope of the audit plan, what should
be done? - Answer- Consult with audit management about adjusting the scope of the
problem
An auditor has found a problem and notified management. The problem was
immediately fixed. Should the problem be included in the audit report? - Answer- Yes,
all material findings should be in the report, but noted as fixed.
True or False? An audit that finds no serious issues may not require the preparation of
an audit report - Answer- False
What is the definition of audit? - Answer- Auditing is a detailed and specific evaluation of
a process, procedure, organization, job function, or system, in which results are
gathered and reported.
What is the purpose of ethics? - Answer- To mandate the professional and personal
conduct of auditors
According to the ISACA Code of Ethics is an auditor allowed to share the results of an
audit with other personnel? - Answer- The auditor must maintain confidentiality of the
audit unless required by legal authority
Should the IS audit plan be integrated into the overall audit plan for the organization? -
Answer- The IS Audit function must fulfill all organizational audit objectives.
An IS Auditor is best advised to follow the standards provided by ISACA for conducting
an planning IS Audits - Answer- ISACA audit standards are recommendations for
planning IS audits.
ISACA Audit standard S2 Independence refers to what? - Answer- An Auditor should be
independent of the area being audited
Standard S4 Professional Competence, requires the auditor to have the skills to
conduct the audit? - Answer- appropriate continuing professional education
The basis for an audit plan should be what? - Answer- Risk
Audit findings and conclusions are supported by what? - Answer- Evidence
ALL CORRECT
What control classification would an auditor use to monitor an organization's internal
corporate network in order to report any unauthorized access attempts? - Answer-
Detective
The audit charter is an important document. What is included in the audit charter? -
Answer- The scope of the audit function
Developing an audit plan requires the determination of required personnel resources
and? - Answer- Arranging for access to the audit area
The audit plan must be designed to ensure compliance with laws and regulations, this
will require the knowledge of the regulations and? - Answer- A review to ensure
management were aware of regulations when developing policies and procedures
The audit plan will be based on: - Answer- The stated objectives of the audit
The purpose of audit objectives is to establish whether internal controls are minimizing
risk and? - Answer- functioning properly
A operational audit is designed to test? - Answer- The effectiveness of the
organization's internal control environment
What is the purpose of a specialized audit? - Answer- A specialized audit tests the
services provided by an external organization
What is a primary consideration when performing a forensic audit? - Answer-
Maintaining proper evidence handling and management techniques
What is the purpose of audit planning? - Answer- Audit planning provides a clear
overview of the audit before the audit commences
What is the most critical step in audit planning? - Answer- Focus on high risk areas
How do laws and regulations affect an audit plan? - Answer- The audit plan must be
designed to test for compliance with laws and regulations
What is the responsibility of the auditor in relation to fraud - Answer- The auditor must
always be watchful for fraud while performing an audit
, Who should be able to see an audit methodology document? - Answer- The audit
methodology document is used to communicate with all audit team members
When an auditor finds a minor violation of policy or procedures, what should their
course of action be? - Answer- Include the violation in the audit report
When an auditor finds a problem that is outside the scope of the audit plan, what should
be done? - Answer- Consult with audit management about adjusting the scope of the
problem
An auditor has found a problem and notified management. The problem was
immediately fixed. Should the problem be included in the audit report? - Answer- Yes,
all material findings should be in the report, but noted as fixed.
True or False? An audit that finds no serious issues may not require the preparation of
an audit report - Answer- False
What is the definition of audit? - Answer- Auditing is a detailed and specific evaluation of
a process, procedure, organization, job function, or system, in which results are
gathered and reported.
What is the purpose of ethics? - Answer- To mandate the professional and personal
conduct of auditors
According to the ISACA Code of Ethics is an auditor allowed to share the results of an
audit with other personnel? - Answer- The auditor must maintain confidentiality of the
audit unless required by legal authority
Should the IS audit plan be integrated into the overall audit plan for the organization? -
Answer- The IS Audit function must fulfill all organizational audit objectives.
An IS Auditor is best advised to follow the standards provided by ISACA for conducting
an planning IS Audits - Answer- ISACA audit standards are recommendations for
planning IS audits.
ISACA Audit standard S2 Independence refers to what? - Answer- An Auditor should be
independent of the area being audited
Standard S4 Professional Competence, requires the auditor to have the skills to
conduct the audit? - Answer- appropriate continuing professional education
The basis for an audit plan should be what? - Answer- Risk
Audit findings and conclusions are supported by what? - Answer- Evidence
