CISA TEST BANK 2026
COMPREHENSIVE QUESTIONS AND
ACCURATE SOLUTIONS VERIFIED
◉ An IS auditor who has discovered unauthorized transactions during a
review of electronic data interchange (EDI) transactions is likely to
recommend improving the:
A. EDI trading partner agreements.
B. physical controls for terminals.
C. authentication techniques for sending and receiving messages.
D. program change control procedures.. Answer: C.
◉ Which of the following is an attribute of the control self-assessment
approach?
A. Broad stakeholder involvement
B. Auditors are the primary control analysts
C. Limited employee participation
D. Policy driven. Answer: A.
◉ A company has recently upgraded its purchase system to incorporate
electronic data interchange (EDI) transmissions. Which of the following
controls should be implemented in the EDI interface to provide for
efficient data mapping?
A. Key verification
B. One-for-one checking
,C. Manual recalculations
D. Functional acknowledgements. Answer: D.
◉ When developing a risk-based audit strategy, an IS auditor should
conduct a risk assessment to ensure that:
A. controls needed to mitigate risk are in place.
B. vulnerabilities and threats are identified.
C. audit risk is considered.
D. a gap analysis is appropriate.. Answer: B.
◉ A PRIMARY benefit derived for an organization employing control
self-assessment techniques is that it:
A. can identify high-risk areas that might need a detailed review later.
B. allows IS auditors to independently assess risk.
C. can be used as a replacement for traditional audits.
D. allows management to relinquish responsibility for control.. Answer:
A.
◉ In planning an IS audit, the MOST critical step is the identification of
the:
A. areas of significant risk.
B. skill sets of the audit staff.
C. test steps in the audit.
D. time allotted for the audit.. Answer: A.
, ◉ Which of the following represents the GREATEST potential risk in
an electronic data interchange (EDI) environment?
A. Lack of transaction authorizations
B. Loss or duplication of EDI transmissions
C. Transmission delay
D. Deletion or manipulation of transactions prior to or after
establishment of application controls. Answer: A.
◉ Which of the following controls would an IS auditor look for in an
environment where duties cannot be appropriately segregated?
A. Overlapping controls
B. Boundary controls
C. Access controls
D. Compensating controls. Answer: D.
◉ An IS auditor performing a review of application controls would
evaluate the:
A. efficiency of the application in meeting the business processes.
B. impact of any exposures discovered.
C. business processes served by the application.
D. application's optimization.. Answer: B.
COMPREHENSIVE QUESTIONS AND
ACCURATE SOLUTIONS VERIFIED
◉ An IS auditor who has discovered unauthorized transactions during a
review of electronic data interchange (EDI) transactions is likely to
recommend improving the:
A. EDI trading partner agreements.
B. physical controls for terminals.
C. authentication techniques for sending and receiving messages.
D. program change control procedures.. Answer: C.
◉ Which of the following is an attribute of the control self-assessment
approach?
A. Broad stakeholder involvement
B. Auditors are the primary control analysts
C. Limited employee participation
D. Policy driven. Answer: A.
◉ A company has recently upgraded its purchase system to incorporate
electronic data interchange (EDI) transmissions. Which of the following
controls should be implemented in the EDI interface to provide for
efficient data mapping?
A. Key verification
B. One-for-one checking
,C. Manual recalculations
D. Functional acknowledgements. Answer: D.
◉ When developing a risk-based audit strategy, an IS auditor should
conduct a risk assessment to ensure that:
A. controls needed to mitigate risk are in place.
B. vulnerabilities and threats are identified.
C. audit risk is considered.
D. a gap analysis is appropriate.. Answer: B.
◉ A PRIMARY benefit derived for an organization employing control
self-assessment techniques is that it:
A. can identify high-risk areas that might need a detailed review later.
B. allows IS auditors to independently assess risk.
C. can be used as a replacement for traditional audits.
D. allows management to relinquish responsibility for control.. Answer:
A.
◉ In planning an IS audit, the MOST critical step is the identification of
the:
A. areas of significant risk.
B. skill sets of the audit staff.
C. test steps in the audit.
D. time allotted for the audit.. Answer: A.
, ◉ Which of the following represents the GREATEST potential risk in
an electronic data interchange (EDI) environment?
A. Lack of transaction authorizations
B. Loss or duplication of EDI transmissions
C. Transmission delay
D. Deletion or manipulation of transactions prior to or after
establishment of application controls. Answer: A.
◉ Which of the following controls would an IS auditor look for in an
environment where duties cannot be appropriately segregated?
A. Overlapping controls
B. Boundary controls
C. Access controls
D. Compensating controls. Answer: D.
◉ An IS auditor performing a review of application controls would
evaluate the:
A. efficiency of the application in meeting the business processes.
B. impact of any exposures discovered.
C. business processes served by the application.
D. application's optimization.. Answer: B.
