CISA DOMAIN 1: THE PROCESS OF
AUDITING INFORMATION SYSTEMS
QUESTIONS AND ANSWERS 100%
CORRECT
Audit Charter - ANSWER-Outlines the auditor's responsibility, authority and
accountability. The charter document grants authority to the audit function on behalf of
the board of directors and company stakeholders. Describes role of IS audit function.
Inherent Risk - ANSWER-Exists independently of an audit and can occur because of
the nature of the business. To successfully conduct an audit, it is important to be aware
of the related business processes. To perform the audit, the IS auditor needs to
understand the business process, and by understanding the business process, the IS
auditor better understands the inherent risk.
Detection Risk Assessment - ANSWER-Performed only after the inherent and control
risk assessments have been performed to determine ability to detect either errors within
a targeted process
Control Risk Assessment - ANSWER-Performed after the inherent risk assessment has
been completed and is to determine the level of risk that remains after controls for the
targeted process are in place.
Fraud Risk Assessment - ANSWER-A subset of a control risk assessment in which the
auditor determines if the control risk addresses the ability of internal and/or external
parties to commit fraudulent transaction within the system
While developing a risk based audit program the IS auditor will most likely focus on
Business Processes - ANSWER-Business Process audit - Focuses on the
understanding of the nature of the business and being able to identify and categorize
risk. Business risk impacts the long-term viability of a specific business.
Control Risk - ANSWER-The risk that a material error exists that will not be prevented
or detected in a timely manner by the system of internal controls.
Detection Risk - ANSWER-The risk that a material misstatement with a management
assertion will not be detected by the auditors substantive tests. It consists of two
components, sampling risk and non-sampling risk.
, Substantive Testing - ANSWER-A substantive test includes gathering evidence to
evaluate the integrity (completeness, accuracy or validity) of individual transactions,
data or other information.
An audit procedure that examines the financial statements and supporting
documentation to see if they contain errors. These tests are needed as evidence to
support the assertion that the financial records of an entity are complete, valid and
accurate.
Lower Confidence Coefficient - ANSWER-When internal controls are strong, a lower
confidence coefficient can be adopted, which will enable the use of a smaller sample
size.
Variable Sampling - ANSWER-Used to estimate numerical values such as dollar values.
Detective Control - ANSWER-Transaction logs are detective controls because they
provide audit trails. Before and after image reporting makes it possible to trace the
impact that transactions have on computer records therefore it is a detective control.
Preventive Control - ANSWER-Table lookups are preventive controls; input data are
checked against predefined tables, which prevent any undefined data to be entered.
When evaluating logical access controls an IS auditor should FIRST - ANSWER-Obtain
an understanding of the security risk facing information processing by reviewing
relevant documentation, by inquiries, and conducting a risk assessment. This is
necessary so that the IS auditor can ensure the controls are adequate to address risk.
Generalized audit software - ANSWER-include mathematical computations,
stratification, statistical analysis, sequence checking, duplicate checking and re
computations. An IS auditor, using generalized audit software, could design appropriate
tests to recompute the payroll thereby determining whether there were over payments
and to whom they were made. Data analytic tool that can be used to filter large amounts
of data.
Inherent Risk - ANSWER-The risk level or exposure without taking into account the
actions that management has taken or might take.
Sampling Risk - ANSWER-The risk that incorrect assumptions are made about the
characteristics of a population from which a sample is taken.
Non Sampling risk - ANSWER-The detection risk not related to sampling; it can be due
to a variety of reasons, including, but not limited to, human error.
Trend/variance detection tools - ANSWER-Look for anomalies in user or system
behavior, such as invoices with increasing invoice numbers.
AUDITING INFORMATION SYSTEMS
QUESTIONS AND ANSWERS 100%
CORRECT
Audit Charter - ANSWER-Outlines the auditor's responsibility, authority and
accountability. The charter document grants authority to the audit function on behalf of
the board of directors and company stakeholders. Describes role of IS audit function.
Inherent Risk - ANSWER-Exists independently of an audit and can occur because of
the nature of the business. To successfully conduct an audit, it is important to be aware
of the related business processes. To perform the audit, the IS auditor needs to
understand the business process, and by understanding the business process, the IS
auditor better understands the inherent risk.
Detection Risk Assessment - ANSWER-Performed only after the inherent and control
risk assessments have been performed to determine ability to detect either errors within
a targeted process
Control Risk Assessment - ANSWER-Performed after the inherent risk assessment has
been completed and is to determine the level of risk that remains after controls for the
targeted process are in place.
Fraud Risk Assessment - ANSWER-A subset of a control risk assessment in which the
auditor determines if the control risk addresses the ability of internal and/or external
parties to commit fraudulent transaction within the system
While developing a risk based audit program the IS auditor will most likely focus on
Business Processes - ANSWER-Business Process audit - Focuses on the
understanding of the nature of the business and being able to identify and categorize
risk. Business risk impacts the long-term viability of a specific business.
Control Risk - ANSWER-The risk that a material error exists that will not be prevented
or detected in a timely manner by the system of internal controls.
Detection Risk - ANSWER-The risk that a material misstatement with a management
assertion will not be detected by the auditors substantive tests. It consists of two
components, sampling risk and non-sampling risk.
, Substantive Testing - ANSWER-A substantive test includes gathering evidence to
evaluate the integrity (completeness, accuracy or validity) of individual transactions,
data or other information.
An audit procedure that examines the financial statements and supporting
documentation to see if they contain errors. These tests are needed as evidence to
support the assertion that the financial records of an entity are complete, valid and
accurate.
Lower Confidence Coefficient - ANSWER-When internal controls are strong, a lower
confidence coefficient can be adopted, which will enable the use of a smaller sample
size.
Variable Sampling - ANSWER-Used to estimate numerical values such as dollar values.
Detective Control - ANSWER-Transaction logs are detective controls because they
provide audit trails. Before and after image reporting makes it possible to trace the
impact that transactions have on computer records therefore it is a detective control.
Preventive Control - ANSWER-Table lookups are preventive controls; input data are
checked against predefined tables, which prevent any undefined data to be entered.
When evaluating logical access controls an IS auditor should FIRST - ANSWER-Obtain
an understanding of the security risk facing information processing by reviewing
relevant documentation, by inquiries, and conducting a risk assessment. This is
necessary so that the IS auditor can ensure the controls are adequate to address risk.
Generalized audit software - ANSWER-include mathematical computations,
stratification, statistical analysis, sequence checking, duplicate checking and re
computations. An IS auditor, using generalized audit software, could design appropriate
tests to recompute the payroll thereby determining whether there were over payments
and to whom they were made. Data analytic tool that can be used to filter large amounts
of data.
Inherent Risk - ANSWER-The risk level or exposure without taking into account the
actions that management has taken or might take.
Sampling Risk - ANSWER-The risk that incorrect assumptions are made about the
characteristics of a population from which a sample is taken.
Non Sampling risk - ANSWER-The detection risk not related to sampling; it can be due
to a variety of reasons, including, but not limited to, human error.
Trend/variance detection tools - ANSWER-Look for anomalies in user or system
behavior, such as invoices with increasing invoice numbers.
