IS Audit Process


  1. The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a facilitator.

  2. Using a statistical sample to inventory the tape library is an example of a substantive test.

  3. Audit responsibility enhancement is an objective of a control self-assessment (CSA) program.

  4. If proper identification and authentication are not performed during access control, no accountability can exist for any action performed.

  5. IS auditors are most likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. Think of it this way: If any reliance is placed on internal controls, that reliance must be validated through compliance testing. High control risk results in little reliance on internal controls, which results in additional substantive testing.

  6. In planning an audit, the most critical step is identifying the areas of high risk.

  7. Prior audit reports are considered of lesser value to an IS auditor attempting to gain an understanding of an organization's IT process than evidence directly collected.

  8. When evaluating the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of the point at which controls are exercised as data flows through the system.

  9. The primary purpose of audit trails is to establish accountability and responsibility for processed transactions.

  10. When implementing continuous monitoring systems, an IS auditor's first step is to identify high-risk areas within the organization.

  11. Auditing resources are allocated to the areas of highest concern, as a benefit of a risk-based approach to audit planning.

  12. Inherent risk is associated with authorized program exits (trap doors).

  13. After an IS auditor has identified threats and potential impacts, the auditor should identify and evaluate the existing controls.

  14. Generalized audit software can be used to search for address field duplications.

  15. The use of statistical sampling procedures helps minimize detection risk.

  16. Lack of reporting of a successful attack on the network is a great concern to an IS auditor.

  17. Detection risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist.

  18. An integrated test facility is considered a useful audit tool because it compares processing output with independently calculated data.



Exam Cram 2. CISA
Cisa Exam Cram 2
ISBN: B001EEFNHG
EAN: N/A
Year: 2005
Pages: 146

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net