CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 353
1. Your final audit report should be issued:
A) after an agreement on the observations is reached.
B) before an agreement on the observations is reached.
C) if an agreement on the observations cannot reached.
D) without mentioning the observations.
E) None of the choices.
2. Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (Choose four.)(Select 4answers)
A) A maximum length for audit cycles.
B) The timing of risk assessments.
C) Documentation requirements.
D) Guidelines for handling special cases.
E) None of the choices.
3. The ability of the internal IS audit function to achieve desired objectives depends largely on:
A) the training of audit personnel
B) the background of audit personnel
C) the independence of audit personnel
D) the performance of audit personnel
E) None of the choices.
4. In-house personnel performing IS audits should possess which of the following knowledge and/or skills (Choose two.):(Select 2answers)
A) information systems knowledge commensurate with the scope of the IT environment in question
B) sufficient analytical skills to determine root cause of deficiencies in question
C) sufficient knowledge on secure system coding
D) sufficient knowledge on secure platform development
E) information systems knowledge commensurate outside of the scope of the IT environment in question
5. A comprehensive IS audit policy should include guidelines detailing what involvement the internal audit team should have?
A) in the development and coding of major OS applications.
B) in the acquisition and maintenance of major WEB applications.
C) in the human resource management cycle of the application development project.
D) in the development, acquisition, conversion, and testing of major applications.
E) None of the choices.
A) after an agreement on the observations is reached.
B) before an agreement on the observations is reached.
C) if an agreement on the observations cannot reached.
D) without mentioning the observations.
E) None of the choices.
2. Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (Choose four.)(Select 4answers)
A) A maximum length for audit cycles.
B) The timing of risk assessments.
C) Documentation requirements.
D) Guidelines for handling special cases.
E) None of the choices.
3. The ability of the internal IS audit function to achieve desired objectives depends largely on:
A) the training of audit personnel
B) the background of audit personnel
C) the independence of audit personnel
D) the performance of audit personnel
E) None of the choices.
4. In-house personnel performing IS audits should possess which of the following knowledge and/or skills (Choose two.):(Select 2answers)
A) information systems knowledge commensurate with the scope of the IT environment in question
B) sufficient analytical skills to determine root cause of deficiencies in question
C) sufficient knowledge on secure system coding
D) sufficient knowledge on secure platform development
E) information systems knowledge commensurate outside of the scope of the IT environment in question
5. A comprehensive IS audit policy should include guidelines detailing what involvement the internal audit team should have?
A) in the development and coding of major OS applications.
B) in the acquisition and maintenance of major WEB applications.
C) in the human resource management cycle of the application development project.
D) in the development, acquisition, conversion, and testing of major applications.
E) None of the choices.
1. Right Answer: A
Explanation: Reporting can take the forms of verbal presentation, an issue paper or a written audit report summarizing observations and management's responses. After agreement is reached on the observations, a final report can be issued.
2. Right Answer: A,B,C,D
Explanation: A well-written risk assessment guidelines should specify a maximum length for audit cycles based on the risk scores and the timing of risk assessments for each department or activity. There should be documentation requirements to support scoring decisions. There should also be guidelines for overriding risk assessments in special cases and the circumstances under which they can be overridden.
3. Right Answer: C
Explanation: The ability of the internal audit function to achieve desired objectives depends largely on the independence of audit personnel. Top management should ensure that the audit department does not participate in activities that may compromise its independence.
4. Right Answer: A,B
Explanation: Personnel performing IT audits should have information systems knowledge commensurate with the scope of the institution's IT environment. They should also possess sufficient analytical skills to determine the root cause of deficiencies.
5. Right Answer: D
Explanation: The audit policy should include guidelines detailing what involvement internal audit will have in the development, acquisition, conversion, and testing of major applications. Such a policy must be approved by top management for it to be effective.
Explanation: Reporting can take the forms of verbal presentation, an issue paper or a written audit report summarizing observations and management's responses. After agreement is reached on the observations, a final report can be issued.
2. Right Answer: A,B,C,D
Explanation: A well-written risk assessment guidelines should specify a maximum length for audit cycles based on the risk scores and the timing of risk assessments for each department or activity. There should be documentation requirements to support scoring decisions. There should also be guidelines for overriding risk assessments in special cases and the circumstances under which they can be overridden.
3. Right Answer: C
Explanation: The ability of the internal audit function to achieve desired objectives depends largely on the independence of audit personnel. Top management should ensure that the audit department does not participate in activities that may compromise its independence.
4. Right Answer: A,B
Explanation: Personnel performing IT audits should have information systems knowledge commensurate with the scope of the institution's IT environment. They should also possess sufficient analytical skills to determine the root cause of deficiencies.
5. Right Answer: D
Explanation: The audit policy should include guidelines detailing what involvement internal audit will have in the development, acquisition, conversion, and testing of major applications. Such a policy must be approved by top management for it to be effective.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment