CISA—Certified Information Systems Auditor - Part 382

1. An organization transmits large amounts of data from one internal system to another. The IS auditor is reviewing the quality of the data at the originating point.Which of the following should the auditor verify FIRST?

A) The data has been encrypted.
B) The data transformation is accurate.
C) The data extraction process is completed.
D) The source data is accurate.



2. An IS auditor intends to accept a management position in the data processing department within the same organization. However, the auditor is currently working on an audit of a major application and has not yet finished the report. Which of the following would be the BEST step for the IS auditor to take?

A) Start in the position and inform the application owner of the job change.
B) Start in the position immediately.
C) Disclose this issue to the appropriate parties.
D) Complete the audit without disclosure and then start in the position.



3. Which of the following would BEST describe an audit risk?

A) The company is being sued for false accusations.
B) The financial report may contain undetected material errors.
C) Key employees have not taken vacation for 2 years.
D) Employees have been misappropriating funds.



4. During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

A) allocation of resources during an emergency.
B) maintenance of hardware and software compatibility.
C) differences in IS policies and procedures.
D) frequency of system testing.



5. While planning a review of IT governance, the IS auditor is MOST likely to:

A) examine audit committee minutes for IS-related matters and their control.
B) obtain information about the framework of control adopted by management.
C) assess whether business process owner responsibilities are consistent across the organization.
D) review compliance with policies and procedures issued by the board of directors.