Which of the following choices would be the best source of information when developing a risk-based audit plan?

Senior management identify key business processes.

Process owners identify key controls.

System custodians identify vulnerabilities.

Peer auditors understand previous audit results.

AERITH Bank (A Digital Bank) based in Singapore, has since operated its retail and business sector in the Philippines. However, during the current year, the economy in the Philippines has been recently declining, and the retail sector in the country is projected to be unprofitable. The company has foreseen that the impact will be high and will remain over the long-run. What action should AERITH Bank consider if it wanted to address the risk of loss?

Shutdown the retail sector in the Philippines

Engage for insurance contracts with financial institutions

Enter into merger with other local banks

Accept and unite, for unity is the key.

HEARTFILIA Inc. leads the largest chain of convenience stores in the Philippines. Recently, due to increasing prices of commodities, the company has experienced a low count of incidents of petty theft in some of its branches. The amount involved is significantly low as well. What would be the best alternative should HEARTFILIA Inc. consider?

Accept the risk if the cost exceeds potential benefits

Install CCTV cameras & hire additional security guards

Shutdown branches with theft incidents

Normalize theft and unite, for unity is the key

DRAGNEEL Company, one of the leading manufacturers of paper products in the country, has recently built a warehouse in Metro Manila. The senior management has identified the risk of fire and its high potential impact to the company. What risk strategy should KONAN consider if it wanted to prevent the risk of fire?

Install fire extinguishers & other precautionary measures

Acquire fire insurance policies

Train the employees to unite in instance of fire

During an IS audit, which is the BEST method for an IS auditor to evaluate the implementation ofsegregation of duties within an IT department?

Review the IT job descriptions.

Research past IT audit reports.

Evaluate the organizational structure.

The primary purpose of the IS audit charter:

Outline the responsibility and authority of the is audit function.

Establish the organizational structure of the audit department.

Illustrate the reporting responsibilities of the is audit function.

Detail the resource requirements needed for the audit function.

The primary objective of the audit initiation meeting with an IS audit client is to:

Identify resource requirements of the audit.

Select the methodology of the audit.

An internal IS audit function is planning a general IS audit. Which of the following activities takes place during the first step of the planning phase?

Development of a risk assessment

Development of an audit program

Identification of key information owners

The main advantage of an IS auditor directly extracting data from a general ledger systems is:

Greater assurance of data validity

Reduction of human resources needed to support the audit

Reduction in the time to have access to the information

Greater flexibility for the audit department

Which of the following is most important to ensure before communicating the audit findings to topmanagement during the closing meeting?

Findings are clearly tracked back to evidence.

Risk statement includes an explanation of a business impact.

Recommendations address root causes of findings.

Remediation plans are provided by responsible parties.

The effect of which of the following should have priority in planning the scope and objectives of an IS audit:

Applicable statutory requirements

Applicable industry best practices

Organizational policies and procedures

An IS auditor identified a business process to be audited. The IS auditor should next identify the:

Control objectives and activities.

Most valuable information assets.

IS audit resources to be deployed.

Auditee personnel to be interviewed.

Which of the following is MOST likely be considered a conflict of interest for an IS auditor who isreviewing a cybersecurity implementation?

Designing the cybersecurity controls

Delivering cybersecurity awareness training

Advising on the cybersecurity framework

Conducting the vulnerability assessment

Which of the following is the first step performed prior to creating a risk ranking for the annual internal IS audit plan?

Prioritize the identified risk.

Identify the critical controls.

Determine the testing approach.

Which of the following responsibilities would MOST likely compromise the independence of an IS auditorwhen reviewing the risk management process?

Participating in the design of the risk management framework

Advising on different implementation techniques

Facilitating risk awareness training

Performing a due diligence review of the risk management processes

A system developer transfers to the audit department to serve as an IT auditor. When production systemsare to be reviewed by this employee, which of the following will become the most significant concern?

The work may be construed as a self-audit.

Audit points may largely shift to technical aspects.

The employee may not have sufficient control assessment skills.

The employee’s knowledge of business risk may be limited.

When evaluating the controls of an electronic data interchange (EDI) application, an IS auditor should primarily be concerned with the risk of:

Improper transaction authorization.

Excessive transaction turnaround time.

An IS auditor notes that failed login attempts to a core financial system are automatically logged and thelogs are retained for a year by the organization. This logging is:

An effective preventive control.

CISA Domain 1

Authored by MARVIN SORIANO

Computers

University

Used 132+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An IS auditor finds that a disaster recovery plan (DRP) for critical business functions does not cover all systems. Which of the following is the most appropriate course of action for the IS auditor?

Alert management and evaluate the impact of not covering all systems.

Cancel the audit.

Complete the audit of the systems covered by the existing DRP.

Postpone the audit until the systems are added to the DRP.

Answer explanation

An IS auditor should make management aware that some systems are omitted from the disasterrecovery plan (DRP). An IS auditor should continue the audit and include an evaluation of theimpact of not including all systems in the DRP

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following is the primary purpose of a risk-based audit?

High-impact areas are addressed first.

Audit resources are allocated efficiently.

Material areas are addressed first.

Management concerns are prioritized.

Answer explanation

Material risk is audited according to the risk ranking, thus enabling the audit team toconcentrate on high-risk areas first.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following would be expected to approve the audit charter?

Chief Financial Officer

Chief Executive Officer

Audit Steering Committee

Audit Committee

Answer explanation

One of the primary functions of the audit committee is to create and approve the audit charter.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

The main purpose of the annual IS audit plan is to:

Allocate resources for audits.

Reduce the impact of audit risk.

Develop a training plan for auditors.

Minimize the audit costs.

Answer explanation

IS audit assignments need to be accomplished with limited time and human resources. Thus, audits are scheduled and prioritized as determined by IS audit management.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following is most important to ensure that effective application controls are maintained?

Exception Reporting

Manager Oversight

Control Self-Assessment

Peer Reviews

Answer explanation

CSA is the review of business objectives and internal controls in a formal and documentedcollaborative process. It includes testing the design of automated application controls.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following represents an example of a preventive control with respect to IT personnel?

A security guard stationed at the server room door

An intrusion detection system

Implementation of a badge entry system for the IT facility

A fire suppression system in the server room

Answer explanation

Preventive controls are used to reduce the probability of an adverse event. A badge entry systemprevents unauthorized entry to the facility.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An IS auditor performing an audit of the risk assessment process should first confirm that:

Reasonable threats to the information assets are identified.

Technical and organizational vulnerabilities have been analyzed.

Assets have been identified and ranked.

The effects of potential security breaches have been evaluated.

Answer explanation

Identification and ranking of information assets (e.g., data criticality, sensitivity, locations ofassets) will set the tone or scope of how to assess risk in relation to the organizational value ofthe asset.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

DevOps Quiz

Quiz

•

University

25 questions

untitled

Quiz

•

8th Grade - University

25 questions

Computer Science Quiz

Quiz

•

4th Grade - University

25 questions

QUIZ

Quiz

•

University

25 questions

IT Quiz | E-Zone

Quiz

•

University

26 questions

AI Quiz 26/9

Quiz

•

University

25 questions

Understanding Input, Selection and Loops in Python

Quiz

•

7th Grade - University

25 questions

SQL Quiz: 25 MCQs on the Student Table

Quiz

•

University

Popular Resources on Wayground

19 questions

Naming Polygons

Quiz

•

3rd Grade

10 questions

Prime Factorization

Quiz

•

6th Grade

20 questions

Math Review

Quiz

•

3rd Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

Discover more resources for Computers

50 questions

ELA EOG Prep 7th Grade

Quiz

•

KG - University

20 questions

Guess The App

Quiz

•

KG - Professional Dev...

11 questions

dog breeds

Quiz

•

3rd Grade - Professio...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

19 questions

Minecraft

Quiz

•

6th Grade - Professio...

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

10 questions

Would you rather...

Quiz

•

KG - University

49 questions

AP Environmental Science Final Exam Review

Quiz

•

10th Grade - University

CISA Domain 1

An IS auditor finds that a disaster recovery plan (DRP) for critical business functions does not cover all systems. Which of the following is the most appropriate course of action for the IS auditor?

An IS auditor should make management aware that some systems are omitted from the disasterrecovery plan (DRP). An IS auditor should continue the audit and include an evaluation of theimpact of not including all systems in the DRP

Which of the following is the primary purpose of a risk-based audit?

Material risk is audited according to the risk ranking, thus enabling the audit team toconcentrate on high-risk areas first.

Which of the following would be expected to approve the audit charter?

One of the primary functions of the audit committee is to create and approve the audit charter.

The main purpose of the annual IS audit plan is to:

IS audit assignments need to be accomplished with limited time and human resources. Thus, audits are scheduled and prioritized as determined by IS audit management.

Which of the following is most important to ensure that effective application controls are maintained?

CSA is the review of business objectives and internal controls in a formal and documentedcollaborative process. It includes testing the design of automated application controls.

Which of the following represents an example of a preventive control with respect to IT personnel?

Preventive controls are used to reduce the probability of an adverse event. A badge entry systemprevents unauthorized entry to the facility.

An IS auditor performing an audit of the risk assessment process should first confirm that:

Identification and ranking of information assets (e.g., data criticality, sensitivity, locations ofassets) will set the tone or scope of how to assess risk in relation to the organizational value ofthe asset.

Which of the following choices would be the best source of information when developing a risk-based audit plan?

Developing a risk-based audit plan must start with the identification of key business processes,which determine and identify the risk that needs to be addressed.

A financial institution with multiple branch offices has an automated control that requires the branch manager to approve transactions more than a certain amount. What type of audit control is this?

Having a manager approve transactions more than a certain amount is considered a preventive control.

When impact and likelihood are both assessed as high, recommended solution is to avoid th risk (i.e. terminate/discontinue its source).

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers