CISA Domain 1

Charles is developing an audit plan for his organization security operations center. Which of the following will help him to determine which controls needs to be looked in greater detail?

What would type of control would a video surveillance system be classified as?

An organization outsources its payroll and expense reporting to a company that uses a SaaS based environment. The outsourcing company supports many other customers. Why kind of audit should the organization undertake?

An audit project is taking too long and management is beginning to question its schedule and completion. This audit may be lacking:

An auditor is auditing the user account request and fulfillment process. There are thousands of transactions and the auditor cannot view them all. The auditor wants to view a random selection of transactions. What is this called?

A lead auditor is preparing an audit plan for a client's financial accounting system. The plan calls for periodic testing of a large number of transactions throughout the audit project. Which is the best approach

Which of the following is NOT true?

Why are preventive controls favored over detective controls?

For audit planning purpose, can an auditor rely upon the auditee's risk assessment?

An auditor is auditing the user's account and fulfillment process and ask the control owner to describe the process. What type of auditing is taking place?