Ensurepass

 

QUESTION 281

An integrated test facility is considered a useful audit tool because it:

 

A.

is a cost-efficient approach to auditing application controls.

B.

enables the financial and IS auditors to integrate their audit tests.

C.

compares processing output with independently calculated data.

D.

provides the IS auditor with a tool to analyze a large range of information

 

Correct Answer: C

Explanation:

An integrated test facility is considered a useful audit tool because it uses the same programs to compare processing using independently calculated datA. This involves setting up dummy entities on an application system and processing test or production data
against the entity as a means of verifying processing accuracy.

 

 

QUESTION 282

An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit?

 

A.

Design further tests of the calculations that are in error.

B.

Identify variables that may have caused the test results to be inaccurate.

C.

Examine some of the test cases to confirm the results.

D.

Document the results and prepare a report of findings, conclusions and recommendations.

 

Correct Answer: C

Expla
nation:

An IS auditor should next examine cases where incorrect calculations occurred and confirm the results. After the calculations have been confirmed, further tests can be conducted and reviewed. Report preparation, findings and recommendations would notbe made until all results are confirmed.

 

 

QUESTION 283

Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should:

 

A.

include the statement of management in the audit report.

B.

identify whether such software is, indeed, being used by the organization.

C.

reconfirm with management the usage of the software.

D.

discuss the issue with senior management since reporting this could have a negative impact on the organization.

 

Correct Answer: B

Explanation:

When there is an indication that an organization might be using unlicensed software, the IS auditor should obtain sufficient evidence before including it in the report. With respect to this matter, representations obtained from management cannot be independently verified. If the organization is using software that is not licensed, the auditor, to maintain objectivity and independence, must include this in the report.

QUESTION 284

The BEST method of proving the accuracy of a system tax calculation is by:

 

A.

detailed visual review and analysis of the source code of the calculation programs

B.

recreating program logic using generalized audit software to calculate monthly totals.

C.

preparing simulated transactions for processing and comparing the results to predetermined results.

D.

automatic flowcharting and analysis of the source code of the calculation programs.

 

Correct Answer: C

Explanation:

Preparing simulated transactions for processing and comparing the results to predetermined results is the best method for proving accuracy of a tax calculation. Detailed visual review, flowcharting and analysis of source code are not effective methods, and monthly totals would not address the accuracy of individual tax calculations.

 

 

QUESTION 285

An audit charter should:

 

A.

be dynamic and change often to coincide with the changing nature of technology and the audit profession.

B.

clearly state audit objectives for, and the delegation of, authority to the maintenance and review of internal controls.

C.

document the audit procedures designed to achieve the planned audit objectives.

D.

outline the overall authority, scope and responsibilities of the audit function.

 

Correct Answer: D

Explanation:

An audit charter should state management’s objectives for and delegation of authority to IS audit. This charter should not significantly change over time and should be approved at the highest level of management. An audit charter would not be at a detailed level and, therefore, would not include specific audit objectives or procedures.

 

 

QUESTION 286

During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system?

 

A.

Dumping the memory content to a file

B.

Generating disk images of the compromised system

C.

Rebooting the system

D.

Removing the system from the network

 

Correct Answer: C

Explanation:

Rebooting the system may result in a change in the system state and the loss of files and important evidence stored in memory. The other choices are appropriate actions for preserving evidence.

 

 

 

 

 

QUESTION 287

An IS auditor is evaluating management’s risk assessment of information systems. The IS auditor should FIRST review:

 

A.

the controls already in place.

B.

the effectiveness of the controls in place.

C.

the mechanism for monitoring the risks related to the assets.

D.

the threats/vulnerabilities affecting the assets.

 

Correct Answer: D

Explanation:

One of the key factors to be considered while assessing the risks related to the use of various information systems is the threats and vulnerabilities affecting the assets. The risks related to the use of information assets should be evaluated in isolation from the installed controls. Similarly, the effectiveness of the controls should be considered during the risk mitigation stage and not during the risk assessment phase A mechanism to continuously monitor the risks related to assets should be put in place during the risk monitoring function that follows the risk assessment phase.

 

 

QUESTION 288

The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:

 

A.

comply with regulatory requirements.

B.

provide a basis for drawing reasonable conclusions.

< font face="Arial">C.

ensure complete audit coverage.

D.

perform the audit according to the defined scope.

 

Correct Answer: B

Explanation:

The scope of an IS audit is defined by its objectives. This involves identifying control weaknesses relevant to the scope of the audit. Obtaining sufficient and appropriate evidence assists the auditor in not only identifying control weaknesses but also documenting and validating them. Complying with regulatory requirements, ensuring coverage and the execution of audit are all relevant to an audit but are not the reason why sufficient and relevant evidence is required.

 

 

QUESTION 289

In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:

 

A.

identify and assess the risk assessment process used by management.

B.

identify information assets and the und
erlying systems.

C.

disclose the threats and impacts to management.

D.

identify and evaluate the existing controls.

 

Correct Answer: D

Explanation:

It is important for an IS auditor to identify and evaluate the existing controls and security once the potential threats and possible impacts are identified. Upon completion of an audit an IS auditor should describe and discuss with management the threats and potential impacts on the assets.

 

 

QUESTION 290

An IS auditor reviews an organizational chart PRIMARILY for:

 

A.

an understanding of workflows.

B.

investigating various communication channels.

C.

understanding the responsibilities and authority of individuals.

D.

investigating the network connected to different employees.

 

Correct Answer: C

Explanation:

An organizational chart provides information about the responsibilities and authority of individuals in the organization. This helps an IS auditor to know if there is a proper segregation of functions. A workflow chart would provide information aboutthe roles of different employees. A network diagram will provide information about the usage of various communication channels and will indicate the connection of users to the network.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.