CISA Concepts Flashcards Preview

CISA Stuff > CISA Concepts > Flashcards

Flashcards in CISA Concepts Deck (92)
Loading flashcards...
1

What is the definition of audit?

Auditing is a detailed and specific evaluation of a process, procedure, organization, job function, or system, in which results are gathered and reported.

2

What is the purpose of ethics?

To mandate the professional and personal conduct of auditors

3

According to the ISACA Code of Ethics is an auditor allowed to share the results of an audit with other personnel?

The auditor must maintain confidentiality of the audit unless required by legal authority

4

Should the IS audit plan be integrated into the overall audit plan for the organization?

The IS Audit function must fulfill all organizational audit objectives.

5

An IS Auditor is best advised to follow the standards provided by ISACA for conducting an planning IS Audits

ISACA audit standards are recommendations for planning IS audits.

6

ISACA Audit standard S2 Independence refers to what?

An Auditor should be independent of the area being audited

7

Standard S4 Professional Competence, requires the auditor to have the skills to conduct the audit?

appropriate continuing professional education

8

The basis for an audit plan should be what?

Risk

9

Audit findings and conclusions are supported by what?

Evidence

10

When an auditor uses the assistance of outside experts, what obligations does the auditor have to review the work of the experts?

The auditor must apply additional test procedures if the work of outside experts is not adequate

11

When an auditor is planning an information system audit and suspects a potential control weakness, what are they obligated to do?

The auditor must consider the materiality of the weakness and plan the audit accordingly.

12

What role does risk assessment have in audit planning?

Risk assessment is used to determine the priorities for audit and allocation of audit resources.

13

What steps should an auditor take when a material irregularity is discovered?

The auditor should communicate the irregularity to management in a timely manner

14

What is the risk to an audit if unusual relationships exist between staff members in the area being audited?

The auditor may be provided inaccurate evidence

15

True or False? Supervision of the information systems audit staff should not be necessary if the staff is adequately trained and experienced

TRUE

16

Once an audit is completed and submitted does the auditor have any further responsibility?

Yes, the auditor should follow up to ensure that management addressed any audit issues in a timely manner

17

IT governance means:

The IT function aligns with business mission, values and objectives

18

Relationships with third parties may:

Require the organization to comply with the security standards of the third party

19

True or False? The organization does not have to worry about the impact of third party relationships on the security program

FALSE

20

The role of an Information Systems Security Steering Committee is to:

Provide feedback from all areas of the organization

21

The most effective tool a security department has is:

A security awareness program

22

The role of Audit in relation to Information Security is:

The validate the effectiveness of the security program against established metrics

23

Who should be responsible for development of a risk management strategy?

The Security Manager

24

The security requirements of each member of the organization should be documented in:

Their job descriptions

25

What could be the greatest challenge to implementing a new security strategy?

Obtaining buy-in from employees

26

Which forms of wireless media operate only when there are no obstacles in the transmission path?

Spread spectrum

27

What best defines electrical noise?

Extraneous signals introduced onto network media.

28

An audit log is an example of a:

Detective control

29

A compensating control is used:

When normal controls are not sufficient to mitigate the trick

30

A disgruntled former employee is a:

Threat