Flashcards in CISA Concepts Deck (92)
What is the definition of audit?
Auditing is a detailed and speciﬁc evaluation of a process, procedure, organization, job function, or system, in which results are gathered and reported.
What is the purpose of ethics?
To mandate the professional and personal conduct of auditors
According to the ISACA Code of Ethics is an auditor allowed to share the results of an audit with other personnel?
The auditor must maintain confidentiality of the audit unless required by legal authority
Should the IS audit plan be integrated into the overall audit plan for the organization?
The IS Audit function must fulfill all organizational audit objectives.
An IS Auditor is best advised to follow the standards provided by ISACA for conducting an planning IS Audits
ISACA audit standards are recommendations for planning IS audits.
ISACA Audit standard S2 Independence refers to what?
An Auditor should be independent of the area being audited
Standard S4 Professional Competence, requires the auditor to have the skills to conduct the audit?
appropriate continuing professional education
The basis for an audit plan should be what?
Audit findings and conclusions are supported by what?
When an auditor uses the assistance of outside experts, what obligations does the auditor have to review the work of the experts?
The auditor must apply additional test procedures if the work of outside experts is not adequate
When an auditor is planning an information system audit and suspects a potential control weakness, what are they obligated to do?
The auditor must consider the materiality of the weakness and plan the audit accordingly.
What role does risk assessment have in audit planning?
Risk assessment is used to determine the priorities for audit and allocation of audit resources.
What steps should an auditor take when a material irregularity is discovered?
The auditor should communicate the irregularity to management in a timely manner
What is the risk to an audit if unusual relationships exist between staff members in the area being audited?
The auditor may be provided inaccurate evidence
True or False? Supervision of the information systems audit staff should not be necessary if the staff is adequately trained and experienced
Once an audit is completed and submitted does the auditor have any further responsibility?
Yes, the auditor should follow up to ensure that management addressed any audit issues in a timely manner
IT governance means:
The IT function aligns with business mission, values and objectives
Relationships with third parties may:
Require the organization to comply with the security standards of the third party
True or False? The organization does not have to worry about the impact of third party relationships on the security program
The role of an Information Systems Security Steering Committee is to:
Provide feedback from all areas of the organization
The most effective tool a security department has is:
A security awareness program
The role of Audit in relation to Information Security is:
The validate the effectiveness of the security program against established metrics
Who should be responsible for development of a risk management strategy?
The Security Manager
The security requirements of each member of the organization should be documented in:
Their job descriptions
What could be the greatest challenge to implementing a new security strategy?
Obtaining buy-in from employees
Which forms of wireless media operate only when there are no obstacles in the transmission path?
What best defines electrical noise?
Extraneous signals introduced onto network media.
An audit log is an example of a:
A compensating control is used:
When normal controls are not sufficient to mitigate the trick