Day 1

Question 1

What does the ‘L’ in LG-SQ (Audit Objectives) stand for?

Answer 1

Legal and regulatory compliance – Ensuring systems comply with applicable laws, regulations, and contracts.

Question 2

What does the ‘G’ in LG-SQ stand for?

Answer 2

Governance – Ensuring compliance with internal policies, standards, and governance frameworks.

Question 3

What does the ‘S’ in LG-SQ stand for?

Answer 3

Security – Ensuring confidentiality, integrity, and availability (CIA) of information systems.

Question 4

What does the ‘Q’ in LG-SQ stand for?

Answer 4

Quality – Ensuring that IT systems are efficient and meet business needs.

Question 5

Can an auditor deviate from ISACA Standards?

Answer 5

Only if justifiably beneficial to the organization, and must be documented with reasoning.

Question 6

What is the role of ISACA Guidelines?

Answer 6

Provide guidance and commentary on how to apply the standards; not mandatory.

Question 7

What is the role of ISACA Tools & Techniques?

Answer 7

Offer practical examples and aids to support implementation; discretionary use.

Question 8

What are the three main phases of an audit?

Answer 8

1. Planning
2. Fieldwork & Documentation
3. Reporting & Follow-up

Question 9

What are the 4 main stages in the risk lifecycle?

Answer 9

1. Risk Identification
2. Risk Assessment
3. Risk Treatment
4. Risk Monitoring

Question 10

What are the IS Audit Objectives

Answer 10

Legal, Governance, Security, Quality (LGSQ)

Question 11

What are the 5C of Audit Report

Answer 11

Criteria
Condition
Cause
Consequence
Corrective Action

Question 12

What are the three levels of ISACA’s audit guidance?

Answer 12

1. Standards (mandatory)
2. Guidelines (recommended, use professional judgment)
3. Tools and Techniques (optional support)

Question 13

What is the role of ISACA Guidelines?

Answer 13

Provide guidance and commentary on how to apply the standards; not mandatory.

Question 14

What is the role of ISACA Tools & Techniques?

Answer 14

Offer practical examples and aids to support implementation; discretionary use.

Question 15

What are the three main phases of an audit?

Answer 15

1. Planning
2. Fieldwork & Documentation
3. Reporting & Follow-up

Question 16

What is the objective of the Planning Phase?

Answer 16

Define scope, objectives, and prepare audit strategy based on risk.

Question 17

What happens during Fieldwork & Documentation?

Answer 17

Perform testing, collect evidence, and document findings.

Question 18

What is included in Reporting & Follow-up?

Answer 18

Communicate findings, recommend corrective actions, and verify implementation.

Question 19

What is Inherent Risk?

Answer 19

The level of risk before any controls are applied.

Question 20

What is Residual Risk?

Answer 20

The risk that remains after controls are implemented.

Question 21

What is Risk Appetite?

Answer 21

The level of risk an organization is willing to accept.

Question 22

Name 4 common risk treatment strategies.

Answer 22

1. Reduce (Mitigate)
2. Transfer (e.g., insurance)
3. Accept
4. Avoid

Question 23

What audit framework does ISACA follow?

Answer 23

ISACA follows the IPPF (International Professional Practices Framework), based on the COSO framework.

Question 24

What is ITAF in ISACA guidance?

Answer 24

ITAF stands for Information Technology Assurance Framework, providing standards, guidelines, tools, and techniques for IT auditors.

Question 25

What is the first step in the audit planning process?

Answer 25

Gain an understanding of the business, including its mission, vision, objectives, and processes.

Question 26

Why should prior audit work papers be reviewed?

Answer 26

To understand past audit issues, trends, and assess control maturity, aiding in planning the depth of current audit checks.

Question 27

Can auditors perform control self-assessments?

Answer 27

No, auditors should not perform CSAs but can guide, support, and facilitate them.

Question 28

What role do auditors play in control self-assessment?

Answer 28

Auditors act as facilitators by helping to develop checklists and train the business units without directly executing the CSA.

Question 29

What are some common types of IT audits?

Answer 29

Operational, integrated, administrative, specialized (e.g., pen testing), and functional audits for readiness assessment.

Question 30

What is an integrated audit?

Answer 30

An audit combining IT, financial, and operational components into one review, often resulting in a consolidated report.