IS A P 1.1: Udit Rocess

1. The document discusses questions from a CISA exam related to IS audit processes. It provides explanations and rationales for the answers. 2. Key topics covered include compliance testing vs substantive testing, factors that affect audit risks, appropriate measures of risk, statistical sampling techniques, and the purpose of risk-based auditing in allocating resources. 3. The document emphasizes that developing an audit plan based on a detailed risk assessment is important for delivering value by focusing resources on higher-risk areas.

Uploaded by

Pedro Lavi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

48 views19 pages

IS A P 1.1: Udit Rocess

Uploaded by

Pedro Lavi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 19

CISA2009Answers

1
ISAUDITPROCESS1.1
Q1 (C) compliancetesting.
Compliancetestingdetermineswhethercontrolsarebeingappliedincompliancewith
policy.Thisincludesteststodeterminewhethernewaccountswereappropriately
authorized.Variablesamplingisusedtoestimatenumericalvalues,suchasdollar
values.Substantivetestingsubstantiatestheintegrityofactualprocessing,suchas
balancesonfinancialstatements.Thedevelopmentofsubstantivetestsisoften
dependentontheoutcomeofcompliancetests.Ifcompliancetestsindicatethat
thereareadequateinternalcontrols,thensubstantivetestscanbeminimized.Stopor
gosamplingallowsatesttobestoppedasearlyaspossibleandisnotappropriatefor
checkingwhetherprocedureshavebeenfollowed.
ISAUDITPROCESS1.1
Q2 (B) Detection
Detectionrisksaredirectlyaffectedbytheauditor'sselectionofauditproceduresand
techniques.InherentrisksarenotusuallyaffectedbyanISauditor.Controlrisksare
controlledbytheactionsofthecompany'smanagement.Businessrisksarenot
affectedbyanISauditor.
ISAUDITPROCESS1.1
Q3 (A) aproductoftheprobabilityandmagnitudeoftheimpactifathreatsuccessfully
exploitsavulnerability.
ChoiceAtakesintoconsiderationthelikelihoodandmagnitudeoftheimpactand
providesthebestmeasureoftherisktoanasset.ChoiceBprovidesonlythelikelihood
ofathreatexploitingavulnerabilityintheassetbutdoesnotprovidethemagnitude
ofthepossibledamagetotheasset.Similarly,choiceCconsidersonlythemagnitude
ofthedamageandnotthepossibilityofathreatexploitingavulnerability.ChoiceD
definestheriskonanarbitrarybasisandisnotsuitableforascientificrisk
managementprocess.
ISAUDITPROCESS1.1
Q4 (C) Usingastatisticalsampletoinventorythetapelibrary
Asubstantivetestconfirmstheintegrityofactualprocessing.Asubstantivetestwould
determineifthetapelibraryrecordsarestatedcorrectly.Acompliancetest
determinesifcontrolsarebeingappliedinamannerthatisconsistentwith
managementpoliciesandprocedures.Checkingtheauthorizationofexception
reports,reviewingauthorizationforchangingparametersandreviewingpassword
historyreportsareallcompliancetests.
CISA2009Answers
2
ISAUDITPROCESS1.1
Q5 (D) resourcesareallocatedtotheareasofhighestconcern.
Theriskbasedapproachisdesignedtoensureaudittimeisspentontheareasof
highestrisk.Thedevelopmentofanauditscheduleisnotaddressedbyariskbased
approach.Auditschedulesmaybepreparedmonthsinadvanceusingvarious
schedulingmethods.Ariskapproachdoesnothaveadirectcorrelationtotheaudit
staffmeetingtimebudgetsonaparticularaudit,nordoesitnecessarilymeanawider
varietyofauditswillbeperformedinagivenyear.
ISAUDITPROCESS1.1
Q6 (D) outlinetheoverallauthority,scopeandresponsibilitiesoftheauditfunction.
Anauditchartershouldstatemanagement'sobjectivesforanddelegationofauthority
toISaudit.Thischartershouldnotsignificantlychangeovertimeandshouldbe
approvedatthehighestlevelofmanagement.Anauditcharterwouldnotbeata
detailedleveland,therefore,wouldnotincludespecificauditobjectivesor
procedures.
ISAUDITPROCESS1.1
Q7 (C) appropriatelevelsofprotectionareappliedtoinformationassets.
Fullriskassessmentdeterminesthelevelofprotectionmostappropriatetoagiven
levelofrisk,whilethebaselineapproachmerelyappliesastandardsetofprotection
regardlessofrisk.Thereisacostadvantageinnotoverprotectinginformation.
However,anevenbiggeradvantageismakingsurethatnoinformationassetsare
overorunderprotected.Theriskassessmentapproachwillensureanappropriate
levelofprotectionisapplied,commensuratewiththelevelofriskandassetvalueand,
therefore,consideringassetvalue.Thebaselineapproachdoesnotallowmore
resourcestobedirectedtowardtheassetsatgreaterrisk,ratherthanequallydirecting
resourcestoallassets.
ISAUDITPROCESS1.1
Q8 (A) Attributesampling
Attributesamplingistheprimarysamplingmethodusedforcompliancetesting.
Attributesamplingisasamplingmodelthatisusedtoestimatetherateofoccurrence
ofaspecificquality(attribute)inapopulationandisusedincompliancetestingto
confirmwhetherthequalityexists.Theotherchoicesareusedinsubstantivetesting,
whichinvolvestestingofdetailsorquantity.
CISA2009Answers
3
ISAUDITPROCESS1.1
Q9 (A) Multiplecyclesofbackupfilesremainavailable.
Backupfilescontainingdocumentsthatsupposedlyhavebeendeletedcouldbe
recoveredfromthesefiles.Accesscontrolsmayhelpestablishaccountabilityforthe
issuanceofaparticulardocument,butthisdoesnotprovideevidenceoftheemail.
Dataclassificationstandardsmaybeinplacewithregardstowhatshouldbe
communicatedviaemail,butthecreationofthepolicydoesnotprovidethe
informationrequiredforlitigationpurposes.
ISAUDITPROCESS1.1
Q10 (A) implementedaspecificcontrolduringthedevelopmentoftheapplicationsystem.
IndependencemaybeimpairedifanISauditoris,orhasbeen,activelyinvolvedinthe
development,acquisitionandimplementationoftheapplicationsystem.ChoicesB
andCaresituationsthatdonotimpairanISauditor'sindependence.ChoiceD
isincorrectbecauseanISauditor'sindependenceisnotimpairedbyprovidingadvice
onknownbestpractices.
ISAUDITPROCESS1.1
Q11 (C) canimprovesystemsecuritywhenusedintimesharingenvironmentsthatprocessa
largenumberoftransactions.
Theuseofcontinuousauditingtechniquescanimprovesystemsecuritywhenusedin
timesharingenvironmentsthatprocessalargenumberoftransactions,butleavea
scarcepapertrail.ChoiceAisincorrectsincethecontinuousauditapproachoftendoes
requireanISauditortocollectevidenceonsystemreliabilitywhileprocessingistaking
place.ChoiceBisincorrectsinceanISauditornormallywouldreviewandfollowup
onlyonmaterialdeficienciesorerrorsdetected.ChoiceDisincorrectsincetheuseof
continuousaudittechniquesdependsonthecomplexityofanorganization'scomputer
systems.
ISAUDITPROCESS1.1
Q12 (B) establishaccountabilityandresponsibilityforprocessedtransactions.
Enablingaudittrailshelpsinestablishingtheaccountabilityandresponsibilityof
processedtransactionsbytracingtransactionsthroughthesystem.Theobjectiveof
enablingsoftwaretoprovideaudittrailsisnottoimprovesystemefficiency,sinceit
ofteninvolvesadditionalprocessingwhichmayinfactreduceresponsetimeforusers.
Enablingaudittrailsinvolvesstorageandthusoccupiesdiskspace.ChoiceDisalsoa
validreason;however,itisnottheprimaryreason.
CISA2009Answers
4
ISAUDITPROCESS1.1
Q13 (B) vulnerabilitiesandthreatsareidentified.
Indevelopingariskbasedauditstrategy,itiscriticalthattherisksandvulnerabilities
beunderstood.Thiswilldeterminetheareastobeauditedandtheextentofcoverage.
Understandingwhetherappropriatecontrolsrequiredtomitigaterisksareinplaceisa
resultanteffectofanaudit.Auditrisksareinherentaspectsofauditing,aredirectly
relatedtotheauditprocessandarenotrelevanttotheriskanalysisofthe
environmenttobeaudited.Agapanalysiswouldnormallybedonetocomparethe
actualstatetoanexpectedordesirablestate.
ISAUDITPROCESS1.1
Q14 (C) developtheauditplanonthebasisofadetailedriskassessment.
Monitoringthetime(choiceA)andauditprograms(choiceD),aswellasadequate
training(choiceB),willimprovetheISauditstaff'sproductivity(efficiencyand
performance),butthatwhichdeliversvaluetotheorganizationaretheresourcesand
effortsbeingdedicatedto,andfocusedon,thehigherriskareas.
ISAUDITPROCESS1.1
Q15 (D) roleoftheISauditfunction.
AnISauditcharterestablishestheroleoftheinformationsystemsauditfunction.The
chartershoulddescribetheoverallauthority,scope,andresponsibilitiesoftheaudit
function.Itshouldbeapprovedbythehighestlevelofmanagementand,ifavailable,
bytheauditcommittee.Shorttermandlongtermplanningistheresponsibilityof
auditmanagement.TheobjectivesandscopeofeachISauditshouldbeagreedtoin
anengagementletter.Atrainingplan,basedontheauditplan,shouldbedeveloped
byauditmanagement.
ISAUDITPROCESS1.2
Q16 (D) thethreats/vulnerabilitiesaffectingtheassets.
Oneofthekeyfactorstobeconsideredwhileassessingtherisksrelatedtotheuseof
variousinformationsystemsisthethreatsandvulnerabilitiesaffectingtheassets.The
risksrelatedtotheuseofinformationassetsshouldbeevaluatedinisolationfromthe
installedcontrols.Similarly,theeffectivenessofthecontrolsshouldbeconsidered
duringtheriskmitigationstageandnotduringtheriskassessmentphase
Amechanismtocontinuouslymonitortherisksrelatedtoassetsshouldbeputinplace
duringtheriskmonitoringfunctionthatfollowstheriskassessmentphase.
CISA2009Answers
5
ISAUDITPROCESS1.2
Q17 (A) areasofhighrisk.
Whendesigninganauditplan,itisimportanttoidentifytheareasofhighestriskto
determinetheareastobeaudited.Theskillsetsoftheauditstaffshouldhavebeen
consideredbeforedecidingandselectingtheaudit.Teststepsfortheauditarenotas
criticalasidentifyingtheareasofrisk,andthetimeallottedforanauditisdetermined
bytheareastobeaudited,whichareprimarilyselectedbasedontheidentificationof
risks.
ISAUDITPROCESS1.2
Q18 (D) purposeandscopeoftheauditbeingdone.
TheextenttowhichdatawillbecollectedduringanISauditshouldberelateddirectly
tothescopeandpurposeoftheaudit.Anauditwithanarrowpurposeandscope
wouldresultmostlikelyinlessdatacollection,thananauditwithawiderpurposeand
scope.ThescopeofanISauditshouldnotbeconstrainedbytheeaseofobtainingthe
informationorbytheauditor'sfamiliaritywiththeareabeingaudited.Collectingall
therequiredevidenceisarequiredelementofanISaudit,andthescopeoftheaudit
shouldnotbelimitedbytheauditee'sabilitytofindrelevantevidence.
ISAUDITPROCESS1.2
Q19 (A) reasonableassurancethattheauditwillcovermaterialitems.
TheISACAISAuditingGuidelineG15onplanningtheISauditstates,Anassessmentof
riskshouldbemadetoprovidereasonableassurancethatmaterialitemswillbe
adequatelycoveredduringtheauditwork.Thisassessmentshouldidentifyareaswith
arelativelyhighriskoftheexistenceofmaterialproblems.Definiteassurancethat
materialitemswillbecoveredduringtheauditworkisanimpracticalproposition.
Reasonableassurancethatallitemswillbecoveredduringtheauditworkisnotthe
correctanswer,asmaterialitemsneedtobecovered,notallitems.
ISAUDITPROCESS1.2
Q20 (A) theprobabilityoferrormustbeobjectivelyquantified.
Givenanexpectederrorrateandconfidencelevel,statisticalsamplingisanobjective
methodofsampling,whichhelpsanISauditordeterminethesamplesizeandquantify
theprobabilityoferror(confidencecoefficient).ChoiceBisincorrectbecause
samplingriskistheriskofasamplenotbeingrepresentativeofthepopulation.This
riskexistsforbothjudgmentandstatisticalsamples.ChoiceCisincorrectbecause
statisticalsamplingdoesnotrequiretheuseofgeneralizedauditsoftware.ChoiceDis
incorrectbecausethetolerableerrorratemustbepredeterminedforbothjudgment
andstatisticalsampling.
CISA2009Answers
6
ISAUDITPROCESS1.2
Q21 (A) addressauditobjectives.
ISACAauditingstandardsrequirethatanISauditorplantheauditworktoaddressthe
auditobjectives.ChoiceBisincorrectbecausetheauditordoesnotcollectevidencein
theplanningstageofanaudit.ChoicesCandDareincorrectbecausetheyarenotthe
primarygoalsofauditplanning.TheactivitiesdescribedinchoicesB,CandDareall
undertakentoaddressauditobjectivesandarethussecondarytochoiceA.
ISAUDITPROCESS1.2
Q22 (A) sufficientevidencewillbecollected.
ProceduresareprocessesanISauditormayfollowinanauditengagement.In
determiningtheappropriatenessofanyspecificprocedure,anISauditorshoulduse
professionaljudgmentappropriatetothespecificcircumstances.Professional
judgmentinvolvesasubjectiveandoftenqualitativeevaluationofconditionsarisingin
thecourseofanaudit.Judgmentaddressesagreyareawherebinary(yes/no)
decisionsarenotappropriateandtheauditor'spastexperienceplaysakeyrolein
makingajudgment.ISACA'sguidelinesprovideinformationonhowtomeetthe
standardswhenperformingISauditwork.Identifyingmaterialweaknessesisthe
resultofappropriatecompetence,experienceandthoroughnessinplanningand
executingtheauditandnotofprofessionaljudgment.Professionaljudgmentisnota
primaryinputtothefinancialaspectsoftheaudit.
ISAUDITPROCESS1.2
Q23 (D) obtainanunderstandingofthesecurityriskstoinformationprocessing.
Whenevaluatinglogicalaccesscontrols,anISauditorshouldfirstobtainan
understandingofthesecurityrisksfacinginformationprocessingbyreviewingrelevant
documentation,byinquiries,andbyconductingariskassessment.Documentation
andevaluationisthesecondstepinassessingtheadequacy,efficiencyand
effectiveness,thusidentifyingdeficienciesorredundancyincontrols.Thethirdstepis
totesttheaccesspathstodetermineifthecontrolsarefunctioning.Lastly,theIS
auditorevaluatesthesecurityenvironmenttoassessitsadequacybyreviewingthe
writtenpolicies,observingpracticesandcomparingthemtoappropriatesecuritybest
practices.
ISAUDITPROCESS1.2
Q24 (B) thesystematiccollectionofevidenceafterasystemirregularity.
ChoiceBdescribesaforensicaudit.Theevidencecollectedcouldthenbeusedin
judicialproceedings.Forensicauditsarenotlimitedtocorporatefraud.Assessingthe
correctnessofanorganization'sfinancialstatementsisnotthepurposeofaforensic
audit.Drawingaconclusionastocriminalactivitywouldbepartofalegalprocessand
nottheobjectiveofaforensicaudit.
CISA2009Answers
7
ISAUDITPROCESS1.2
Q25 (D) Expandthesampleoflogsreviewed
AuditstandardsrequirethatanISauditorgathersufficientandappropriateaudit
evidence.Theauditorhasfoundapotentialproblemandnowneedstodetermineif
thisisanisolatedincidentorasystematiccontrolfailure.Atthisstageitistoo
preliminarytoissueanauditfindingandseekinganexplanationfrommanagementis
advisable,butitwouldbebettertogatheradditionalevidencetoproperlyevaluate
theseriousnessofthesituation.Abackupfailure,whichhasnotbeenestablishedat
thispoint,willbeseriousifitinvolvescriticaldata.However,theissueisnotthe
importanceofthedataontheserver,whereaproblemhasbeendetected,but
whetherasystematiccontrolfailurethatimpactsotherserversexists.
ISAUDITPROCESS1.3
Q26 (D) Trend/variancedetectiontools
Trend/variancedetectiontoolslookforanomaliesinuserorsystembehavior,for
example,determiningwhetherthenumbersforprenumbereddocumentsare
sequentialorincreasing.CASEtoolsareusedtoassistsoftwaredevelopment.
Embedded(audit)datacollectionsoftwareisusedforsamplingandtoprovide
productionstatistics.Heuristicscanningtoolscanbeusedtoscanforvirusesto
indicatepossibleinfectedcode.
ISAUDITPROCESS1.3
Q27 (D) ManyuserIDshaveidenticalpasswords.
ExploitationofaknownuserIDandpasswordrequiresminimaltechnicalknowledge
andexposesthenetworkresourcestoexploitation.Thetechnicalbarrierislowand
theimpactcanbeveryhigh;therefore,thefactthatmanyuserIDshaveidentical
passwordsrepresentsthegreatestthreat.Externalmodemsrepresentasecurityrisk,
butexploitationstilldependsontheuseofavaliduseraccount.Whiletheimpactof
usersinstallingsoftwareontheirdesktopscanbehigh(forexample,duetothe
installationofTrojansorkeyloggingprograms),thelikelihoodisnothighduetothe
leveloftechnicalknowledgerequiredtosuccessfullypenetratethenetwork.Although
networkmonitoringcanbeausefuldetectivecontrol,itwillonlydetectabuseofuser
accountsinspecialcircumstancesandis,therefore,notafirstlineofdefense.
ISAUDITPROCESS1.3
Q28 (A) Thepreservationofthechainofcustodyforelectronicevidence
Theprimaryobjectiveofforensicsoftwareistopreserveelectronicevidencetomeet
therulesofevidence.ChoiceB,timeandcostsavings,andchoiceC,efficiencyand
effectiveness,arelegitimateconcernsthatdifferentiategoodfrompoorforensic
softwarepackages.ChoiceD,theabilitytosearchforintellectualpropertyrights
violations,isanexampleofauseofforensicsoftware.
CISA2009Answers
8
ISAUDITPROCESS1.3
Q29 (A) matchingcontroltotalsoftheimporteddatatocontroltotalsoftheoriginaldata.
Matchingcontroltotalsoftheimporteddatawithcontroltotalsoftheoriginaldatais
thenextlogicalstep,asthisconfirmsthecompletenessoftheimporteddata.Itisnot
possibletoconfirmcompletenessbysortingtheimporteddata,becausetheoriginal
datamaynotbeinsortedorder.Further,sortingdoesnotprovidecontroltotalsfor
verifyingcompleteness.Reviewingaprintoutof100recordsoforiginaldatawith100
recordsofimporteddataisaprocessofphysicalverificationandconfirmstheaccuracy
ofonlytheserecords.Filteringdatafordifferentcategoriesandmatchingthemto
originaldatawouldstillrequirethatcontroltotalsbedevelopedtoconfirmthe
completenessofthedata.
ISAUDITPROCESS1.3
Q30 (B) Generalizedauditsoftware
Generalizedauditsoftwarefeaturesincludemathematicalcomputations,
stratification,statisticalanalysis,sequencechecking,duplicatecheckingand
recomputations.AnISauditor,usinggeneralizedauditsoftware,coulddesign
appropriateteststorecomputethepayroll,therebydeterminingiftherewere
overpaymentsandtowhomtheyweremade.Testdatawouldtestfortheexistenceof
controlsthatmightpreventoverpayments,butitwouldnotdetectspecific,previous
miscalculations.Neitheranintegratedtestfacilitynoranembeddedauditmodule
woulddetecterrorsforapreviousperiod.
ISAUDITPROCESS1.3
Q31 (D) identifyandevaluateexistingpractices.
Oneofthemainobjectivesofanauditistoidentifypotentialrisks;therefore,themost
proactiveapproachwouldbetoidentifyandevaluatetheexistingsecuritypractices
beingfollowedbytheorganization.ISauditorsshouldnotpreparedocumentation,as
doingsocouldjeopardizetheirindependence.Terminatingtheauditmayprevent
achievingoneofthebasicauditobjectives,i.e.,identificationofpotentialrisks.Since
therearenodocumentedprocedures,thereisnobasisagainstwhichtotest
compliance.
ISAUDITPROCESS1.3
Q32 (D) identifyandevaluatetheexistingcontrols.
ItisimportantforanISauditortoidentifyandevaluatetheexistingcontrolsand
securityoncethepotentialthreatsandpossibleimpactsareidentified.Upon
completionofanauditanISauditorshoulddescribeanddiscusswithmanagementthe
threatsandpotentialimpactsontheassets.
CISA2009Answers
9
ISAUDITPROCESS1.3
Q33 (A) Lackofreportingofasuccessfulattackonthenetwork
NotreportinganintrusionisequivalenttoanISauditorhidingamaliciousintrusion,
whichwouldbeaprofessionalmistake.Althoughnotificationtothepolicemaybe
requiredandthelackofaperiodicexaminationofaccessrightsmightbeaconcern,
theydonotrepresentasbigaconcernasthefailuretoreporttheattack.Reportingto
thepublicisnotarequirementandisdependentontheorganization'sdesire,orlack
thereof,tomaketheintrusionknown.
ISAUDITPROCESS1.3
Q34 (A) Aconfirmationletterreceivedfromathirdpartyverifyinganaccountbalance
Evidenceobtainedfromindependentthirdpartiesalmostalwaysisconsideredtobe
themostreliable.ChoicesB,CandDwouldnotbeconsideredasreliable.
ISAUDITPROCESS1.3
Q35 (A) Thepointatwhichcontrolsareexercisedasdataflowthroughthesystem
AnISauditorshouldfocusonwhencontrolsareexercisedasdataflowthrougha
computersystem.ChoiceBisincorrectsincecorrectivecontrolsmayalsoberelevant.
ChoiceCisincorrect,sincecorrectivecontrolsremoveorreducetheeffectsoferrors
orirregularitiesandareexclusivelyregardedascompensatingcontrols.ChoiceDis
incorrectandirrelevantsincetheexistenceandfunctionofcontrolsisimportant,not
theclassification.
ISAUDITPROCESS1.3
Q36 (C) Observationandinterviews
ByobservingtheISstaffperformingtheirtasks,anISauditorcanidentifywhetherthey
areperforminganyincompatibleoperations,andbyinterviewingtheISstaff,the
auditorcangetanoverviewofthetasksperformed.Basedontheobservationsand
interviewstheauditorcanevaluatethesegregationofduties.Managementmaynot
beawareofthedetailedfunctionsofeachemployeeintheISdepartment;therefore,
discussionwiththemanagementwouldprovideonlylimitedinformation
regardingsegregationofduties.Anorganizationchartwouldnotprovidedetailsofthe
functionsoftheemployees.Testingofuserrightswouldprovideinformationabout
therightstheyhavewithintheISsystems,butwouldnotprovidecomplete
informationaboutthefunctionstheyperform.
CISA2009Answers
10
ISAUDITPROCESS1.3
Q37 (C) generalizedauditsoftwaretosearchforaddressfieldduplications.
Sincethenameisnotthesame(duetonamevariations),onemethodtodetect
duplicationswouldbetocompareothercommonfields,suchasaddresses.A
subsequentreviewtodeterminecommoncustomernamesattheseaddressescould
thenbeconducted.Searchingforduplicateaccountnumberswouldnotlikelyfind
duplications,sincecustomerswouldmostlikelyhavedifferentaccountnumbersfor
eachvariation.Testdatawouldnotbeusefultodetecttheextentofanydata
characteristic,butsimplytodeterminehowthedatawereprocessed.
ISAUDITPROCESS1.3
Q38 (D) Productionlibrarylistings
Thebestsourcefromwhichtodrawanysampleortestofsysteminformationisthe
automatedsystem.Theproductionlibrariesrepresentexecutablesthatareapproved
andauthorizedtoprocessorganizationaldata.Sourceprogramlistingswouldbe
timeintensive.Programchangerequestsarethedocumentsusedtoinitiatechange;
thereisnoguaranteethattherequesthasbeencompletedforallchanges.Testlibrary
listingsdonotrepresenttheapprovedandauthorizedexecutables.
ISAUDITPROCESS1.3
Q39 (C) comparesprocessingoutputwithindependentlycalculateddata.
Anintegratedtestfacilityisconsideredausefulaudittoolbecauseitusesthesame
programstocompareprocessingusingindependentlycalculateddata.Thisinvolves
settingupdummyentitiesonanapplicationsystemandprocessingtestorproduction
dataagainsttheentityasameansofverifyingprocessingaccuracy.
ISAUDITPROCESS1.3
Q40 (C) graphicallysummarizedatapathsandstorage.
Dataflowdiagramsareusedasaidstographorchartdataflowandstorage.They
tracethedatafromitsoriginationtodestination,highlightingthepathsandstorageof
data.Theydonotorderdatainanyhierarchy.Theflowofthedatawillnotnecessarily
matchanyhierarchyordatagenerationorder.
ISAUDITPROCESS1.3
Q41 (D) Aconfirmationletterreceivedfromanoutsidesource
Evidenceobtainedfromoutsidesourcesisusuallymorereliablethanthatobtained
fromwithintheorganization.Confirmationlettersreceivedfromoutsideparties,such
asthoseusedtoverifyaccountsreceivablebalances,areusuallyhighlyreliable.
Testingperformedbyanauditormaynotbereliable,iftheauditordidnothavea
goodunderstandingofthetechnicalareaunderreview.
CISA2009Answers
11
ISAUDITPROCESS1.3
Q42 (C) understandingtheresponsibilitiesandauthorityofindividuals.
Anorganizationalchartprovidesinformationabouttheresponsibilitiesandauthority
ofindividualsintheorganization.ThishelpsanISauditortoknowifthereisaproper
segregationoffunctions.Aworkflowchartwouldprovideinformationabouttheroles
ofdifferentemployees.Anetworkdiagramwillprovideinformationabouttheusage
ofvariouscommunicationchannelsandwillindicatetheconnectionofuserstothe
network.
ISAUDITPROCESS1.3
Q43 (A) Availabilityofonlinenetworkdocumentation
Networkoperatingsystemuserfeaturesincludeonlineavailabilityofnetwork
documentation.Otherfeatureswouldbeuseraccesstovariousresourcesofnetwork
hosts,userauthorizationtoaccessparticularresources,andthenetworkandhost
computersusedwithoutspecialuseractionsorcommands.ChoicesB,CandDare
examplesofnetworkoperatingsystemsfunctions.
ISAUDITPROCESS1.3
Q44 (B) interviewprogrammersabouttheprocedurescurrentlybeingfollowed.
Askingprogrammersabouttheprocedurescurrentlybeingfollowedisusefulin
determiningwhetheraccesstoprogramdocumentationisrestrictedtoauthorized
persons.Evaluatingtherecordretentionplansforoffpremisesstorageteststhe
recoveryprocedures,nottheaccesscontroloverprogramdocumentation.Testing
utilizationrecordsordatafileswillnotaddressaccesssecurityoverprogram
documentation.
ISAUDITPROCESS1.3
Q45 (B) Periodictestingdoesnotrequireseparatetestprocesses.
Anintegratedtestfacilitycreatesafictitiousentityinthedatabasetoprocesstest
transactionssimultaneouslywithliveinput.Itsadvantageisthatperiodictestingdoes
notrequireseparatetestprocesses.However,carefulplanningisnecessary,andtest
datamustbeisolatedfromproductiondata.
ISAUDITPROCESS1.3
Q46 (C) Examinesomeofthetestcasestoconfirmtheresults.
AnISauditorshouldnextexaminecaseswhereincorrectcalculationsoccurredand
confirmtheresults.Afterthecalculationshavebeenconfirmed,furthertestscanbe
conductedandreviewed.Reportpreparation,findingsandrecommendationswould
notbemadeuntilallresultsareconfirmed.
CISA2009Answers
12
ISAUDITPROCESS1.3
Q47 (C) preparingsimulatedtransactionsforprocessingandcomparingtheresultsto
predeterminedresults.
Preparingsimulatedtransactionsforprocessingandcomparingtheresultsto
predeterminedresultsisthebestmethodforprovingaccuracyofataxcalculation.
Detailedvisualreview,flowchartingandanalysisofsourcecodearenoteffective
methods,andmonthlytotalswouldnotaddresstheaccuracyofindividualtax
calculations.
ISAUDITPROCESS1.3
Q48 (B) impactofanyexposuresdiscovered.
Anapplicationcontrolreviewinvolvestheevaluationoftheapplication'sautomated
controlsandanassessmentofanyexposuresresultingfromthecontrolweaknesses.
Theotherchoicesmaybeobjectivesofanapplicationauditbutarenotpartofanaudit
restrictedtoareviewofcontrols.
ISAUDITPROCESS1.3
Q49 (A) Testingwhetherinappropriatepersonnelcanchangeapplicationparameters
Todeterminepurchaseordervalidity,testingaccesscontrolswillprovidethebest
evidence.ChoicesBandCarebasedonafterthefactapproaches,whilechoiceDdoes
notservethepurposebecausewhatisinthesystemdocumentationmaynotbe
thesameaswhatishappening.
ISAUDITPROCESS1.3
Q50 (D) Audithooks
Theaudithooktechniqueinvolvesembeddingcodeinapplicationsystemsforthe
examinationofselectedtransactions.ThishelpsanISauditortoactbeforeanerroror
anirregularitygetsoutofhand.Anembeddedauditmoduleinvolvesembedding
speciallywrittensoftwareintheorganization'shostapplicationsystemsothat
applicationsystemsaremonitoredonaselectivebasis.Anintegratedtestfacilityis
usedwhenitisnotpracticaltousetestdata,andsnapshotsareusedwhenan
audittrailisrequired.
ISAUDITPROCESS1.3
Q51 (A) topologydiagrams.
Thefirststepinassessingnetworkmonitoringcontrolsshouldbethereviewofthe
adequacyofnetworkdocumentation,specificallytopologydiagrams.Ifthis
informationisnotuptodate,thenmonitoringprocessesandtheabilitytodiagnose
problemswillnotbeeffective.
CISA2009Answers
13
ISAUDITPROCESS1.3
Q52 (C) Informappropriatepersonnelimmediately.
ThefirstthinganISauditorshoulddoafterdetectingthevirusistoalertthe
organizationtoitspresence,thenwaitfortheirresponse.ChoiceAshouldbetaken
afterchoiceC.ThiswillenableanISauditortoexaminetheactualworkabilityand
effectivenessoftheresponsesystem.AnISauditorshouldnotmakechangestothe
systembeingaudited,andensuringthedeletionofthevirusisamanagement
responsibility.
ISAUDITPROCESS1.3
Q53 (C) conductingaphysicalcountofthetapeinventory.
Asubstantivetestincludesgatheringevidencetoevaluatetheintegrityofindividual
transactions,dataorotherinformation.Conductingaphysicalcountofthetape
inventoryisasubstantivetest.ChoicesA,BandDarecompliancetests.
ISAUDITPROCESS1.3
Q54 (C) preservation.
Preservationanddocumentationofevidenceforreviewbylawenforcementand
judicialauthoritiesareofprimaryconcernwhenconductinganinvestigation.Failureto
properlypreservetheevidencecouldjeopardizetheacceptanceoftheevidencein
legalproceedings.Analysis,evaluationanddisclosureareimportantbutnotofprimary
concerninaforensicinvestigation.
ISAUDITPROCESS1.3
Q55 (B) expandthescopetoincludesubstantivetesting.
IftheanswersprovidedtoanISauditor'squestionsarenotconfirmedbydocumented
proceduresorjobdescriptions,theISauditorshouldexpandthescopeoftestingthe
controlsandincludeadditionalsubstantivetests.Thereisnoevidencethatwhatever
controlsmightexistareeitherinadequateoradequate.Placinggreaterrelianceon
previousauditsorsuspendingtheauditareinappropriateactionsastheyprovideno
currentknowledgeoftheadequacyoftheexistingcontrols.
ISAUDITPROCESS1.3
Q56 (A) professionalindependence
WhenanISauditorrecommendsaspecificvendor,theycompromiseprofessional
independence.Organizationalindependencehasnorelevancetothecontentofan
auditreportandshouldbeconsideredatthetimeofacceptingtheengagement.
Technicalandprofessionalcompetenceisnotrelevanttotherequirementof
independence.
CISA2009Answers
14
ISAUDITPROCESS1.3
Q57 (A) understandthebusinessprocess.
UnderstandingthebusinessprocessisthefirststepanISauditorneedstoperform.
StandardsdonotrequireanISauditortoperformaprocesswalkthrough.Identifying
controlweaknessesisnottheprimaryreasonforthewalkthroughandtypicallyoccurs
atalaterstageintheaudit,whileplanningforsubstantivetestingisperformedata
laterstageintheaudit.
ISAUDITPROCESS1.3
Q58 (A) examinesourceprogramchangeswithoutinformationfromISpersonnel.
AnISauditorhasanobjective,independentandrelativelycompleteassuranceof
programchangesbecausethesourcecodecomparisonwillidentifychanges.ChoiceB
isincorrect,becausethechangesmadesincetheacquisitionofthecopyarenot
includedinthecopyofthesoftware.ChoiceCisincorrect,asanISauditorwillhaveto
gainthisassuranceseparately.ChoiceDisincorrect,becauseanychangesmade
betweenthetimethecontrolcopywasacquiredandthesourcecodecomparisonis
madewillnotbedetected.
ISAUDITPROCESS1.3
Q59 (B) gainagreementonthefindings.
Theprimarypurposeformeetingwithauditeespriortoformallyclosingareviewisto
gainagreementonthefindings.Theotherchoices,thoughrelatedtotheformal
closureofanaudit,areofsecondaryimportance.
ISAUDITPROCESS1.3
Q60 (C) Automatedcodecomparison
Anautomatedcodecomparisonistheprocessofcomparingtwoversionsofthesame
programtodeterminewhetherthetwocorrespond.Itisanefficienttechnique
becauseitisanautomatedprocedure.Testdatarunspermittheauditortoverifythe
processingofpreselectedtransactions,butprovidenoevidenceaboutunexercised
portionsofaprogram.Codereviewistheprocessofreadingprogramsourcecode
listingstodeterminewhetherthecodecontainspotentialerrorsorinefficient
statements.Acodereviewcanbeusedasameansofcodecomparisonbutitis
inefficient.Thereviewofcodemigrationprocedureswouldnotdetectprogram
changes.
CISA2009Answers
15
ISAUDITPROCESS1.3
Q61 (B) identifywhethersuchsoftwareis,indeed,beingusedbytheorganization.
Whenthereisanindicationthatanorganizationmightbeusingunlicensedsoftware,
theISauditorshouldobtainsufficientevidencebeforeincludingitinthereport.With
respecttothismatter,representationsobtainedfrommanagementcannotbe
independentlyverified.Iftheorganizationisusingsoftwarethatisnotlicensed,the
auditor,tomaintainobjectivityandindependence,mustincludethisinthereport.
ISAUDITPROCESS1.3
Q62 (D) confidentialityoftheworkpapers.
Encryptionprovidesconfidentialityfortheelectronicworkpapers.Audittrails,audit
phaseapprovalsandaccesstotheworkpapersdonot,ofthemselves,affectthe
confidentialitybutarepartofthereasonforrequiringencryption.
ISAUDITPROCESS1.3
Q63 (B) provideabasisfordrawingreasonableconclusions.
ThescopeofanISauditisdefinedbyitsobjectives.Thisinvolvesidentifyingcontrol
weaknessesrelevanttothescopeoftheaudit.Obtainingsufficientandappropriate
evidenceassiststheauditorinnotonlyidentifyingcontrolweaknessesbutalso
documentingandvalidatingthem.Complyingwithregulatoryrequirements,ensuring
coverageandtheexecutionofauditareallrelevanttoanauditbutarenotthereason
whysufficientandrelevantevidenceisrequired.
ISAUDITPROCESS1.3
Q64 (A) expandactivitiestodeterminewhetheraninvestigationiswarranted.
AnISauditor'sresponsibilitiesfordetectingfraudincludeevaluatingfraudindicators
anddecidingwhetheranyadditionalactionisnecessaryorwhetheraninvestigation
shouldberecommended.TheISauditorshouldnotifytheappropriateauthorities
withintheorganizationonlyifithasdeterminedthattheindicatorsoffraudare
sufficienttorecommendaninvestigation.Normally,theISauditordoesnothave
authoritytoconsultwithexternallegalcounsel.
ISAUDITPROCESS1.3
Q65 (B) Generalizedauditsoftware(GAS)
Generalizedauditsoftware(GAS)wouldenabletheauditortoreviewtheentire
invoicefiletolookforthoseitemsthatmeettheselectioncriteria.Attributesampling
wouldaidinidentifyingrecordsmeetingspecificconditions,butwouldnotcompare
onerecordtoanothertoidentifyduplicates.TodetectduplicateinvoicerecordstheIS
auditorshouldcheckalloftheitemsthatmeetthecriteriaandnotjustasampleofthe
items.Testdataareusedtoverifyprogramprocessing,butwillnotidentifyduplicate
records.Anintegratedtestfacility(ITF)allowstheISauditortotesttransactions
throughtheproductionsystem,butwouldnotcomparerecordstoidentifyduplicates.
CISA2009Answers
16
ISAUDITPROCESS1.3
Q66 (C) Buildingaprogramtoidentifyconflictsinauthorization
Sincetheobjectiveistoidentifyviolationsinsegregationofduties,itisnecessaryto
definethelogicthatwillidentifyconflictsinauthorization.Aprogramcouldbe
developedtoidentifytheseconflicts.Areportofsecurityrightsintheenterprise
resourceplanning(ERP)systemwouldbevoluminousandtimeconsumingtoreview;
therefore,thistechniqueisnotaseffectiveasbuildingaprogram.Ascomplexities
increase,itbecomesmoredifficulttoverifytheeffectivenessofthesystemsand
complexityisnot,initself,alinktosegregationofduties.Itisgoodpracticetoreview
recentaccessrightsviolationcases;however,itmayrequireasignificantamountof
timetotrulyidentifywhichviolationsactuallyresultedfromaninappropriate
segregationofduties.
ISAUDITPROCESS1.3
Q67 (B) Compliancetesting
Determiningthatonlyauthorizedmodificationsaremadetoproductionprograms
wouldrequirethechangemanagementprocessbereviewedtoevaluatetheexistence
ofatrailofdocumentaryevidence.Compliancetestingwouldhelptoverifythatthe
changemanagementprocesshasbeenappliedconsistently.Itisunlikelythatthe
systemloganalysiswouldprovideinformationaboutthemodificationofprograms.
Forensicanalysisisaspecializedtechniqueforcriminalinvestigation.Ananalytical
reviewassessesthegeneralcontrolenvironmentofanorganization.
ISAUDITPROCESS1.3
Q68 (B) Gainmoreassuranceonthefindingsthroughrootcauseanalysis.
AchangemanagementprocessiscriticaltoITproductionsystems.Before
recommendingthattheorganizationtakeanyotheraction(e.g.,stoppingmigrations,
redesigningthechangemanagementprocess),theISauditorshouldgainassurance
thattheincidentsreportedarerelatedtodeficienciesinthechangemanagement
processandnotcausedbysomeprocessotherthanchangemanagement.
ISAUDITPROCESS1.3
Q69 (C) Rebootingthesystem
Rebootingthesystemmayresultinachangeinthesystemstateandthelossoffiles
andimportantevidencestoredinmemory.Theotherchoicesareappropriateactions
forpreservingevidence.
CISA2009Answers
17
ISAUDITPROCESS1.3
Q70 (D) communicatethepossibilityofconflictofinteresttomanagementpriortostartingthe
assignment.
Communicatingthepossibilityofaconflictofinteresttomanagementpriortostarting
theassignmentisthecorrectanswer.Apossibleconflictofinterest,likelytoaffectthe
auditor'sindependence,shouldbebroughttotheattentionofmanagementpriorto
startingtheassignment.Decliningtheassignmentisnotthecorrectanswerbecause
theassignmentcouldbeacceptedafterobtainingmanagementapproval.Informing
managementofthepossibleconflictofinterestaftercompletionoftheaudit
assignmentisnotcorrectbecauseapprovalshouldbeobtainedpriorto
commencementandnotafterthecompletionoftheassignment.Informingthe
businesscontinuityplanning(BCP)teamofthepossibleconflictofinterestpriorto
startingoftheassignmentisnotthecorrectanswersincetheBCPteamwouldnot
havetheauthoritytodecideonthisissue.
ISAUDITPROCESS1.4
Q71 (C) Reporttheuseoftheunauthorizedsoftwareandtheneedtopreventrecurrenceto
auditeemanagement.
Theuseofunauthorizedorillegalsoftwareshouldbeprohibitedbyanorganization.
Softwarepiracyresultsininherentexposureandcanresultinseverefines.AnIS
auditormustconvincetheuserandusermanagementoftheriskandtheneedto
eliminatetherisk.AnISauditorshouldnotassumetheroleoftheenforcingofficer
andtakeonanypersonalinvolvementinremovingordeletingtheunauthorized
software.
ISAUDITPROCESS1.4
Q72 (A) includethefindinginthefinalreport,becausetheISauditorisresponsibleforan
accuratereportofallfindings.
Includingthefindinginthefinalreportisagenerallyacceptedauditpractice.Ifan
actionistakenaftertheauditstartedandbeforeitended,theauditreportshould
identifythefindinganddescribethecorrectiveactiontaken.Anauditreportshould
reflectthesituation,asitexistedatthestartoftheaudit.Allcorrectiveactionstaken
bytheauditeeshouldbereportedinwriting.
ISAUDITPROCESS1.4
Q73 (C) recordtheobservationsandtheriskarisingfromthecollectiveweaknesses.
Individuallytheweaknessesareminor;however,togethertheyhavethepotentialto
substantiallyweakentheoverallcontrolstructure.ChoicesAandDreflectafailureon
thepartofanISauditortorecognizethecombinedaffectofthecontrolweakness.
Advisingthelocalmanagerwithoutreportingthefactsandobservationswould
concealthefindingsfromotherstakeholders.
CISA2009Answers
18
ISAUDITPROCESS1.4
Q74 (B) elaborateonthesignificanceofthefindingandtherisksofnotcorrectingit.
Iftheauditeedisagreeswiththeimpactofafinding,itisimportantforanISauditorto
elaborateandclarifytherisksandexposures,astheauditeemaynotfullyappreciate
themagnitudeoftheexposure.Thegoalshouldbetoenlightentheauditeeor
uncovernewinformationofwhichanISauditormaynothavebeenaware.Anything
thatappearstothreatentheauditeewilllesseneffectivecommunicationsandsetup
anadversarialrelationship.Bythesametoken,anISauditorshouldnotautomatically
agreejustbecausetheauditeeexpressesanalternatepointofview.
ISAUDITPROCESS1.4
Q75 (D) sufficientandappropriateauditevidence.
ISACA'sstandardonreportingrequirestheISauditorhavesufficientandappropriate
auditevidencetosupportthereportedresults.StatementsfromISmanagement
provideabasisforobtainingconcurrenceonmattersthatcannotbeverifiedwith
empiricalevidence.Thereportshouldbebasedonevidencecollectedduringthe
courseoftherevieweventhoughtheauditormayhaveaccesstotheworkpapersof
otherauditors.Theresultsofanorganizationalcontrolselfassessment(CSA)could
supplementtheauditfindings.ChoicesA,BandCmightbereferencedduringanaudit
but,ofthemselves,wouldnotbeconsideredasufficientbasisforissuingareport.
ISAUDITPROCESS1.4
Q76 (C) ISauditor.
TheISauditorshouldmakethefinaldecisionaboutwhattoincludeorexcludefrom
theauditreport.Theotherchoiceswouldlimittheindependenceoftheauditor.
ISAUDITPROCESS1.5
Q77 (A) canidentifyhighriskareasthatmightneedadetailedreviewlater.
CSAispredicatedonthereviewofhighriskareasthateitherneedimmediate
attentionoramorethoroughreviewatalaterdate.ChoiceBisincorrect,becauseCSA
requirestheinvolvementofauditorsandlinemanagement.Whatoccursisthatthe
internalauditfunctionshiftssomeofthecontrolmonitoringresponsibilitiestothe
functionalareas.ChoiceCisincorrectbecauseCSAisnotareplacementfortraditional
audits.CSAisnotintendedtoreplaceaudit'sresponsibilities,buttoenhancethem.
ChoiceDisincorrect,becauseCSAdoesnotallowmanagementtorelinquishits
responsibilityforcontrol.
CISA2009Answers
19
ISAUDITPROCESS1.5
Q78 (A) havinglinemanagersassumeaportionoftheresponsibilityforcontrolmonitoring.
TheprimaryobjectiveofaCSAprogramistoleveragetheinternalauditfunctionby
shiftingsomeofthecontrolmonitoringresponsibilitiestothefunctionalarealine
managers.Thesuccessofacontrolselfassessment(CSA)programdependson
thedegreetowhichlinemanagersassumeresponsibilityforcontrols.ChoicesB,Cand
Darecharacteristicsofatraditionalauditapproach,notaCSAapproach.
ISAUDITPROCESS1.5
Q79 (A) Broadstakeholderinvolvement
Thecontrolselfassessment(CSA)approachemphasizesmanagementofand
accountabilityfordevelopingandmonitoringthecontrolsofanorganization's
businessprocesses.TheattributesofCSAincludeempoweredemployees,continuous
improvement,extensiveemployeeparticipationandtraining,allofwhichare
representationsofbroadstakeholderinvolvement.ChoicesB,CandDareattributesof
atraditionalauditapproach.
ISAUDITPROCESS1.5
Q80 (A) Managementownershipoftheinternalcontrolssupportingbusinessobjectivesis
reinforced.
Theobjectiveofcontrolselfassessmentistohavebusinessmanagementbecome
moreawareoftheimportanceofinternalcontrolandtheirresponsibilityintermsof
corporategovernance.Reducingauditexpensesisnotakeybenefitofcontrolself
assessment(CSA).Improvedfrauddetectionisimportant,butnotasimportantas
ownership,andisnotaprincipalobjectiveofCSA.CSAmaygivemoreinsightsto
internalauditors,allowingthemtotakeamoreconsultativerole;however,thisisan
additionalbenefit,notthekeybenefit.

CISA Domain 1: Auditing Information Systems
100% (6)
CISA Domain 1: Auditing Information Systems
17 pages
It Audit Exam Questions PDF
100% (2)
It Audit Exam Questions PDF
33 pages
ITAF Companion Performance Guidelines 2208
No ratings yet
ITAF Companion Performance Guidelines 2208
20 pages
Auditing Theory Midterm Exam
No ratings yet
Auditing Theory Midterm Exam
7 pages
Cisa
100% (3)
Cisa
264 pages
CISA Combined PDF
100% (2)
CISA Combined PDF
264 pages
Change Management Audit Program Final
100% (2)
Change Management Audit Program Final
28 pages
Employee Job Satisfaction Research
100% (8)
Employee Job Satisfaction Research
40 pages
Notes
No ratings yet
Notes
13 pages
Qsa Rank1
No ratings yet
Qsa Rank1
32 pages
Information System Auditing Process
No ratings yet
Information System Auditing Process
60 pages
Chapter 34 Conducting Info Sys Audit
No ratings yet
Chapter 34 Conducting Info Sys Audit
72 pages
Ais3 Notes
No ratings yet
Ais3 Notes
26 pages
CISA Practise Questions
No ratings yet
CISA Practise Questions
25 pages
AF304 Week 9lecture # 1 - Chapter - 11 Test of Controls
No ratings yet
AF304 Week 9lecture # 1 - Chapter - 11 Test of Controls
26 pages
Cisa100practicequestion 140116123310 Phpapp02
No ratings yet
Cisa100practicequestion 140116123310 Phpapp02
102 pages
Control Testing Vs Substantive by CPA MADHAV BHANDARI
100% (1)
Control Testing Vs Substantive by CPA MADHAV BHANDARI
59 pages
REVIEWER
No ratings yet
REVIEWER
8 pages
CISA 100 Practice Questions: Compiled and Arranged by
No ratings yet
CISA 100 Practice Questions: Compiled and Arranged by
26 pages
Auditor's Respond To Assessed Risk
No ratings yet
Auditor's Respond To Assessed Risk
33 pages
100-Mcqs-Cisa Exam
No ratings yet
100-Mcqs-Cisa Exam
32 pages
Cisa Others
No ratings yet
Cisa Others
16 pages
Cisa 100 Practicequestion
No ratings yet
Cisa 100 Practicequestion
102 pages
Auditing and Assurance Final Examination Compress PDF
No ratings yet
Auditing and Assurance Final Examination Compress PDF
17 pages
FINANCIAL AUDIT (Final Exam - Portions) : Relevance
No ratings yet
FINANCIAL AUDIT (Final Exam - Portions) : Relevance
5 pages
Testing - General and Automated Controls: Mentor: TS. Truong Tuan Anh Presenter: Huynh Thi Nan
No ratings yet
Testing - General and Automated Controls: Mentor: TS. Truong Tuan Anh Presenter: Huynh Thi Nan
55 pages
Chapter 13 Auditing and Assurance Services
100% (2)
Chapter 13 Auditing and Assurance Services
26 pages
XX AT.06.09-Evidence-and-Performance-of-Substantive-Testing
No ratings yet
XX AT.06.09-Evidence-and-Performance-of-Substantive-Testing
4 pages
FT8 - VRC For DISA - Day1 - 19072021
No ratings yet
FT8 - VRC For DISA - Day1 - 19072021
85 pages
D. Anticipate Before Performing Any Fieldwork Whether An Unqualified Opinion Can Be Expressed
No ratings yet
D. Anticipate Before Performing Any Fieldwork Whether An Unqualified Opinion Can Be Expressed
5 pages
CISA Review Questions, Answers & Explanations Manual 2014 Supplement
No ratings yet
CISA Review Questions, Answers & Explanations Manual 2014 Supplement
17 pages
AT Salosagcol CH008
No ratings yet
AT Salosagcol CH008
38 pages
Domain 1
No ratings yet
Domain 1
15 pages
Qnat 4
No ratings yet
Qnat 4
29 pages
Auditing - Lecture 5-201516
No ratings yet
Auditing - Lecture 5-201516
60 pages
Audit Sampling
No ratings yet
Audit Sampling
7 pages
CISA - Domain 1 v2
No ratings yet
CISA - Domain 1 v2
91 pages
C Is A 100 Practice Question
100% (1)
C Is A 100 Practice Question
100 pages
Test of Controls MA
No ratings yet
Test of Controls MA
19 pages
Wroksheet Princples of Auditing II
No ratings yet
Wroksheet Princples of Auditing II
9 pages
Key A Justification: Information Systems Assurance Services
No ratings yet
Key A Justification: Information Systems Assurance Services
20 pages
Chapter 11 Auditing Computer Based Information Systems
No ratings yet
Chapter 11 Auditing Computer Based Information Systems
36 pages
ISA Presentation
No ratings yet
ISA Presentation
45 pages
10 Risk Assessment & Response To Assessed Risks
No ratings yet
10 Risk Assessment & Response To Assessed Risks
6 pages
Cisa 2005
No ratings yet
Cisa 2005
160 pages
Reviewer
No ratings yet
Reviewer
19 pages
2011 CISA Sample Exam by Domain Area
No ratings yet
2011 CISA Sample Exam by Domain Area
21 pages
Study Notes On Auditing Responding To The Risk Assessment
No ratings yet
Study Notes On Auditing Responding To The Risk Assessment
11 pages
Ap 01 Overview of The Audit Process
No ratings yet
Ap 01 Overview of The Audit Process
6 pages
CISA-Full Mock Test-II (150 Questions)
No ratings yet
CISA-Full Mock Test-II (150 Questions)
52 pages
FT7 - VRC For DISA - Day1 - 05072021
No ratings yet
FT7 - VRC For DISA - Day1 - 05072021
84 pages
Drill 1
No ratings yet
Drill 1
4 pages
Discussion Wit Dean
No ratings yet
Discussion Wit Dean
13 pages
Cisa Notes 2010
No ratings yet
Cisa Notes 2010
26 pages
Auditing in A CIS Environment V1
No ratings yet
Auditing in A CIS Environment V1
27 pages
Syllabus Area - C
No ratings yet
Syllabus Area - C
15 pages
Book Review Winning Ugly
No ratings yet
Book Review Winning Ugly
3 pages
How Government Structure Encourages Criminal Violence: The Causes of Mexico's Drug War - Rios Viridiana (PHD Dissertation)
No ratings yet
How Government Structure Encourages Criminal Violence: The Causes of Mexico's Drug War - Rios Viridiana (PHD Dissertation)
233 pages
Project Management Guide
No ratings yet
Project Management Guide
26 pages
How Government Structure Encourages Criminal Violence: The Causes of Mexico's Drug War - Rios Viridiana (PHD Dissertation)
No ratings yet
How Government Structure Encourages Criminal Violence: The Causes of Mexico's Drug War - Rios Viridiana (PHD Dissertation)
233 pages
International Experience With Private Sector Participation in Power Grids
No ratings yet
International Experience With Private Sector Participation in Power Grids
43 pages
Where Do High Speed Tennis Serves Come From
No ratings yet
Where Do High Speed Tennis Serves Come From
10 pages
Learning RUP 7.0: The Exam
No ratings yet
Learning RUP 7.0: The Exam
4 pages
Steve Jobs: Innovator: The 7 Insanely Different Principles of Jobs' Breakthrough Success With Apple
No ratings yet
Steve Jobs: Innovator: The 7 Insanely Different Principles of Jobs' Breakthrough Success With Apple
10 pages
Self Reliance and Help Seeking Behavior in Mental Health1
No ratings yet
Self Reliance and Help Seeking Behavior in Mental Health1
30 pages
CHAPTER 4 - Data Management
No ratings yet
CHAPTER 4 - Data Management
23 pages
Unit 2: Collection of Data
No ratings yet
Unit 2: Collection of Data
23 pages
Descriptive Statistics Vs Inferential Statistics
No ratings yet
Descriptive Statistics Vs Inferential Statistics
8 pages
DLL Matatag - Mathematics 7 q3 w1
No ratings yet
DLL Matatag - Mathematics 7 q3 w1
14 pages
Report
No ratings yet
Report
34 pages
Contribution of School Management Strategies and Effective Supervision On in Secondary School in Iringa Municipality in Tanzania
No ratings yet
Contribution of School Management Strategies and Effective Supervision On in Secondary School in Iringa Municipality in Tanzania
11 pages
Feasibility Study2022 LACABO
No ratings yet
Feasibility Study2022 LACABO
24 pages
S2 Sampling Methods
No ratings yet
S2 Sampling Methods
17 pages
03 Secondary School Student's Academic Performance Self Esteem and School Environment An Empirical Assessment From Nigeria
No ratings yet
03 Secondary School Student's Academic Performance Self Esteem and School Environment An Empirical Assessment From Nigeria
10 pages
Research Proposal
No ratings yet
Research Proposal
9 pages
Sta101 Lecture Notes-1
No ratings yet
Sta101 Lecture Notes-1
53 pages
Scientific Writing:: The IMRAD Format
No ratings yet
Scientific Writing:: The IMRAD Format
41 pages
GAMAAN Iran Media Survey 2021 English Final
No ratings yet
GAMAAN Iran Media Survey 2021 English Final
23 pages
4th Quarter Lesson Plan Introduction in Statistics
No ratings yet
4th Quarter Lesson Plan Introduction in Statistics
5 pages
Caliper Profile Test Review
No ratings yet
Caliper Profile Test Review
19 pages
Project Proposal Defence
No ratings yet
Project Proposal Defence
21 pages
Marketing Research
No ratings yet
Marketing Research
17 pages
MATH 231-Reading Material For Biostatics
No ratings yet
MATH 231-Reading Material For Biostatics
94 pages
Level of Preparedness and Response FINAL OUTPUT
No ratings yet
Level of Preparedness and Response FINAL OUTPUT
30 pages
Literature Review
63% (8)
Literature Review
59 pages
Data Mining Notes C2
No ratings yet
Data Mining Notes C2
12 pages
Republic of the-WPS Office
No ratings yet
Republic of the-WPS Office
24 pages
OLA Proj
No ratings yet
OLA Proj
20 pages
Q2 CESC Module 3
100% (1)
Q2 CESC Module 3
18 pages
Sampling 2023
No ratings yet
Sampling 2023
63 pages
Point Estimate of Population Mean
100% (2)
Point Estimate of Population Mean
2 pages
Magaret-Mary's Chapter 3
No ratings yet
Magaret-Mary's Chapter 3
7 pages

IS A P 1.1: Udit Rocess

Uploaded by

IS A P 1.1: Udit Rocess

Uploaded by

CISA2009Answers

You might also like