1. Categories >> Certifications >> CISA Certification
  2. Suggest New Category

The FIRST task an IS auditor should complete when performing
an audit in an unfamiliar area is to:

A. design the audit programs for each system or function
involved.

B. develop a set of compliance tests and substantive tests.

C. gather background information pertinent to the new audit.

D. assign human and economical resources.

Question Posted / guest


The FIRST task an IS auditor should complete when performing an audit in an unfamiliar area is to: ..

Answer / guest

Answer: C

Proper planning is the necessary first step in performing
effective audits. The IS auditor's first task should be to
gather background information, such as business sector,
applied benchmarks, specific trends and regulatory and legal
requirements. This will allow the auditor to better
understand what to audit. After gathering initial
information, the auditor would then identify the audit
subject and audit objectives, define the scope, establish
the information systems and functions involved, and identify
the needed resources.

Is This Answer Correct ?    3 Yes 0 No

Post New Answer

More CISA Certification Interview Questions

The window of time recovery of information processing capabilities is based on the: A. criticality of the processes affected. B. quality of the data to be processed. C. nature of the disaster. D. applications that are mainframe based.

1 Answers  

While reviewing an ongoing project, the IS auditor notes that the development team has spent eight hours of activity on the first day against a budget of 24 hours (over three days). The projected time to complete the remainder of the activity is 20 hours. The IS auditor should report that the project: A. is behind schedule. B. is ahead of schedule. C. is on schedule. D. cannot be evaluated until the activity is completed.

1 Answers  

With reference to the risk management process, which of the following statements is correct? A. Vulnerabilities can be exploited by a threat. B. Vulnerabilities are events with the potential to cause harm to IS resources. C. Vulnerability exists because of threats associated with use of information resources. D. Lack of user knowledge is an example of a threat.

1 Answers  

Classification of information systems is essential in business continuity planning. Which of the following system types can not be replaced by manual methods? A. Critical system B. Vital system C. Sensitive system D. Non-critical system

1 Answers  

An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.

1 Answers  




Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review

1 Answers  

Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to: A. send and reconcile transaction counts and totals. B. have data transmitted back to the local site for comparison. C. compare data communications protocols with parity checking. D. track and account for the numerical sequence of sales orders at the production facility.

1 Answers  

Which of the following can consume valuable network bandwidth? A. Trojan horses B. Trap doors C. Worms D. Vaccines

1 Answers  

A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.

1 Answers  

Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.

3 Answers   CISA,

Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report

2 Answers  

The technique used to ensure security in virtual private networks (VPNs) is: A. encapsulation. B. wrapping. C. transform. D. encryption.

1 Answers  

For more CISA Certification Interview Questions Click Here
Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)