An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when:

A. the probability of error must be objectively quantified.

B. the auditor wants to avoid sampling risk.

C. generalized audit software is unavailable.

D. the tolerable error rate cannot be determined.



An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: ..

Answer / chatter

An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when:

Correct A.
the probability of error must be objectively quantified.

B.
the auditor wants to avoid sampling risk.

C.
generalized audit software is unavailable.

D.
the tolerable error rate cannot be determined.

You are correct, the answer is A.

A. Given an expected error rate and confidence level, statistical sampling is an objective method of sampling, which helps an IS auditor determine the sample size and quantify the probability of error (confidence coefficient).

B. Sampling risk is the risk of a sample not being representative of the population. This risk exists for both judgment and statistical samples.

C. Statistical sampling can use generalized audit software, but it is not required.

D. The tolerable error rate must be predetermined for both judgment and statistical sampling.

Question #: 29 CISA Job Practice Task Statement: 1.2

Is This Answer Correct ?    5 Yes 0 No

Post New Answer

More CISA Certification Interview Questions

A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.

2 Answers  


52. Which of the following tests confirm that the new system can operate in its target environment?

1 Answers  


An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error

2 Answers  


An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.

1 Answers   CISA,


The window of time recovery of information processing capabilities is based on the: A. criticality of the processes affected. B. quality of the data to be processed. C. nature of the disaster. D. applications that are mainframe based.

1 Answers  






Which of the following development methods uses a prototype that can be updated continually to meet changing user or business requirements? A. Data-oriented development (DOD) B. Object-oriented development (OOD) C. Business process reengineering (BPR) D. Rapid application development (RAD)

1 Answers  


An organization has been an Internet user for several years and the business plan now calls for initiating e-commerce via web-based transactions. Which of the following will LEAST impact transactions in e-commerce? A. Encryption is required B. Timed authentication is required C. Firewall architecture hides the internal network D. Traffic is exchanged through the firewall at the application layer only

1 Answers  


WHICH OF THE FOLLOWING IS OFTEN AN ADVANTAGE OF USING PROTOTYPING GOR DYDTEM DVELOPMENT

0 Answers   TEC,


Which of the following audit procedures would an IS auditor normally perform FIRST when reviewing an organization's systems development methodology? A. Determine procedural adequacy. B. Analyze procedural effectiveness. C. Evaluate level of compliance with procedures. D. Compare established standards to observed procedures.

1 Answers  


In a web server, a common gateway interface (CGI) is MOST often used as a(n): A. consistent way for transferring data to the application program and back to the user. B. computer graphics imaging method for movies and TV. C. graphic user interface for web design. D. interface to access the private gateway domain.

1 Answers  


Which of the following would BEST support 24/7 availability? A. Daily backup B. Offsite storage C. Mirroring D. Periodic testing

1 Answers  


Which of the following Internet security threats could compromise integrity? A. Theft of data from the client B. Exposure of network configuration information C. A trojan horse browser D. Eavesdropping on the net

2 Answers  


Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)