Professional Documents
Culture Documents
Nro Question
Page 1
Questionary
Page 2
Questionary
Page 3
Questionary
Options
A. Empowers the user to take ownership and accountability
B. Eliminates the need for a traditional audit
C. May be used to identify high‐risk areas for later review
D. Will not have the level of independence provided by an
external auditor
A. Auditor
B. Client
C. Audit manager
D. Auditee
A. Skills matrix
B. Procurement matrix
C. Task matrix
D. Activities matrix
A. Detailed list of audit objectives
B. The need by the current auditor to communicate with the
prior auditor
C. Communicating results directly to the chairperson of the
audit committee
D. Undue restrictions placed by management on evidence use
or audit procedures
A. Standards are designed for discretionary use.
B. Deviation is almost unheard of and would require significant
justification.
C. Deviation depends on the authority granted in the audit
charter.
D. The unique characteristics of the client will require auditor
flexibility.
A. Attribute
B. Stop‐and‐go
C. Cell
D. Discovery
A. Control, detection, noncompliance, risk of strike
B. Inherent, noninherent, control, lack of control
C. Sampling, control, detection, inherent
D. Unknown, quantifiable, cumulative
Page 4
Questionary
A. Qualified audit
B. Independent assessment
C. Control self‐assessment
D. Traditional audit
Page 5
Questionary
A. Precision
B. Tolerable error rate
C. Level of risk
D. Analytic delta
A. Audit charter
B. Annual audit plan
C. Engagement letter
D. Auditor’s report
A. Effective implementation of multiple controls targeting the
same objective
B. Preventive control that stops the problem from ever
occurring
C. Using at least one control in each of the three categories of
detective, corrective, and preventive
D. Implementing comprehensive pervasive controls inside of an
ERP application
A. Overall audit risk
B. Detection risk
C. Inherent risk
D. Control risk
A. Surveys that create a broad sample
B. Review of existing documentation
C. Auditor observation
D. Interviews
A. Disregard or ignore the finding because this is beyond the
scope of this review
B. Conduct a detailed investigation to aid the authorities in
catching the culprit
C. Immediately notify the auditee of the finding
D. Seek legal advice before finishing the audit
Page 6
Questionary
Answer
Client
Skills matrix
Discovery
Page 7
Questionary
Traditional audit
Page 8
Questionary
Precision
Engagement letter
Detection risk
Interviews
Page 9
Questionary
Justification
Page 10
Questionary
The auditor should never base the decision on the job position
of the other person. All of the other choices are vague but
truthful. Always assess the independence of the provider, check
their qualifications, agree on scope and procedures used, and
supervise and review their work. Don’t use it if the results are
questionable or fail to follow very high adherence to audit
standards.
Traditional independent audits are conducted with formality and
adherence to standards necessary for regulatory licensing and
external reporting. It’s true that there is always a shady auditor
ready to lie for a client. The world expects an independent audit
to be conducted by a qualified auditor representing a high
degree of truth. Assessments are too informal and therefore
can be used only internally in the
organization.
Page 11
Questionary
Page 12
Examen Essentials
Page 13
Examen Essentials
Be
Familiar with IS control objectives and performing
14
control assessment.
Page 14
Examen Essentials
Description
You are expected to follow published audit standards to ensure
thoroughness and consistency. Deviations from standards and
guidelines is rare. Any deviation must be well documented, but
results may not be accepted by the audit
community. The purpose of best practices is to aid you by
identifying useful procedures and techniques. Design every
audit to adhere to standards.
Continuous audit methods such as audit hooks or SCARF with
embedded audit modules (SCARF/EAM) are used in
environments where it is not possible to interrupt production.
It is unlikely that an auditor could be truly independent if the
auditor were involved with the subject of the audit. Auditor
independence is an additional assurance of truth.
Control self‐assessments are designed to empower the
customer’s staff. The intention is to generate awareness and
ownership of problems. A control self‐assessment is an
excellent way to improve the performance of an organization
between traditional audits. The traditional audit is still necessary
to the independence requirement.
Focus on areas of high value. The risk assessment will help to
determine whether the audit will yield meaningful information.
Certain types of conditions may be difficult to audit. The audit
must be based on meaningful evidence that is materially
relevant.
Well‐established IS auditing procedures
ensure thoroughness and consistency necessary for a
successful audit. Good audits will implement a well‐thought‐out
sequence of procedures to evaluate materially relevant
samples. ISACA provides foundation knowledge that should
you implement during your audit. Effective sample selection of
meaningful tests should yield materially relevant results.
Computer‐assisted audit tools are software tools that can
provide detailed analysis of computer systems configuration,
vulnerability, logs, and other information. The CAAT output
should be kept confidential because of the potentially sensitive
nature of its contents.
You can collect information through traditional sources of
business records, computer data files, and CAAT. Meaningful
information can be obtained through personal interviews,
workshops, and surveys. All information and evidence should
be recorded and tracked. The evidence life cycle consists of
identification, collection, preservation, analysis, safe storage,
and finally its return to the owner. Evidence used for criminal
prosecution must be handled with the highest degree of care.
Evidence that is mishandled will void legal claims and may
result in punitive legal action.
The best evidence will tell its own story. The best evidence will
prove or disprove a point. The best evidence is both objective
and independent. The timing of evidence must be considered
when calculating its useful value. Evidence that is late and
subjective will be of low value. Material evidence will have a
bearing on the final outcome. Irrelevant evidence will not affect
the final decision.
Page 15
Examen Essentials
Page 16