2012年4月 CISA 英文模拟试卷三套.docVIP

Sheet 1(46 Questions and Answers) 1. When planning an IS audit, which of the following factors is least likely to be relevant to the scope of the engagement? A. The concerns of management for ensuring that controls are sufficient and working properly B. The amount of controls currently in place C. The type of business, management culture, and risk tolerance D. The complexity of the technology used by the business in performing the business functions Answer: B The correct answer is B. How many controls are in place has little bearing on what the scope of the audit should be. Scope is a definition of what should be covered in the audit. What management is concerned about (A), what the management risk environment is (C), and how complex the technical environment is (D) could all have an impact of what the scope of a particular audit might be but not the shear number of controls. 2. Which of the following best describes how a CISA should treat guidance from the IS audit standards? A. IS audit standards are to be treated as guidelines for building binding audit work when applicable. B. A CISA should provide input to the audit process when defendable audit work is required. C. IS audit standards are mandatory requirements, unless justification exists for deviating from the standards. D. IS audit standards are necessary only when regulatory or legal requirements dictate that they must be applied. Answer: C The correct answer is C. IS audit standards are mandatory to flow at all times unless justification exists for deviating from them. Complying with standards is one of the tenants of the IS Audit Code of Ethics and is not a guideline (A), does not apply only when the work needs to be defendable (B), or when regulatory or legal issues are involved (D). 3. Which of the following is not a guideline published for giving direction to IS auditors? A. The IT auditors role in dealing with illegal acts and irregularities B. Third-party service providers effect on IT controls C. Au