Here are the answers to the questions in Chapter 1:
When planning an IS audit, which of the following factors is least likely to be relevant to the scope of the engagement?
The concerns of management for ensuring that controls are sufficient and working properly
The amount of controls currently in place
The type of business, management, culture, and risk tolerance
The complexity of the technology used by the business in performing the business functions
The correct answer is B. How many controls are in place has little bearing on what the scope of the audit should be. Scope is a definition of what should be covered in the audit. What management is concerned about (A), what the management risk environment is (C), and how complex the technical environment is (D) could all have an impact of what the scope of a particular audit might be but not the shear number of controls.
Which of the following best describes how a CISA should treat guidance from the IS audit standards?
IS audit standards are to be treated as guidelines for building binding audit work when applicable.
A CISA should provide input to the audit process when defendable audit work is required.
IS audit standards are mandatory requirements, unless justification exists for deviating from the standards.
IS audit standards are necessary only when regulatory or legal requirements dictate that they must be applied.
The correct answer is C. IS audit standards are mandatory to flow ...