The following questions and answers are a sample of what the CISA exam content might look like on the subject matter covered in this chapter. The format, style, and layout of the question and answer choices should give you a better understanding of the exam question format. In addition, it should enable you to become comfortable with the multiple choice style, where the best answer must be chosen from a set of four answers, some of which also may be technically correct. Answers are provided with explanations on the right and wrong answers in Appendix A, which will help you understand the intent of the question and the correct response.
When planning an IS audit, which of the following factors is least likely to be relevant to the scope of the engagement?
The concerns of management for ensuring that controls are sufficient and working properly
The amount of controls currently in place
The type of business, management culture, and risk tolerance
The complexity of the technology used by the business in performing the business functions
Which of the following best describes how a CISA should treat guidance from the IS audit standards?
IS audit standards are to be treated as guidelines for building binding audit work when applicable.
A CISA should provide input to the audit process when defendable audit work is required.
IS audit standards are mandatory requirements, unless justification exists for deviating from the standards.
IS audit standards are necessary only when ...