1. An IS auditor is reviewing access to an application to determine whether the 10 most
recent "new user" forms were correctly authorized. This is an example of:
A. variable sampling.
B. substantive testing.
C. compliance testing.
D. stop-or-go sampling.
Business Continuity and Disaster Recovery
Information Security Governance and Risk
Law, Regulations, Compliance and
Physical and Environmental Security
CISA Practice Questions from Exam Cram
1. If an organization chooses to implement a control self-assessment program, the
auditor should participate primarily as a:
C. Project leader
D. The auditor should not participate in the or
Latihan CISA Exam Chapter 2
1. An IS auditor should expect which of the following items to be included in the request for
(RFP) when IS is procuring services from an independent service provider (ISP)?
A References from other custom