An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when:
A. the probability of error must be objectively quantified.
B. the auditor wants to avoid sampling risk.
C. generalized audit software is unavailable.
D. the tolerable error rate cannot be determined.
- 1 Answers
- 6851 Views
- I also Faced
- E-Mail Answers
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when:
Correct A.
the probability of error must be objectively quantified.
B.
the auditor wants to avoid sampling risk.
C.
generalized audit software is unavailable.
D.
the tolerable error rate cannot be determined.
You are correct, the answer is A.
A. Given an expected error rate and confidence level, statistical sampling is an objective method of sampling, which helps an IS auditor determine the sample size and quantify the probability of error (confidence coefficient).
B. Sampling risk is the risk of a sample not being representative of the population. This risk exists for both judgment and statistical samples.
C. Statistical sampling can use generalized audit software, but it is not required.
D. The tolerable error rate must be predetermined for both judgment and statistical sampling.
Question #: 29 CISA Job Practice Task Statement: 1.2
| Is This Answer Correct ? | 5 Yes | 0 No |
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
Which of the following concerns about the security of an electronic message would be addressed by digital signatures? A. Unauthorized reading B. Theft C. Unauthorized copying D. Alteration
Which of the following is a function of an IS steering committee? A. Monitoring vendor controlled change control and testing B. Ensuring a separation of duties within the information's processing environment C. Approving and monitoring major projects, the status of IS plans and budgets D. Responsible for liaison between the IS department and the end users
An IS auditor's MAJOR concern as a result of reviewing a business process reengineering (BPR) project should be whether the: A. newly designed business process has key controls in place. B. changed process will affect organization structure, finances and personnel. C. roles for suppliers have been redefined. D. process has been documented before and after reengineering.
The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.
An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review? A. Controls are implemented based on cost-benefit analysis. B. The risk management framework is based on global standards. C. The approval process for risk response is in place. D. IT risk is presented in business terms.
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.
During which phase of a system development process should an IS auditor first raise the issue of application controls? A. Construction B. System design C. Acceptance testing D. Functional specification
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when: A. a firewall exists. B. a secure web connection is used. C. the source of the executable is certain. D. the host website is part of your organization.
Cisco Certifications 
