What is the primary objective of a control self-assessment (CSA) program?
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial
evaluation of the controls, they conclude that control risks are within the acceptable limits. True or
As compared to understanding an organization’s IT process from evidence directly collected, how
valuable are prior audit reports as evidence?
What is the PRIMARY purpose of audit trails?
How does the process of systems auditing benefit from using a risk-based approach to audit
After an IS auditor has identified threats and potential impacts, the auditor should:
The use of statistical sampling procedures helps minimize:
What type of risk results when an IS auditor uses an inadequate test procedure and concludes
that material errors do not exist when errors actually exist?
A primary benefit derived from an organization employing control self-assessment (CSA)
techniques is that it can:
What type of approach to the development of organizational policies is often driven by risk