The extent to which data will be collected during an IS audit should be determined based on the:

While planning an audit, an assessment of risk should be made to provide:

An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:

During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:

When selecting audit procedures, an IS auditor should use professional judgment to ensure that:

An IS auditor evaluating logical access controls should FIRST:

The PRIMARY purpose of an IT forensic audit is:

An IS auditor is performing an audit of a remotely managed server backup. The IS auditor reviews the logs for one day and finds one case where logging on a server has failed with the result that backup restarts cannot be confirmed. What should the auditor do?

In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?

An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern?