CISA Domain 3A Practice Test 001

This practice test covers Domain 3 (Information Systems Acquisition, Development & Implementation) Subdomain A (Information Systems Acquisition and Development) from the CISA exam content outline.

These questions are inspired by the ISACA CISA exam and are designed to help you test your knowledge of information systems auditing, governance, risk management, IT operations, business resilience, and information asset protection.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the audit judgment, control evaluation, and risk-based decision-making skills tested in the CISA exam.

Note: CISA and Certified Information Systems Auditor are registered trademarks of ISACA. This content is not affiliated with or endorsed by ISACA.

To choose CISA practice tests based on specific domains and subdomains, click that link.

CISA Practice Test — 3A (Information Systems Acquisition and Development)
10 questions • Single best answer
Question 1
An IS auditor is reviewing the governance of a new digital banking platform under development at a retail bank. The project has no steering committee, and scope decisions are made solely by the vendor's project manager. Which of the following is the auditor's MOST significant concern?
    Question 2
    During the initiation phase of an ERP replacement at a public utility, an IS auditor notes that the approved business case quantifies expected benefits but omits any analysis of alternative solutions or the option of not proceeding. Which conclusion is MOST appropriate regarding the business case?
      Question 3
      A post-design review of a claims-processing system at an insurance company finds that application controls were not identified until user acceptance testing began, well after requirements and design were finalized. Which of the following BEST describes the primary risk introduced by identifying controls this late?
        Question 4
        An IS auditor is evaluating an agile development project at a logistics firm where product requirements evolve during each sprint. Management is concerned that the iterative approach may weaken the control environment. Which recommendation is MOST appropriate to preserve control while retaining the flexibility of the agile method?
          Question 5
          During an audit of a government payroll system project, an IS auditor observes that the project is 40% over budget and several months behind schedule, yet the status reports submitted to the steering committee consistently show an overall green rating. What should the auditor do FIRST?
            Question 6
            An IS auditor is assessing whether user requirements were adequately defined during the early stages of a project to build a new hospital appointment scheduling system. Which of the following would provide the BEST evidence that the requirements were properly established and formally agreed by stakeholders?
              Question 7
              During the design phase of a procurement system at a construction company, an IS auditor finds that the same automated workflow permits a requester to both raise and approve purchase orders that exceed the standard approval limit. Which of the following findings is MOST significant?
                Question 8
                A national retailer is acquiring a packaged point-of-sale solution from a vendor rather than building the system in-house. An IS auditor is reviewing the acquisition process. Which of the following activities provides the BEST assurance that the selected package will meet the organization's functional and control requirements?
                  Question 9
                  An IS auditor reviewing a multi-year core banking system replacement finds that no single party has been made accountable for realizing the project's expected business benefits once the system goes live and the project is formally closed. Which of the following recommendations is MOST appropriate to address this gap?
                    Question 10
                    During an audit of a customer self-service portal built using rapid prototyping, an IS auditor notes that the approved prototype was promoted directly into the production environment without further development or testing work. Which of the following is the auditor's GREATEST concern regarding this approach to deployment?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top