CISA Domain 1A-1 Practice Test 001

This practice test covers Domain 1 (Information Systems Auditing Process) Subdomain A-1 (Audit Standards, Guidelines, and Codes of Ethics) from the CISA exam content outline.

These questions are inspired by the ISACA CISA exam and are designed to help you test your knowledge of information systems auditing, governance, risk management, IT operations, business resilience, and information asset protection.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the audit judgment, control evaluation, and risk-based decision-making skills tested in the CISA exam.

Note: CISA and Certified Information Systems Auditor are registered trademarks of ISACA. This content is not affiliated with or endorsed by ISACA.

To choose CISA practice tests based on specific domains and subdomains, click that link.

CISA 1A-1 IS Audit Standards, Guidelines, and Codes of Ethics Practice Test 001
10 questions • Single best answer
Question 1
An IS auditor is assigned to review the change management controls of an application they personally helped configure while temporarily assigned to the IT department last year. The audit committee is unaware of this prior involvement. According to ISACA IS Audit Standards, what should the auditor do FIRST?
    Question 2
    An IS auditor and a colleague disagree about whether ISACA IS Audit and Assurance Guidelines carry the same obligation as the Standards during a complex cloud engagement with limited precedent. The audit manager asks for clarification before fieldwork begins. Which statement BEST describes the distinction the auditor should apply?
      Question 3
      A healthcare organization's IS auditor is pressured by management to complete a compliance review quickly ahead of a board meeting. To save time, the auditor considers relying solely on management's verbal assurances rather than testing the relevant controls. Which ISACA principle is MOST directly at risk of being compromised?
        Question 4
        During a government agency audit, an IS auditor accepts screenshots supplied by the system administrator as the primary support for a conclusion on user access controls. A peer questions the strength of this evidence. Under ISACA evidence standards, which action would BEST improve the reliability of the audit conclusion?
          Question 5
          An IS auditor completing an engagement at a financial services firm is approached at a conference by an acquaintance from a competitor who asks about weaknesses discovered during the audit. The engagement has recently concluded. Based on the ISACA Code of Professional Ethics, what is the auditor's BEST course of action?
            Question 6
            An IS audit team is assigned to evaluate the security configuration of a specialized industrial control system, but no team member has relevant expertise in that technology and the engagement deadline is fixed. In line with ISACA standards on proficiency and competence, what should the audit manager do FIRST?
              Question 7
              After completing testing, an IS auditor identifies a significant control weakness, but the business unit manager asks that it be omitted from the report because remediation is already planned. The weakness remained unaddressed during the audit period. According to ISACA reporting standards, what should the auditor do?
                Question 8
                A newly formed internal audit function at an enterprise IT company begins scheduling engagements, but no formal document defines its authority, scope, and responsibility. The head of audit is uncertain of the function's mandate. According to ISACA standards, which document should be established FIRST to address this gap?
                  Question 9
                  While auditing a cloud service provider engaged by their employer, an IS auditor is offered a substantial gift by the vendor shortly before finalizing conclusions. The gift could be perceived as influencing the audit outcome. Based on the ISACA Code of Professional Ethics, what is the auditor's MOST appropriate action?
                    Question 10
                    An IS auditor finds that management has restricted access to key system records needed to complete testing of a critical financial application. The restriction prevents the auditor from forming a conclusion on part of the defined scope. According to ISACA standards, what should the auditor do?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top