CISA Domain 1A-3 Practice Test 001

This practice test covers Domain 1 (Information Systems Auditing Process) Subdomain A-3 (Risk-Based Audit Planning) from the CISA exam content outline.

These questions are inspired by the ISACA CISA exam and are designed to help you test your knowledge of information systems auditing, governance, risk management, IT operations, business resilience, and information asset protection.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the audit judgment, control evaluation, and risk-based decision-making skills tested in the CISA exam.

Note: CISA and Certified Information Systems Auditor are registered trademarks of ISACA. This content is not affiliated with or endorsed by ISACA.

To choose CISA practice tests based on specific domains and subdomains, click that link.

CISA 1A-3 Risk-Based Audit Planning Practice Test 001
10 questions • Single best answer
Question 1
An audit manager is developing the annual IS audit plan for a multinational manufacturing enterprise with limited audit resources. Several business units request coverage, but not every area can be examined this year. Which factor should MOST influence how the manager prioritizes engagements across the audit universe?
    Question 2
    During annual planning, an IS auditor at a regional bank must decide where to focus limited assurance efforts across dozens of applications and processes. The auditor wants the plan to reflect where control failures would most threaten the bank. What is the PRIMARY purpose of performing a risk assessment during audit planning?
      Question 3
      An IS auditor is assessing a newly deployed customer-facing application before deciding whether to include it in the annual plan. The application has no prior audit history and management has not yet implemented monitoring controls. Which type of risk is the auditor PRIMARILY evaluating when considering the exposure that exists before any controls are applied?
        Question 4
        An IS audit function is transitioning from a rotational, coverage-based approach to a risk-based planning model. The chief audit executive wants the new annual plan to steer resources toward the greatest exposures. What should the audit team do FIRST when building the risk-based plan?
          Question 5
          While preparing the annual IS audit plan, an auditor finds the organization maintains a mature enterprise risk management program with a documented risk register. Management asks why audit does not simply adopt the register as the plan. Which is the BEST reason for audit to leverage, but not fully rely on, the ERM risk register?
            Question 6
            Midway through the year, a financial services firm adopts a new cloud-based core banking system that was not contemplated in the approved annual IS audit plan. The change introduces significant new exposure. What is the audit manager's BEST course of action regarding the existing risk-based audit plan?
              Question 7
              An IS auditor is ranking systems in the audit universe by risk. Two systems process comparable data volumes, but one supports regulatory financial reporting while the other supports internal marketing analytics. Which characteristic MOST justifies assigning a higher risk rating to the financial reporting system?
                Question 8
                When developing a risk-based audit plan, an IS auditor must weigh the potential financial and operational impact of each auditable area. A junior team member asks how the concept of materiality applies at the planning stage rather than during reporting. Which statement BEST describes the role of materiality in risk-based audit planning?
                  Question 9
                  A newly appointed chief audit executive completes a risk-based annual IS audit plan for a healthcare organization. Before fieldwork begins, a colleague questions who should formally review and approve the plan. To support audit independence and sound governance, which party should approve the annual audit plan?
                    Question 10
                    An IS auditor evaluating two systems notes that both carry similar inherent risk, but one has strong, independently tested controls while the other's controls have never been tested. With limited resources, which system generally warrants greater audit attention in a risk-based plan, and why?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top