CISA Domain 1A-2 Practice Test 001

This practice test covers Domain 1 (Information Systems Auditing Process) Subdomain A-2(Types of Audits, Assessments, and Reviews) from the CISA exam content outline.

These questions are inspired by the ISACA CISA exam and are designed to help you test your knowledge of information systems auditing, governance, risk management, IT operations, business resilience, and information asset protection.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the audit judgment, control evaluation, and risk-based decision-making skills tested in the CISA exam.

Note: CISA and Certified Information Systems Auditor are registered trademarks of ISACA. This content is not affiliated with or endorsed by ISACA.

To choose CISA practice tests based on specific domains and subdomains, click that link.

CISA 1A-2 Types of Audits, Assessments, and Reviews Practice Test 001
10 questions • Single best answer
Question 1
A SaaS payment processor must give its customers' external auditors assurance that its internal controls over financial reporting operated effectively throughout a defined six-month period. Management wants a report on which those user auditors can rely for their own financial statement engagements. Which type of engagement BEST meets this requirement?
    Question 2
    An organization's management requests an engagement that provides only limited assurance and involves less testing than a full audit, primarily to obtain a moderate level of confidence at reduced cost. The results will be shared internally with the board rather than issued publicly. Which type of engagement is management MOST likely describing?
      Question 3
      During planning, an IS auditor is asked to evaluate both the financial reporting controls and the supporting application and IT general controls within a single coordinated engagement, so that the resulting conclusions address business and technology risks together. Which type of audit BEST describes this combined approach?
        Question 4
        A financial institution suspects an employee manipulated transaction records to conceal unauthorized wire transfers over several months. Management needs an engagement that identifies how the manipulation occurred and preserves evidence to a standard suitable for potential legal proceedings and disciplinary action. Which type of audit is MOST appropriate?
          Question 5
          A healthcare provider must demonstrate to a government regulator that its handling of protected health information adheres to specific statutory requirements. The engagement will test whether defined legal rules are being followed rather than whether operations are efficient or financial statements are accurate. Which type of audit BEST fits this objective?
            Question 6
            A cloud storage vendor's enterprise customers want independent assurance over the security, availability, and confidentiality of the hosted platform rather than over controls affecting financial reporting. The vendor wants a widely recognized attestation report containing detailed control test results. Which report BEST addresses the customers' concerns?
              Question 7
              An audit manager wants business process owners to identify and evaluate the risks and controls within their own areas through facilitated workshops, supplementing the annual internal audit. The objective is to increase control ownership and surface issues earlier in the year. Which approach is MOST appropriate?
                Question 8
                An IS auditor reviewing an outsourced payroll provider relies on a SOC 1 Type 1 report to conclude that the provider's controls operated effectively throughout the entire financial year. Before finalizing this reliance, which concern about the report is MOST significant to the audit conclusion?
                  Question 9
                  Management asks an external firm to perform a set of specific, predefined tests on the quarterly user access recertification listings and to report only the factual results, without expressing an overall opinion or conclusion. Stakeholders will interpret the findings themselves. Which type of engagement is being described?
                    Question 10
                    A manufacturing company's leadership wants an engagement focused on whether the IT service desk operates efficiently and economically and whether its processes achieve their intended objectives, rather than on regulatory compliance or the accuracy of financial statements. Which type of audit is MOST appropriate for this purpose?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top