CISA Domain 1A-4 Practice Test 001

This practice test covers Domain 1 (Information Systems Auditing Process) Subdomain A-4 (Types of Controls and Considerations) from the CISA exam content outline.

These questions are inspired by the ISACA CISA exam and are designed to help you test your knowledge of information systems auditing, governance, risk management, IT operations, business resilience, and information asset protection.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the audit judgment, control evaluation, and risk-based decision-making skills tested in the CISA exam.

Note: CISA and Certified Information Systems Auditor are registered trademarks of ISACA. This content is not affiliated with or endorsed by ISACA.

To choose CISA practice tests based on specific domains and subdomains, click that link.

CISA 1A-4 Types of Controls and Considerations Practice Test 001
10 questions • Single best answer
Question 1
During an audit of a retail e-commerce payment environment, an IS auditor notes that segregation of duties cannot be enforced because the small team lets one administrator both configure and approve system changes. Management points to a daily supervisory review of change logs. Which type of control is management relying on to address this exposure?
    Question 2
    A financial services firm is designing controls for a new online loan origination system and asks the audit team for input on the design. The team wants a control that would prevent unauthorized transactions from being entered rather than merely detect them after the fact. Which control is MOST appropriate to recommend?
      Question 3
      During a review of a hospital's electronic health record system, an IS auditor is assessing the mix of controls protecting patient data from inappropriate access. Several controls operate across the environment. Which of the following would function as a detective control rather than as a preventive control?
        Question 4
        An IS auditor is scoping a review of a logistics company's ERP system and must decide where to place reliance during the engagement. The auditor primarily wants assurance that completeness and accuracy are enforced within the specific accounts payable module. Which category of control is MOST directly relevant to that objective?
          Question 5
          An IS auditor plans to rely on automated application controls in a subscription billing system in order to reduce substantive testing. The controls appear well designed based on an initial walkthrough. Before concluding that such reliance is appropriate, which consideration is MOST important to the auditor's planning?
            Question 6
            During an audit of a government agency's legacy financial system, the IS auditor finds during fieldwork that a required preventive control is entirely absent, but management has implemented a manual reconciliation instead. Which factor should the auditor MOST consider when evaluating whether this compensating control is adequate?
              Question 7
              A post-implementation review at a media streaming company examines the controls that restore service and repair data integrity after a batch processing error corrupts customer records. The auditor wants to classify these controls accurately in the working papers. Which type of control is primarily being evaluated here?
                Question 8
                An IS auditor is comparing two controls that address the same risk of duplicate vendor payments: one is an automated system edit, and the other is a manual review performed by accounts staff. Assuming both are properly designed, which statement BEST reflects an audit consideration regarding control type?
                  Question 9
                  During planning for an audit of an insurance claims settlement process, the IS auditor has limited time and must decide which controls to test during the engagement. Many controls of varying importance operate across the process. To provide effective assurance efficiently, which controls should the auditor prioritize for testing?
                    Question 10
                    An IS auditor evaluating a payroll application observes strong detective controls but weak preventive controls, so processing errors are consistently caught only after payments have already been issued to employees. Considering this specific control design weakness, which recommendation is MOST appropriate for the auditor to make in the report?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top