CISA Domain 1B Practice Test 001

This practice test covers Domain 1 (Information Systems Auditing Process) Subdomain B (Execution) from the CISA exam content outline.

These questions are inspired by the ISACA CISA exam and are designed to help you test your knowledge of information systems auditing, governance, risk management, IT operations, business resilience, and information asset protection.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the audit judgment, control evaluation, and risk-based decision-making skills tested in the CISA exam.

Note: CISA and Certified Information Systems Auditor are registered trademarks of ISACA. This content is not affiliated with or endorsed by ISACA.

To choose CISA practice tests based on specific domains and subdomains, click that link.

CISA Practice Test — 1B (Execution)
10 questions • Single best answer
Question 1
During fieldwork on an internal audit of a manufacturing firm's procurement system, the auditor finds the approved scope omits a newly integrated supplier portal that processes material payments. What should the IS auditor do FIRST?
    Question 2
    An IS auditor testing access controls wants to conclude on the rate of exceptions where terminated users retained active accounts. Which sampling approach is MOST appropriate?
      Question 3
      While verifying whether a control operated during the year, an IS auditor considers several sources. Which of the following is the BEST audit evidence?
        Question 4
        An IS auditor uses data analytics to analyze the full population of vendor payments rather than a sample. Which is the PRIMARY benefit of this approach?
          Question 5
          After completing testing, an IS auditor drafts findings and prepares to communicate results. To promote agreement and corrective action, what should the auditor do BEFORE issuing the final report?
            Question 6
            A quality assurance review of the internal audit function finds that workpapers frequently lack evidence of supervisory review before reports are issued. Which risk is MOST significant?
              Question 7
              An audit manager reviews an engagement running behind schedule with several planned tests incomplete. Applying project management to the audit, what is the BEST course of action?
                Question 8
                An IS auditor observes an employee performing a monthly reconciliation and also inspects the signed reconciliation records for prior months. Why is combining these techniques MOST appropriate?
                  Question 9
                  Six months after an audit, an IS auditor conducts follow-up on a high-risk finding management agreed to remediate. Management states the fix is complete. What should the auditor do to conclude MOST reliably?
                    Question 10
                    An IS auditor performing data analytics on payroll finds 400 records flagged as duplicates. Before reporting a control weakness, what should the auditor do FIRST?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top