Certified Information Systems Auditor (CISA) — Question 1338

An IS auditor is verifying the adequacy of an organization's internal controls and is concerned about potential circumvention of regulations. Which of the following is the BEST sampling method to use?

Answer options

• A. Cluster sampling
• B. Attribute sampling
• C. Random sampling
• D. Variable sampling

Correct answer: B

Explanation

Attribute sampling is the most suitable method in this scenario because it allows the auditor to determine the presence or absence of specific attributes, which is critical for verifying compliance with regulations. The other methods, such as cluster and variable sampling, do not focus on the attribute aspects necessary for assessing internal controls effectively.