Certified Information Systems Auditor 2025 – 400 Free Practice Questions to Pass the Exam

Attribute sampling is a statistical method used in auditing to determine the presence or absence of certain characteristics or attributes within a specific population of transactions. In the context of an IS audit, its primary purpose is to test the compliance of transactions against established controls.

When auditors perform attribute sampling, they select a sample of transactions and evaluate them to see if they comply with predetermined control criteria. For example, if a control requires that all changes to the system must be approved by a manager, attribute sampling helps auditors confirm whether this control is being followed by checking a sample of changes for the appropriate approvals. This approach allows auditors to draw conclusions about the effectiveness of controls over the entire population based on the sample analyzed.

The other options, while relevant to IS audits, do not directly relate to the primary function of attribute sampling. Assessing IT governance and evaluating overall security postures involve broader evaluations and may not specifically rely on the methodology of attribute sampling. Determining system performance metrics focuses more on measuring efficiency and effectiveness rather than compliance with controls. Therefore, the focus of attribute sampling on ensuring compliance with control measures makes it a crucial aspect of IS audit procedures.