Section: Protection of Information Assets
Explanation:
One of the main objectives of an audit is to identify potential risks; therefore, the most proactive approach
would be to identify and evaluate the existing security practices being followed by the organization. IS
auditors should not prepare documentation, as doing so could jeopardize their independence. Terminating
the audit may prevent achieving one of the basic audit objectives, i.e., identification of potential risks. Since
there are no documented procedures, there is no basis against which to test compliance.

Explanation
The type of risk that would most influence the selection of a sampling methodology is detection risk (option D). This is because:
Detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion1. Detection risk depends on the effectiveness of the audit procedures and how well they are applied by the auditor1.
The selection of a sampling methodology is part of the design of audit procedures, which aims to reduce detection risk to an acceptable level1. The auditor should consider the following factors when selecting a sampling methodology23:
The objectives of the audit procedure and the related assertions.
The characteristics of the population from which the sample will be drawn, such as its size, homogeneity, and structure.
The sampling technique to be used, such as random, systematic, haphazard, or judgmental.
The sample size and the method of selecting sample items.
The evaluation of the sample results and the projection of errors to the population.
The auditor should also consider the advantages and disadvantages of different sampling methodologies, such as statistical and non-statistical sampling23. Statistical sampling is a sampling technique that uses random selection and probability theory to evaluate sample results. Non-statistical sampling is a sampling technique that does not use random selection or probability theory to evaluate sample results. Some of the advantages and disadvantages are as follows23:
Statistical sampling allows the auditor to measure and control sampling risk, which is the risk that the sample is not representative of the population. Statistical sampling also allows the auditor to quantify the precision and reliability of the sample results. However, statistical sampling requires more technical knowledge and skills, as well as more time and cost, than non-statistical sampling.
Non-statistical sampling relies on the auditor's professional judgment and experience to select and evaluate sample items. Non-statistical sampling is more flexible and less complex than statistical sampling. However, non-statistical sampling does not provide an objective basis for measuring and controlling sampling risk, nor does it allow the auditor to quantify the precision and reliability of the sample results.
Therefore, the type of risk that would most influence the selection of a sampling methodology is detection risk (option D), as it determines how effective and efficient the audit procedures should be in order to provide sufficient appropriate audit evidence.
References: 1: Audit Sampling - Overview, Purpose, Importance, and Types 2: Audit Sampling | Auditing and Attestation | CPA Exam FAR 3: Audit Sampling | ACCA Qualification | Students | ACCA Global

Section: Protection of Information Assets

Section: Protection of Information Assets
Explanation:
Wi-Fi Protected Access (WPA / WPA2) is a class of systems to secure wireless computer networks. It implements the majority of the IEEE 802.11i standard, and is designed to work with all wireless network interface cards (but not necessarily with first generation wireless access points). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.

Section: Information System Acquisition, Development and Implementation Explanation:
The best way to prevent and detect software license violations is to regularly scan used PCs, either from the LAN or directly, to ensure that unauthorized copies of software have not been loaded on the PC.
Other options are not detective.
A corporate policy is not necessarily enforced and followed by all employees.
Software can be installed from other means than floppies or CD-ROMs (from a LAN or even downloaded from the Internet) and software metering only concerns applications that are registered.
Reference: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 108).