CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 191
1. An IS auditor who was involved in designing an organization's business continuity plan(BCP) has been assigned to audit the plan. The IS auditor should:
A) decline the assignment.
B) inform management of the possible conflict of interest after completing the audit assignment.
C) inform the business continuity planning (BCP) team of the possible conflict of interest prior to beginning the assignment.
D) communicate the possibility of conflict of interest to management prior to starting the assignment.
2. An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?
A) Personally delete all copies of the unauthorized software.
B) Inform the auditee of the unauthorized software, and follow up to confirm deletion.
C) Report the use of the unauthorized software and the need to prevent recurrence to auditee management.
D) Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.
3. Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:
A) include the finding in the final report, because the IS auditor is responsible for an accurate report of all findings.
B) not include the finding in the final report, because the audit report should include only unresolved findings.
C) not include the finding in the final report, because corrective action can be verified by the IS auditor during the audit.
D) include the finding in the closing meeting for discussion purposes only.
4. During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should:
A) record the observations separately with the impact of each of them marked against each respective finding.
B) advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones.
C) record the observations and the risk arising from the collective weaknesses.
D) apprise the departmental heads concerned with each observation and properly document it in the report.
5. During an exit interview, in cases where there is disagreement regarding the impact of a finding, an IS auditor should:
A) ask the auditee to sign a release form accepting full legal responsibility.
B) elaborate on the significance of the finding and the risks of not correcting it.
C) report the disagreement to the audit committee for resolution.
D) accept the auditee's position since they are the process owners.
A) decline the assignment.
B) inform management of the possible conflict of interest after completing the audit assignment.
C) inform the business continuity planning (BCP) team of the possible conflict of interest prior to beginning the assignment.
D) communicate the possibility of conflict of interest to management prior to starting the assignment.
2. An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?
A) Personally delete all copies of the unauthorized software.
B) Inform the auditee of the unauthorized software, and follow up to confirm deletion.
C) Report the use of the unauthorized software and the need to prevent recurrence to auditee management.
D) Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.
3. Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:
A) include the finding in the final report, because the IS auditor is responsible for an accurate report of all findings.
B) not include the finding in the final report, because the audit report should include only unresolved findings.
C) not include the finding in the final report, because corrective action can be verified by the IS auditor during the audit.
D) include the finding in the closing meeting for discussion purposes only.
4. During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should:
A) record the observations separately with the impact of each of them marked against each respective finding.
B) advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones.
C) record the observations and the risk arising from the collective weaknesses.
D) apprise the departmental heads concerned with each observation and properly document it in the report.
5. During an exit interview, in cases where there is disagreement regarding the impact of a finding, an IS auditor should:
A) ask the auditee to sign a release form accepting full legal responsibility.
B) elaborate on the significance of the finding and the risks of not correcting it.
C) report the disagreement to the audit committee for resolution.
D) accept the auditee's position since they are the process owners.
1. Right Answer: D
Explanation: Communicating the possibility of a conflict of interest to management prior to starting the assignment is the correct answer. A possible conflict of interest, likely to affect the auditor's independence, should be brought to the attention of management prior to starting the assignment. Declining the assignment is not the correct answer because the assignment could be accepted after obtaining management approval. Informing management of the possible conflict of interest after completion of the audit assignment is not correct because approval should be obtained prior to commencement and not after the completion of the assignment.Informing the business continuity planning (BCP) team of the possible conflict of interest prior to starting of the assignment is not the correct answer since the BCP team would not have the authority to decide on this issue.
2. Right Answer: C
Explanation: The use of unauthorized or illegal software should be prohibited by an organization. Software piracy results in inherent exposure and can result in severe fines. AnIS auditor must convince the user and user management of the risk and the need to eliminate the risk. An IS auditor should not assume the role of the enforcing officer and take on any personal involvement in removing or deleting the unauthorized software.
3. Right Answer: A
Explanation: Including the finding in the final report is a generally accepted audit practice. If an action is taken after the audit started and before it ended, the audit report should identify the finding and describe the corrective action taken. An audit report should reflect the situation, as it existed at the start of the audit. All corrective actions taken by the auditee should be reported in writing.
4. Right Answer: C
Explanation: Individually the weaknesses are minor; however, together they have the potential to substantially weaken the overall control structure. Choices A and D reflect a failure on the part of an IS auditor to recognize the combined effect of the control weakness. Advising the local manager without reporting the facts and observations would conceal the findings from other stakeholders.
5. Right Answer: B
Explanation: If the auditee disagrees with the impact of a finding, it is important for an IS auditor to elaborate and clarify the risks and exposures, as the auditee may not fully appreciate the magnitude of the exposure. The goal should be to enlighten the auditee or uncover new information of which an IS auditor may not have been aware. Anything that appears to threaten the auditee will lessen effective communications and set up an adversarial relationship. By the same token, an IS auditor should not automatically agree just because the auditee expresses an alternate point of view.
Explanation: Communicating the possibility of a conflict of interest to management prior to starting the assignment is the correct answer. A possible conflict of interest, likely to affect the auditor's independence, should be brought to the attention of management prior to starting the assignment. Declining the assignment is not the correct answer because the assignment could be accepted after obtaining management approval. Informing management of the possible conflict of interest after completion of the audit assignment is not correct because approval should be obtained prior to commencement and not after the completion of the assignment.Informing the business continuity planning (BCP) team of the possible conflict of interest prior to starting of the assignment is not the correct answer since the BCP team would not have the authority to decide on this issue.
2. Right Answer: C
Explanation: The use of unauthorized or illegal software should be prohibited by an organization. Software piracy results in inherent exposure and can result in severe fines. AnIS auditor must convince the user and user management of the risk and the need to eliminate the risk. An IS auditor should not assume the role of the enforcing officer and take on any personal involvement in removing or deleting the unauthorized software.
3. Right Answer: A
Explanation: Including the finding in the final report is a generally accepted audit practice. If an action is taken after the audit started and before it ended, the audit report should identify the finding and describe the corrective action taken. An audit report should reflect the situation, as it existed at the start of the audit. All corrective actions taken by the auditee should be reported in writing.
4. Right Answer: C
Explanation: Individually the weaknesses are minor; however, together they have the potential to substantially weaken the overall control structure. Choices A and D reflect a failure on the part of an IS auditor to recognize the combined effect of the control weakness. Advising the local manager without reporting the facts and observations would conceal the findings from other stakeholders.
5. Right Answer: B
Explanation: If the auditee disagrees with the impact of a finding, it is important for an IS auditor to elaborate and clarify the risks and exposures, as the auditee may not fully appreciate the magnitude of the exposure. The goal should be to enlighten the auditee or uncover new information of which an IS auditor may not have been aware. Anything that appears to threaten the auditee will lessen effective communications and set up an adversarial relationship. By the same token, an IS auditor should not automatically agree just because the auditee expresses an alternate point of view.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment