Isaca CISA Practice Test - Questions Answers, Page 113

Discovery sampling is a type of statistical sampling that's used when the expected error rate in the population is very low1.This method is designed to discover at least one instance of an attribute or condition in a population1.It's often used in auditing to uncover fraud or noncompliance with rules and regulations1.

What are sampling methods and how do you choose the best one?

If the audit team lacks the necessary knowledge to audit a system that uses an AI algorithm, engaging external consultants who have audit experience and knowledge of AI would be the best approach12.These consultants can provide the expertise needed to effectively audit the AI system12.This approach ensures that the audit is conducted thoroughly and accurately, without requiring the audit team to acquire new skills or knowledge12.

Auditing Guidelines for Artificial Intelligence - ISACA

An In-Depth Guide To Audit AI Models - Censius

The issue seems to stem from a breakdown in the workflow or process for handling assets that are due for destruction12.By examining the workflow, the IS auditor can identify where the process failed, such as why the vendor was not notified about the hard drives12.This could involve reviewing procedures for inventory management, communication with vendors, and tracking of assets due for destruction12.The findings can then be used to improve the workflow and prevent similar issues in the future12.

How To Properly Destroy A Hard Drive - Tech News Today

How to safely and securely destroy hard disk data - iFixit

Continuous auditing provides the greatest assurance that a middleware application compiling data from multiple sales transaction databases for forecasting is operating effectively12.Continuous auditing involves the use of automated tools to continuously monitor and audit a system's operations12.This allows for real-time identification and resolution of issues, ensuring that the system is always functioning as expected12.It also provides ongoing assurance about the integrity and reliability of the data being compiled by the middleware application12.

5 Data Integration Methods and Strategies | Talend

What Is Middleware? Definition, Architecture, and Best Practices

The best action that audit management should consider first is to reassign the audit to an internal audit subject matter expert. This is because cloud service audits require specialized knowledge and skills to assess the risks and controls associated with the cloud service provider and the cloud service customer. An IS auditor who is unfamiliar with the technologies in use and their associated risks to the business may not be able to perform an effective and efficient audit, and may miss important issues or provide inaccurate recommendations. Therefore, it is important to ensure that the IS auditor assigned to the cloud service audit has the appropriate competence and experience.

The other options are not as good as reassigning the audit to an internal audit subject matter expert. Conducting a follow-up audit after a suitable period has elapsed may not address the quality issues of the initial audit, and may also delay the identification and remediation of any problems. Rescheduling the audit assignment for the next financial year may expose the organization to unnecessary risks and may not meet the audit objectives or expectations. Extending the duration of the audit to give the auditor more time may not be feasible or cost-effective, and may not guarantee that the auditor will acquire the necessary knowledge and skills in time.

ISACA, CISA Review Manual, 27th Edition, 2019, p.1391

ISACA, Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives, 2009, p.14

In the event of a disaster where the data center is no longer available, the first step should be to activate the call tree1.A call tree is a layered hierarchical communication model used to notify specific individuals of an event and coordinate recovery efforts1.This ensures that all relevant parties are informed about the situation and can begin executing their parts of the disaster recovery plan1.

IT Disaster Recovery Plan | Ready.gov

Stress testing is designed to evaluate a system's performance under extreme conditions1.It is typically carried out in a test environment that closely mirrors the production environment, using production workloads1.This approach ensures that the test results accurately reflect how the system would perform under similar conditions in the production environment1.Using a test environment also prevents any disruptions or damage to the production environment during testing1.

Stress Testing Best Practices: A Seven Steps Model

Tabletop exercises are a type of simulation used to test an organization's incident response plan12.They involve key stakeholders in a hypothetical scenario to see how they would respond12.This allows management to assess the effectiveness of the incident response process and identify areas for improvement12.Regularly conducting these exercises ensures that the organization is prepared for a real incident and that the incident response process remains effective over time12.

Cybersecurity incident response: The 6 steps to success

Six steps for building a robust incident response strategy - IBM

The greatest concern with the IT department and internal IS audit function both reporting to the CIO is the potential compromise of IS audit independence.Auditor independence refers to the impartiality and objectivity of an auditor in conducting an audit, free from conflicts of interest and bias1.It is crucial for ensuring the quality and reliability of financial reporting1. If the IS audit function reports to the CIO, who also oversees the IT department, it could create a conflict of interest that might compromise the impartiality and objectivity of the IS audit function.

Auditor Independence - What is it, Rules, Importance, Examples