ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 71

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
The FIRST step in an incident response plan is to:
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?

Question 701

Report
Export
Collapse

Which of the following should be an IS auditor's PRIMARY consideration when determining which issues to include in an audit report?

A.
Professional skepticism
A.
Professional skepticism
Answers
B.
Management's agreement
B.
Management's agreement
Answers
C.
Materiality
C.
Materiality
Answers
D.
Inherent risk
D.
Inherent risk
Answers
Suggested answer: C

Explanation:

Materiality is the primary consideration when determining which issues to include in an audit report, as it reflects the significance or importance of the issues to the users of the report. Materiality is a relative concept that depends on the nature, context, and amount of the issues, as well as the expectations and needs of the users. Materiality helps the auditor to prioritize the issues and communicate them clearly and concisely.

Reference

ISACA CISA Review Manual, 27th Edition, page 256

Materiality in Auditing - AICPA

Materiality in Planning and Performing an Audit - IAASB

Question 702

Report
Export
Collapse

When designing a data analytics process, which of the following should be the stakeholder's role in automating data extraction and validation?

A.
Indicating which data elements are necessary to make informed decisions
A.
Indicating which data elements are necessary to make informed decisions
Answers
B.
Allocating the resources necessary to purchase the appropriate software packages
B.
Allocating the resources necessary to purchase the appropriate software packages
Answers
C.
Performing the business case analysis for the data analytics initiative
C.
Performing the business case analysis for the data analytics initiative
Answers
D.
Designing the workflow necessary for the data analytics tool to evaluate the appropriate data
D.
Designing the workflow necessary for the data analytics tool to evaluate the appropriate data
Answers
Suggested answer: A

Explanation:

The stakeholder's role in automating data extraction and validation is to indicate which data elements are necessary to make informed decisions. The stakeholder is the person who has a vested interest in the outcome of the data analytics process and can provide the business context and requirements for the analysis. The stakeholder can help the data analyst to identify the relevant data sources, the key performance indicators (KPIs), and the expected results of the analysis.

Reference

What Is the Data Analysis Process? 5 Key Steps to Follow - G2

What's the Best Approach to Data Analytics? - Harvard Business Review

Weekly challenge 1 - GitHub: Let's build from here

Question 703

Report
Export
Collapse

Which of the following presents the GREATEST risk to an organization's ability to manage quality control (QC) processes?

A.
Lack of segregation of duties
A.
Lack of segregation of duties
Answers
B.
Lack of a dedicated QC function
B.
Lack of a dedicated QC function
Answers
C.
Lack of policies and procedures
C.
Lack of policies and procedures
Answers
D.
Lack of formal training and attestation
D.
Lack of formal training and attestation
Answers
Suggested answer: C

Explanation:

The greatest risk to an organization's ability to manage QC processes is the lack of policies and procedures that define the QC objectives, standards, methods, roles, and responsibilities. Without policies and procedures, the QC processes may be inconsistent, ineffective, inefficient, or noncompliant with the relevant regulations and best practices. Policies and procedures provide the foundation and guidance for the QC processes and help to ensure their quality, reliability, and accountability.

Reference

ISACA CISA Review Manual, 27th Edition, page 253

Quality Control - an overview | ScienceDirect Topics

Quality Control: Meaning, Importance, Definition and Objectives

Question 704

Report
Export
Collapse

A configuration management audit identified that predefined automated procedures are used when deploying and configuring application infrastructure in a cloud-based environment. Which of the following is MOST important for the IS auditor to review?

A.
Storage location of configuration management documentation
A.
Storage location of configuration management documentation
Answers
B.
Processes for making changes to cloud environment specifications
B.
Processes for making changes to cloud environment specifications
Answers
C.
Contracts of vendors responsible for maintaining provisioning tools
C.
Contracts of vendors responsible for maintaining provisioning tools
Answers
D.
Number of administrators with access to cloud management consoles
D.
Number of administrators with access to cloud management consoles
Answers
Suggested answer: B

Explanation:

The IS auditor should review the processes for making changes to cloud environment specifications, as these are the inputs for the predefined automated procedures that deploy and configure the application infrastructure. The IS auditor should verify that the changes are authorized, documented, tested, and approved before they are applied to the cloud environment. The IS auditor should also check that the changes are aligned with the business requirements and do not introduce any security or performance issues.

Reference

ISACA CISA Review Manual, 27th Edition, page 254

Configuration Management in Cloud Computing - ScienceDirect

Cloud Configuration Management - BMC Software

Question 705

Report
Export
Collapse

Which of the following is the MOST effective way to detect as many abnormalities as possible during an IS audit?

A.
Conduct a walk-through of the process.
A.
Conduct a walk-through of the process.
Answers
B.
Perform substantive testing on sampled records.
B.
Perform substantive testing on sampled records.
Answers
C.
Perform judgmental sampling of key processes.
C.
Perform judgmental sampling of key processes.
Answers
D.
Use a data analytics tool to identify trends.
D.
Use a data analytics tool to identify trends.
Answers
Suggested answer: D

Explanation:

A data analytics tool is the most effective way to detect as many abnormalities as possible during an IS audit, as it can process large volumes of data, perform complex calculations, and generate visualizations that reveal patterns, outliers, anomalies, or deviations from expected results. A data analytics tool can also help the auditor to test the entire population of data, rather than a sample, and to perform continuous auditing and monitoring.

Reference

ISACA CISA Review Manual, 27th Edition, page 256

What is Problem Solving? Steps, Process & Techniques | ASQ

Data Analytics for Auditors - IIA

Question 706

Report
Export
Collapse

Which of the following is a PRIMARY benefit of using risk assessments to determine areas to be included in an audit plan?

A.
Timely audit execution
A.
Timely audit execution
Answers
B.
Effective allocation of audit resources
B.
Effective allocation of audit resources
Answers
C.
Reduced travel and expense costs
C.
Reduced travel and expense costs
Answers
D.
Effective risk mitigation
D.
Effective risk mitigation
Answers
Suggested answer: B

Explanation:

Using risk assessments to determine areas to be included in an audit plan is a primary benefit because it helps to prioritize the audit activities based on the level of risk and the potential impact of the audit findings. This way, the audit resources, such as time, staff, and budget, can be allocated more efficiently and effectively to the areas that need the most attention and provide the most value.

Reference

ISACA CISA Review Manual, 27th Edition, page 256

What is the Purpose of a Risk Assessment?

Mastering the Process of Risk Assessment

Question 707

Report
Export
Collapse

An IS auditor is conducting an IT governance audit and notices many initiatives are managed informally by isolated project managers. Which of the following recommendations would have the GREATEST impact on improving the maturity of the IT team?

A.
Schedule a follow-up audit in the next year to confirm whether IT processes have matured.
A.
Schedule a follow-up audit in the next year to confirm whether IT processes have matured.
Answers
B.
Create an interdisciplinary IT steering committee to oversee IT prioritization and spending.
B.
Create an interdisciplinary IT steering committee to oversee IT prioritization and spending.
Answers
C.
Document and track all IT decisions in a project management tool.
C.
Document and track all IT decisions in a project management tool.
Answers
D.
Discontinue all current IT projects until formal approval is obtained and documented.
D.
Discontinue all current IT projects until formal approval is obtained and documented.
Answers
Suggested answer: B

Explanation:

An IT steering committee is a group of senior executives and stakeholders who provide strategic direction, guidance, and oversight for the IT function of an organization. An IT steering committee can help to improve the maturity of the IT team by ensuring that the IT initiatives are aligned with the business goals and objectives, that the IT resources are allocated and utilized effectively and efficiently, and that the IT performance and value are measured and communicated. An IT steering committee can also help to resolve conflicts, prioritize demands, and foster collaboration among the IT project managers and other business units.

Reference

ISACA CISA Review Manual, 27th Edition, page 254

Auditing IT Governance

The Impact of Poor IT Audit Planning and Mitigating Audit Risk

IS Audit Basics: The Components of the IT Audit Report

Question 708

Report
Export
Collapse

Which of the following should be the GREATEST concern for an IS auditor assessing an organization's disaster recovery plan (DRP)?

A.
The DRP was developed by the IT department.
A.
The DRP was developed by the IT department.
Answers
B.
The DRP has not been tested during the past three years.
B.
The DRP has not been tested during the past three years.
Answers
C.
The DRP has not been updated for two years.
C.
The DRP has not been updated for two years.
Answers
D.
The DRP does not include the recovery the time objective (RTO) for a key system.
D.
The DRP does not include the recovery the time objective (RTO) for a key system.
Answers
Suggested answer: B

Explanation:

The DRP is a set of procedures and resources that enable an organization to restore its critical IT functions and operations in the event of a disaster or disruption. The DRP should be tested regularly to ensure its effectiveness, validity, and readiness. Testing the DRP can help to identify and resolve any gaps, issues, or weaknesses in the plan, as well as to evaluate the performance and capability of the recovery team and resources. If the DRP has not been tested during the past three years, it may not reflect the current IT environment, business requirements, or recovery objectives, and it may fail to meet the expectations and needs of the stakeholders.

Reference

ISACA CISA Review Manual, 27th Edition, page 255

Disaster Recovery Plan Testing: The Ultimate Checklist

What is a Disaster Recovery Plan (DRP) and How Do You Write One?

Question 709

Report
Export
Collapse

A programmer has made unauthorized changes to key fields in a payroll system report. Which of the following control weaknesses would have contributed MOST to this problem?

A.
The programmer did not involve the user in testing.
A.
The programmer did not involve the user in testing.
Answers
B.
The user requirements were not documented.
B.
The user requirements were not documented.
Answers
C.
Payroll files were not under the control of a librarian.
C.
Payroll files were not under the control of a librarian.
Answers
D.
The programmer has access to the production programs.
D.
The programmer has access to the production programs.
Answers
Suggested answer: D

Explanation:

The programmer having access to the production programs is the most likely control weakness that would have contributed to the unauthorized changes to the payroll system report. This is because the programmer could modify the production code without proper authorization, documentation, or testing, and bypass the change management process. This could result in errors, fraud, or data integrity issues in the payroll system. The programmer should only have access to the development or test environment, and the production programs should be under the control of a librarian or a change manager.

Reference

ISACA CISA Review Manual, 27th Edition, page 254

4 Types of Internal Control Weaknesses

ACCT 4631 - Internal Auditing: CIA Quiz Topic 6 Flashcards

Question 710

Report
Export
Collapse

Which of the following is MOST important when defining the IS audit scope?

A.
Minimizing the time and cost to the organization of IS audit procedures
A.
Minimizing the time and cost to the organization of IS audit procedures
Answers
B.
Involving business in the formulation of the scope statement
B.
Involving business in the formulation of the scope statement
Answers
C.
Aligning the IS audit procedures with IT management priorities
C.
Aligning the IS audit procedures with IT management priorities
Answers
D.
Understanding the relationship between IT and business risks
D.
Understanding the relationship between IT and business risks
Answers
Suggested answer: D

Explanation:

The most important factor when defining the IS audit scope is to understand the relationship between IT and business risks, as this helps to identify the areas that have the most potential impact on the organization's objectives, performance, and value. By understanding the IT and business risks, the IS auditor can focus the audit scope on the key processes, systems, controls, and issues that need to be assessed and addressed.

Reference

ISACA CISA Review Manual, 27th Edition, page 256

Ten Factors to Consider when Setting the Scope of an Internal Audit

What Is an Audit Scope? | Auditing Basics | KirkpatrickPrice

Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms