search

Which of the following is most important to ensure before communicating the audit findings to top management during the closing meeting?

1 Jahrs vor
Kommentare: 0
Ansichten: 40

Show

After identifying the findings, the IS auditor should FIRST:

gain agreement on the findings.

After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should:

expand activities to determine whether an investigation is warranted.

After reviewing the disaster recovery planning process of an organization, an IS auditor requests a meeting with organization management to discuss the findings. Which of the following BEST describes the main goal of this meeting?

Confirming factual accuracy of the findings

An auditee disagrees with an audit finding. Which of the following is the BEST course of action for the IT auditor to take?

Discuss the finding with the IT auditor's manager.

The BEST method of confirming the accuracy of a system tax calculation is by:

preparing simulated transactions for processing and comparing the results to predetermined results.

Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:

include the finding in the final report, because the IS auditor is responsible for an accurate report of all findings.

The decisions and actions of an IS auditor are MOST likely to affect which of the following types of risk?

Detection

During an audit, the IS auditor notes the application developer also performs quality assurance testing on another application. Which of the following is the MOST important course of action for the auditor?

Report the identified condition.

During an IS audit, which is the BEST method for an IS auditor to evaluate the implementation of segregation of duties within an IT department?

Discuss it with the IT managers.

During the course of an application software review, an IS auditor identified minor weaknesses in a relevant database environment that is out of scope for the audit. The BEST option is to:

report the weaknesses as observed.

The effect of which of the following should have priority in planning the scope and objectives of an IS audit?

Applicable statutory requirements

In a risk-based IS audit, where both inherent and control risk have been assessed as high, an IS auditor would MOST likely compensate for this scenario by performing additional:

substantive testing.

The internal IS audit team is auditing controls over sales returns and is concerned about fraud. Which of the following sampling methods would BEST assist the IS auditors?

Discovery

In the process of evaluating program change controls, an IS auditor would use source code comparison software to:

examine source program changes without information from IS personnel.

An IS audit department is considering implementing continuous auditing techniques for a multinational retail enterprise that processes a large volume of transactions per day. A PRIMARY benefit of continuous auditing is that:

fraud can be detected more quickly.

An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:> The existing DRP was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.> The DRP was presented to the deputy chief executive officer (CEO) for approval and formal issue, but it is still awaiting attention.> The DRP has never been updated, tested or circulated to key management and staff, although interviews show that each would know what action to take for its area if a disruptive incident occurred.. The IS auditor's report should recommend that:

a manager coordinates the creation of a new or revised plan within a defined time limit.

An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?

Report the use of the unauthorized software and the need to prevent recurrence.

An IS auditor discovers a potential material finding. The BEST course of action is to:

perform additional testing.

An IS auditor finds a small number of user access requests that were not authorized by managers through the normal predefined workflow steps and escalation rules. The IS auditor should:

perform an additional analysis.

An IS auditor finds that a disaster recovery plan for critical business functions does not cover all systems. Which of the following is the MOST appropriate course of action for the IS auditor?

Alert management and evaluate the impact of not covering all systems.

An IS auditor finds that the answers received during an interview with a payroll clerk do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should:

expand the scope to include substantive testing.

An IS auditor is carrying out a system configuration review. Which of the following would be the BEST evidence in support of the current system configuration settings?

Standard report with configuration values retrieved from the system by the IS auditor

An IS auditor is comparing equipment in production with inventory records. This type of testing is an example of:

substantive testing.

An IS auditor is conducting a compliance test to determine whether controls support management policies and procedures. The test will assist the IS auditor to determine:

that the control is operating as designed.

An IS auditor is determining the appropriate sample size for testing the existence of program change approvals. Previous audits did not indicate any exceptions, and management has confirmed that no exceptions have been reported for the review period. In this context, the IS auditor can adopt a:

lower confidence coefficient, resulting in a smaller sample size.

Walk-through

An IS auditor is reviewing access to an application to determine whether recently added accounts were appropriately authorized. This is an example of:

compliance testing.

An IS auditor is reviewing security controls for a critical web-based system prior to implementation. The results of the penetration test are inconclusive, and the results will not be finalized prior to implementation. Which of the following is the BEST option for the IS auditor?

Publish a report based on the available information, highlighting the potential security weaknesses and the requirement for follow-up audit testing.

An IS auditor is testing employee access to a large financial system, and the IS auditor selected a sample from the current employee list provided by the auditee. Which of the following evidence is the MOST reliable to support the testing?

A list of accounts with access levels generated by the system

An IS auditor is validating a control that involves a review of system- generated exception reports. Which of the following is the BEST evidence of the effectiveness of the control?

A sample system- generated exception report for the review period, with follow- up action items noted by the reviewer

An IS auditor notes daily reconciliation of visitor access card inventory is not aligned with the organization's procedures. Which of the following is the auditor's BEST course of action?

Report the lack of daily reconciliations.

An IS auditor reviews one day of logs for a remotely managed server and finds one case where logging failed, and the backup restarts cannot be confirmed. What should the IS auditor do?

Expand the sample of logs reviewed.

An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when:

the probability of error must be objectively quantified.

An IS auditor uses computer- assisted audit techniques (CAATs) to collect and analyze data. Which of the following attributes of evidence is MOST affected by the use of CAATs?

Reliability

An IS auditor wants to analyze audit trails on critical servers to discover potential anomalies in user or system behavior. Which of the following is the MOST suitable for performing that task?

Trend/variance detection tools

An IS auditor wants to determine the effectiveness of managing user access to a server room. Which of the following is the BEST evidence of effectiveness?

Observation of a logged event

An IS auditor wants to determine the number of purchase orders not appropriately approved. Which of the following sampling techniques should an IS auditor use to draw such conclusions?

Attribute

An IS auditor who was involved in designing an organization's business continuity plan (BCP) has been assigned to audit the plan. The IS auditor should:

communicate the possibility of conflict of interest to audit management prior to starting the assignment.

The MAIN advantage of an IS auditor directly extracting data from a general ledger systems is:

greater assurance of data validity

The MOST appropriate action for an IS auditor to take when shared user accounts are discovered is to:

document the finding and explain the risk of using shared IDs.

The PRIMARY advantage of a continuous audit approach is that it:

allows the IS auditor to review and follow up on audit issues in a timely manner.

The PRIMARY purpose for meeting with auditees prior to formally closing a review is to:

gain agreement on the findings.

A substantive test to verify that tape library inventory records are accurate is:

conducting a physical count of the tape inventory.

The vice president of human resources has requested an IS audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?

Generalized audit software

What is the BEST course of action for an IS auditor to take when an outsourced monitoring process for remote access is inadequate and management disagrees because management stated that intrusion detection system (IDS) and firewall controls are in place?

Document the identified finding in the audit report.

What is the PRIMARY requirement that a data mining and auditing software tool should meet? The software tool should:

accurately capture data from the organization's systems without causing excessive performance problems.

When preparing an audit report the IS auditor should ensure that the results are supported by:

sufficient and appropriate audit evidence.

When selecting audit procedures, an IS auditor should use professional judgment to ensure that:

sufficient evidence will be collected.

When testing program change requests for a remote system, an IS auditor finds that the number of changes available for sampling would not provide a reasonable level of assurance. What is the MOST appropriate action for the IS auditor to take?

Develop an alternate testing procedure.

Which audit technique provides the BEST evidence of the segregation of duties in an IT department?

Observation and interviews

Which of the following audit techniques would BEST help an IS auditor in determining whether there have been unauthorized program changes since the last authorized program update?

Automated code comparison

Which of the following BEST describes the objective of an IS auditor discussing the audit findings with the auditee?

Confirm the findings and propose a course of corrective action.

Re- performance

Which of the following forms of evidence would an IS auditor consider the MOST reliable?

The results of a test performed by an external IS auditor

Which of the following is a PRIMARY objective of embedding an audit module while developing online application systems?

To collect evidence while transactions are processed

Which of the following is MOST effective for monitoring transactions exceeding predetermined thresholds?

Generalized audit software

Which of the following is MOST important to ensure before communicating the audit findings to top management during the closing meeting?

Findings are clearly tracked back to evidence.

Which of the following is the BEST factor for determining the required extent of data collection during the planning phase of an IS compliance audit?

Purpose, objective and scope of the audit

Which of the following is the MOST important skill that an IS auditor should develop to understand the constraints of conducting an audit?

Project management

Which of the following sampling methods is MOST useful when testing for compliance?

Attribute sampling

Which of the following sampling methods is the MOST appropriate for testing automated invoice authorization controls to ensure that exceptions are not made for specific users?

Stratified random sampling

Which of the following sampling methods would be the MOST effective to determine whether purchase orders issued to vendors have been authorized as per the authorization matrix?

Attribute sampling

Which of the following should an IS auditor use to detect duplicate invoice records within an invoice master file?

Computer- assisted audit techniques

Which of the following should be the FIRST action of an IS auditor during a dispute with a department manager over audit findings?

Revalidate the supporting evidence for the finding.

Which of the following will MOST successfully identify overlapping key controls in business application systems?

Replacing manual monitoring with an automated auditing solution

Which of the following would be MOST useful for an IS auditor for accessing and analyzing digital data to collect relevant audit evidence from diverse software environments?

Computer- assisted auditing techniques

Which of the following would impair the independence of a quality assurance team?

Correcting coding errors during the testing process

Which of the following would normally be the MOST reliable evidence for an ISauditor?

A confirmation letter received from a third party verifying an account balance

Which technique would BEST test for the existence of dual control when auditing the wire transfer systems of a bank?

Observation

While auditing a third-party IT service provider, an IS auditor discovered that access reviews were not being performed as required by the contract. The IS auditor should:

Report the issue to IT management

Which of the following is the most important skill an IS auditor should develop to understand the constraints of conducting an audit?

Which of the following is the MOST important skill that an IS auditor should develop to understand the constraints of conducting an audit? Project management is correct.

Which of the following best describes the objective of an IS auditor discussing the audit findings with the auditee?

Which of the following BEST describes the objective of an IS auditor discussing the audit findings with the auditee? Confirm the findings and propose a course of corrective action.

Which of the following is the most critical step to perform when planning an IS audit?

Explanation: In planning an audit, the most critical step is identifying the areas of high risk.

How do you close audit findings?

The closing meeting of an audit should include the following items:.
Introductions and recording the attendees..
Thanking the attendees for their time and cooperation..
Reminder of the purpose and scope of the audit, as well as the scoring or rating criteria used..
Review and discussion of the preliminary audit findings..

important ensure communicating audit findings top management closing meeting Closing meeting example Closing meeting audit Closing audit findings

zusammenhängende Posts

Which of the following represents the most important criticism of the humanistic approach to psychotherapy?
Which of the following represents the most important criticism of the humanistic approach to psychotherapy?

Finding and creating supporting materials is an important step in the speechwriting process.
Finding and creating supporting materials is an important step in the speechwriting process.

Why is it important to study consumer behaviour identify factors influencing consumer buying behaviour?
Why is it important to study consumer behaviour identify factors influencing consumer buying behaviour?

Which of the following reflects the sense that a persons actions make a difference indicating that progress is being made toward fulfilling some important purpose?
Which of the following reflects the sense that a persons actions make a difference indicating that progress is being made toward fulfilling some important purpose?

In ____ cultures, the unspoken context is as important as the words used during communication.
In ____ cultures, the unspoken context is as important as the words used during communication.

What are three important factors to consider when developing multicultural therapeutic communication
What are three important factors to consider when developing multicultural therapeutic communication

What is the most important element in effectively leveraging the positive potential of diversity?
What is the most important element in effectively leveraging the positive potential of diversity?

Why is the study of individual differences mental ability and personality an important activity?
Why is the study of individual differences mental ability and personality an important activity?

What type of approach is especially important with clients with dependent personality disorder?
What type of approach is especially important with clients with dependent personality disorder?

What are the 2 important components of the CPU that help in processing the input into output?
What are the 2 important components of the CPU that help in processing the input into output?

Werbung

NEUESTEN NACHRICHTEN

Which list below contains only information systems development project risk factors?
1 Jahrs vor . durch MaleAllocation
Controlling measures the of actual performance from the standard performance
1 Jahrs vor . durch BrokenDeficiency
Welche Elemente kommen im menschlichen Körper vor?
1 Jahrs vor . durch LeveragedAvarice
Mit anzusehen wenn der mann anbaut
1 Jahrs vor . durch GubernatorialFreestyle
Second Hand Kinder in der Nähe
1 Jahrs vor . durch Tax-freeChemotherapy
Which of the following statements is true regarding surface-level diversity?
1 Jahrs vor . durch CracklingLordship
Wie wird man im Solarium am besten braun?
1 Jahrs vor . durch FlushedDemeanor
When giving a speech of presentation you should usually explain why the recipient is being given his or her award?
1 Jahrs vor . durch DentalSnail
Wie lange ist 3 tage fieber ansteckend
1 Jahrs vor . durch ObsessiveRedemption
Was sagt man wenn jemand in rente geht
1 Jahrs vor . durch SubjectiveCriminality

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjakoptzhhi
Urheberrechte © © 2024 decemle Inc.