Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IIA Exam IIA-CIA-Part2 Topic 8 Question 100 Discussion

Actual exam question for IIA's IIA-CIA-Part2 exam
Question #: 100
Topic #: 8
[All IIA-CIA-Part2 Questions]

Which of the following would be most useful for an internal auditor to obtain during the preliminary survey of an engagement on internal controls over user access management?

Show Suggested Answer Hide Answer
Suggested Answer: A

Step-by-Step Detailed Explanation:

A . The policy for granting, modifying, and deleting user access:

Correct. Understanding the policy ensures the auditor knows the framework and controls in place.

B . A sample of change request forms:

Useful for testing but not as foundational as reviewing the policy.

C . User access reports reviewed by management:

This evaluates monitoring but does not establish a baseline understanding of controls.

D . A current listing of system users and employees:

Important for reconciliation but secondary to understanding the control framework.

CIA Exam Syllabus Reference:

Domain V: Performing Internal Audit Services -- Preliminary Surveys.


by Florinda at Apr 06, 2025, 05:13 AM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Alecia
2 months ago
Haha, good one! And don't forget to look out for the CEO's 'personal assistant' who somehow has access to the company's top-secret R&D files. You can't make this stuff up!
upvoted 0 times
Rupert
1 months ago
C) User access reports that were reviewed by management to ensure that access rights are appropriate for employee roles.
upvoted 0 times
...
Brent
1 months ago
B) A sample of change request forms to verify whether the forms bear the required approval for the user access change.
upvoted 0 times
...
Ricarda
1 months ago
A) The policy for granting, modifying, and deleting user access to ensure processing requirements are clearly articulated.
upvoted 0 times
...
...
Tuyet
2 months ago
How about we throw in a little humor? The auditor should probably also check if the janitor has full admin privileges 'just in case'. You know, for emergencies.
upvoted 0 times
Glendora
27 days ago
C) User access reports that were reviewed by management to ensure that access rights are appropriate for employee roles.
upvoted 0 times
...
Moira
29 days ago
B) A sample of change request forms to verify whether the forms bear the required approval for the user access change.
upvoted 0 times
...
Alease
1 months ago
A) The policy for granting, modifying, and deleting user access to ensure processing requirements are clearly articulated.
upvoted 0 times
...
...
Judy
3 months ago
But wouldn't option C also be important to ensure that access rights are appropriate for employee roles?
upvoted 0 times
...
Dana
3 months ago
A current listing of system users and an employee listing to determine active employees seems like the logical choice. Making sure system access aligns with the actual workforce is key.
upvoted 0 times
Francine
2 months ago
D) A current listing of system users and an employee listing to determine whether system users are active employees of the organization.
upvoted 0 times
...
Sherill
2 months ago
A) The policy for granting, modifying, and deleting user access to ensure processing requirements are clearly articulated.
upvoted 0 times
...
...
Yoko
3 months ago
I agree with Audry, having a clear policy for user access is crucial for internal controls.
upvoted 0 times
...
Jess
3 months ago
I think the user access reports reviewed by management would be the most useful. Verifying that access rights are appropriate for each employee's role is crucial for effective access controls.
upvoted 0 times
...
Audry
3 months ago
I think option A would be most useful because it ensures processing requirements are clearly articulated.
upvoted 0 times
...
Letha
3 months ago
The policy for granting, modifying, and deleting user access is definitely the most important piece of information for an internal auditor to obtain. This ensures the control requirements are clearly defined.
upvoted 0 times
Maurine
2 months ago
C) User access reports that were reviewed by management to ensure that access rights are appropriate for employee roles.
upvoted 0 times
...
Regenia
3 months ago
A) The policy for granting, modifying, and deleting user access to ensure processing requirements are clearly articulated.
upvoted 0 times
...
...

Save Cancel