New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISA Exam - Topic 1 Question 88 Discussion

Actual exam question for Isaca's CISA exam
Question #: 88
Topic #: 1
[All CISA Questions]

When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?

Show Suggested Answer Hide Answer
Suggested Answer: B

When operational management informs the IS auditor that recent organizational changes have addressed previously identified risks and implementing the action plan is no longer necessary, the IS auditor should accept management's assertion and report that the risks have been addressed. However, it is essential to document this communication and ensure that there is evidence supporting management's claim. If there are any doubts or concerns, further investigation may be necessary.The auditor should not assume new risks without proper assessment or evidence1.Reference:1(https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/enhancing-the-audit-follow-up-process-using-cobit-5)


by Jamal at Sep 15, 2024, 12:45 AM

Limited Time Offer

25%

Off

Get Premium CISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maricela
3 months ago
Reporting impracticality seems too passive, we need to dig deeper!
upvoted 0 times
...
Cora
3 months ago
Wait, how can we just trust management's word on this?
upvoted 0 times
...
Andrew
3 months ago
Not so sure about that, what if the changes created new risks?
upvoted 0 times
...
Jesus
4 months ago
Agree, option D makes the most sense here!
upvoted 0 times
...
Louvenia
4 months ago
I think the auditor should definitely review the changes.
upvoted 0 times
...
Gearldine
4 months ago
I feel like we should definitely review the changes, but I wonder if that means option D is the best approach. It seems safer to verify everything.
upvoted 0 times
...
Veronika
4 months ago
I think I read something about not just accepting management's word, so I might lean towards option A, but I'm not completely confident.
upvoted 0 times
...
Matilda
4 months ago
I'm not entirely sure, but I feel like we should assess if new risks have come up, which makes option C a possibility.
upvoted 0 times
...
Gerry
5 months ago
I remember we discussed the importance of verifying management's claims, so I think option D might be the right choice.
upvoted 0 times
...
Van
5 months ago
I'm pretty confident that option D is the way to go. We have to review the changes and make our own assessment, not just rely on management's say-so.
upvoted 0 times
...
Shayne
5 months ago
I'm leaning towards option C - we need to check if the changes have introduced any new risks that need to be addressed. Can't just assume everything is fine.
upvoted 0 times
...
Myrtie
5 months ago
Hmm, I think the key here is to review the changes and determine if the risks have really been addressed. We can't just take their word for it.
upvoted 0 times
...
Junita
5 months ago
This is a tricky one. I'm not sure if I should just accept management's word or dig deeper to verify the changes.
upvoted 0 times
...
Jospeh
5 months ago
Hmm, this looks like a tricky one. I'll need to carefully examine the sqlnet.ora file and the options to determine which three items are found in the wallet.
upvoted 0 times
...
Karrie
1 year ago
Option B is a trap! Never just accept management's assertion without verifying it. The auditor has to do their due diligence and make sure the risks are really gone.
upvoted 0 times
...
Jacki
1 year ago
I'm going with Option C. The auditor has to be vigilant and make sure the changes haven't created any new problems. You can't just trust that everything's fine just because the boss says so.
upvoted 0 times
Georgiann
1 year ago
It's important to be thorough and ensure the organization is truly addressing all risks.
upvoted 0 times
...
Margurite
1 year ago
Let's review the changes and see if any new risks have been introduced.
upvoted 0 times
...
Ozell
1 year ago
I agree, we can't just accept management's assertion without verifying.
upvoted 0 times
...
Pamella
1 year ago
I think we should go with Option C. We need to make sure there are no new risks.
upvoted 0 times
...
...
Bulah
1 year ago
Option D is the most thorough approach. The auditor should review the changes and verify that the risks have actually been addressed, not just take management's word for it.
upvoted 0 times
Amos
1 year ago
Let's not just accept management's assertion without checking for ourselves.
upvoted 0 times
...
Brianne
1 year ago
I agree, it's important to verify the effectiveness of the changes.
upvoted 0 times
...
Emerson
1 year ago
I think we should review the changes to make sure the risks have been addressed.
upvoted 0 times
...
...
Basilia
1 year ago
But what if the changes have introduced new risks? Shouldn't we also consider that possibility?
upvoted 0 times
...
Nelida
1 year ago
I agree with Marge. It's important to verify that the risks have actually been mitigated.
upvoted 0 times
...
Jamika
1 year ago
Haha, I bet management just wants to get the auditor off their backs. They probably swept the problem under the rug and are hoping the auditor doesn't notice. Option C is the way to go.
upvoted 0 times
Skye
1 year ago
Let's not let them off easy. We need to stay vigilant and ensure the organization is truly secure.
upvoted 0 times
...
Carrol
1 year ago
I agree, we can't just take their word for it. We have to review the changes thoroughly.
upvoted 0 times
...
Kenneth
1 year ago
Management always tries to take shortcuts. We need to make sure they didn't create new risks.
upvoted 0 times
...
...
Rosendo
1 year ago
I think the auditor should determine whether the changes have introduced new risks. You can't just take management's word for it and call it a day.
upvoted 0 times
Tyisha
1 year ago
I think the auditor should review the changes to ensure the risks have been addressed.
upvoted 0 times
...
Christiane
1 year ago
I agree, it's important to verify if new risks have been introduced.
upvoted 0 times
...
...
Marge
1 year ago
I think we should review the changes to see if the risks have been addressed.
upvoted 0 times
...

Save Cancel