Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca Exam CISA Topic 1 Question 88 Discussion

Actual exam question for Isaca's CISA exam
Question #: 88
Topic #: 1
[All CISA Questions]

When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?

Show Suggested Answer Hide Answer
Suggested Answer: B

When operational management informs the IS auditor that recent organizational changes have addressed previously identified risks and implementing the action plan is no longer necessary, the IS auditor should accept management's assertion and report that the risks have been addressed. However, it is essential to document this communication and ensure that there is evidence supporting management's claim. If there are any doubts or concerns, further investigation may be necessary.The auditor should not assume new risks without proper assessment or evidence1.Reference:1(https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/enhancing-the-audit-follow-up-process-using-cobit-5)


by Jamal at Sep 15, 2024, 12:45 AM

Limited Time Offer

25%

Off

Get Premium CISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Karrie
6 months ago
Option B is a trap! Never just accept management's assertion without verifying it. The auditor has to do their due diligence and make sure the risks are really gone.
upvoted 0 times
...
Jacki
6 months ago
I'm going with Option C. The auditor has to be vigilant and make sure the changes haven't created any new problems. You can't just trust that everything's fine just because the boss says so.
upvoted 0 times
Georgiann
5 months ago
It's important to be thorough and ensure the organization is truly addressing all risks.
upvoted 0 times
...
Margurite
5 months ago
Let's review the changes and see if any new risks have been introduced.
upvoted 0 times
...
Ozell
5 months ago
I agree, we can't just accept management's assertion without verifying.
upvoted 0 times
...
Pamella
5 months ago
I think we should go with Option C. We need to make sure there are no new risks.
upvoted 0 times
...
...
Bulah
6 months ago
Option D is the most thorough approach. The auditor should review the changes and verify that the risks have actually been addressed, not just take management's word for it.
upvoted 0 times
Amos
5 months ago
Let's not just accept management's assertion without checking for ourselves.
upvoted 0 times
...
Brianne
6 months ago
I agree, it's important to verify the effectiveness of the changes.
upvoted 0 times
...
Emerson
6 months ago
I think we should review the changes to make sure the risks have been addressed.
upvoted 0 times
...
...
Basilia
7 months ago
But what if the changes have introduced new risks? Shouldn't we also consider that possibility?
upvoted 0 times
...
Nelida
7 months ago
I agree with Marge. It's important to verify that the risks have actually been mitigated.
upvoted 0 times
...
Jamika
7 months ago
Haha, I bet management just wants to get the auditor off their backs. They probably swept the problem under the rug and are hoping the auditor doesn't notice. Option C is the way to go.
upvoted 0 times
Skye
6 months ago
Let's not let them off easy. We need to stay vigilant and ensure the organization is truly secure.
upvoted 0 times
...
Carrol
7 months ago
I agree, we can't just take their word for it. We have to review the changes thoroughly.
upvoted 0 times
...
Kenneth
7 months ago
Management always tries to take shortcuts. We need to make sure they didn't create new risks.
upvoted 0 times
...
...
Rosendo
8 months ago
I think the auditor should determine whether the changes have introduced new risks. You can't just take management's word for it and call it a day.
upvoted 0 times
Tyisha
7 months ago
I think the auditor should review the changes to ensure the risks have been addressed.
upvoted 0 times
...
Christiane
7 months ago
I agree, it's important to verify if new risks have been introduced.
upvoted 0 times
...
...
Marge
8 months ago
I think we should review the changes to see if the risks have been addressed.
upvoted 0 times
...

Save Cancel