New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISA Exam - Topic 8 Question 85 Discussion

Actual exam question for Isaca's CISA exam
Question #: 85
Topic #: 8
[All CISA Questions]

Which of the following would be an auditor's GREATEST concern when reviewing data inputs from spreadsheets into the core finance system?

Show Suggested Answer Hide Answer
Suggested Answer: A

The auditor's greatest concern when reviewing data inputs from spreadsheets into the core finance system would be undocumented code that formats data and transmits directly to the database. This is because undocumented code can introduce errors, inconsistencies, and security risks in the data processing and reporting. Undocumented code can also make it difficult to verify the accuracy, completeness, and validity of the data inputs and outputs, as well as to trace the source and destination of the data. Undocumented code can also violate the principles of segregation of duties, as the same person who creates the code may also have access to the data and the database.

The other options are not as concerning as undocumented code, although they may also pose some risks. A lack of complete inventory of spreadsheets and inconsistent file naming may make it challenging to identify and locate the relevant spreadsheets, but they do not directly affect the quality or integrity of the data inputs. The department data protection policy not being reviewed or updated for two years may indicate a lack of awareness or compliance with the current data protection regulations, but it does not necessarily imply that the data inputs are compromised or inaccurate. Spreadsheets being accessible by all members of the finance department may increase the risk of unauthorized or accidental changes to the data, but it can be mitigated by implementing access controls, password protection, and audit trails.


ISACA, CISA Review Manual, 27th Edition, 2019, p.2261

Five Common Spreadsheet Risks and Ways to Control Them2

GREATEST Concerns When Reviewing Data Inputs from Spreadsheets3

by Wenona at Sep 07, 2024, 09:30 AM

Limited Time Offer

25%

Off

Get Premium CISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Devon
3 months ago
I agree, B is the worst. Inconsistent naming can lead to major errors!
upvoted 0 times
...
Melita
3 months ago
D isn't a big deal if everyone is trained properly, right?
upvoted 0 times
...
Therese
3 months ago
Wait, how can a department go two years without updating their data policy?
upvoted 0 times
...
Daniel
4 months ago
I think B is more concerning. No inventory means chaos!
upvoted 0 times
...
Wava
4 months ago
A is definitely a huge red flag!
upvoted 0 times
...
Tayna
4 months ago
I practiced a question similar to this, and I think having spreadsheets accessible to everyone could lead to data integrity issues, but I’m torn on which is the greatest concern overall.
upvoted 0 times
...
Suzi
4 months ago
I feel like the data protection policy being outdated could be a big issue too, but I’m not sure if it’s the greatest concern compared to the others.
upvoted 0 times
...
Taryn
4 months ago
I think the inventory of spreadsheets is really important. If we don’t know what we have, how can we ensure accuracy?
upvoted 0 times
...
Daniel
5 months ago
I remember we discussed how undocumented code can lead to major errors, but I’m not sure if that’s the greatest concern.
upvoted 0 times
...
Annmarie
5 months ago
Undocumented code formatting data and transmitting it directly to the database? That sounds like a major security risk. I'm going to go with option A on this one.
upvoted 0 times
...
Christoper
5 months ago
Okay, let's see. The options cover things like data formatting, inventory, policies, and access controls. I think the lack of a complete spreadsheet inventory and inconsistent naming would be the biggest red flag for an auditor. But I'm not 100% sure.
upvoted 0 times
...
Derick
5 months ago
Hmm, this is a tricky one. There are a few potential issues here, but I'm not sure which one the examiner would consider the "greatest" concern. I'll have to think this through carefully.
upvoted 0 times
...
Carin
5 months ago
This question seems straightforward - the key is to identify the greatest risk when reviewing spreadsheet data inputs. I'll carefully consider each option and choose the one that poses the biggest concern.
upvoted 0 times
...
Antonio
5 months ago
This looks like a tricky one. I'll need to carefully review the options and think through the implications of each approach.
upvoted 0 times
...
Chandra
1 year ago
If I was the auditor, I'd be most worried about the spreadsheets being named things like 'finance_stuff_v47_final_actually.xlsx'. Talk about a nightmare to keep track of!
upvoted 0 times
Sarah
1 year ago
C) The department data protection policy has not been reviewed or updated for two years.
upvoted 0 times
...
Remona
1 year ago
B) There is not a complete inventory of spreadsheets, and file naming is inconsistent.
upvoted 0 times
...
Sarah
1 year ago
A) Undocumented code formats data and transmits directly to the database.
upvoted 0 times
...
...
Mattie
1 year ago
That's true, but I still think incomplete inventory is a bigger concern.
upvoted 0 times
...
Willard
1 year ago
But what about option D? Accessible spreadsheets could also pose a risk.
upvoted 0 times
...
Bok
1 year ago
I don't know, option A sounds like a job for a hacker, not an auditor. Though I guess they're both trying to break into the system, just for different reasons.
upvoted 0 times
...
Nickolas
1 year ago
D is the one for me. Spreadsheets accessible to the whole team? Someone's going to make a costly mistake, I just know it.
upvoted 0 times
Bettina
1 year ago
D) Spreadsheets are accessible by all members of the finance department.
upvoted 0 times
...
Temeka
1 year ago
C) The department data protection policy has not been reviewed or updated for two years.
upvoted 0 times
...
Jeanice
1 year ago
B) There is not a complete inventory of spreadsheets, and file naming is inconsistent.
upvoted 0 times
...
Olive
1 year ago
A) Undocumented code formats data and transmits directly to the database.
upvoted 0 times
...
...
Brynn
1 year ago
C seems the most concerning to me. Out-of-date data protection policies leave the whole system vulnerable.
upvoted 0 times
...
Francene
1 year ago
I'm going with B. Not having a full inventory of spreadsheets is a recipe for disaster. How can you control what you don't even know about?
upvoted 0 times
Brock
1 year ago
D) Spreadsheets are accessible by all members of the finance department.
upvoted 0 times
...
Jeannine
1 year ago
I agree, not having a full inventory of spreadsheets can lead to errors and inconsistencies.
upvoted 0 times
...
Lyndia
1 year ago
B) There is not a complete inventory of spreadsheets, and file naming is inconsistent.
upvoted 0 times
...
Louvenia
1 year ago
A) Undocumented code formats data and transmits directly to the database.
upvoted 0 times
...
...
Mammie
1 year ago
I agree with Mattie, inconsistent file naming could lead to errors in data inputs.
upvoted 0 times
...
Ronald
1 year ago
Definitely option A. Undocumented code transmitting directly to the database is a huge security risk!
upvoted 0 times
Tequila
1 year ago
I agree, we need to make sure data inputs are secure.
upvoted 0 times
...
Suzan
1 year ago
That's a good point, security is definitely a big concern.
upvoted 0 times
...
...
Mattie
1 year ago
I think the auditor's greatest concern would be option B.
upvoted 0 times
...

Save Cancel