Exam CISA Topic 3 Question 57 Discussion

Actual exam question for ISACA's CISA exam
Question #: 57
Topic #: 3
When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary.
What should the auditor do NEXT?

Suggested Answer: B Vote an answer

Explanation
When operational management informs the IS auditor that recent organizational changes have addressed previously identified risks and implementing the action plan is no longer necessary, the IS auditor should accept management's assertion and report that the risks have been addressed. However, it is essential to document this communication and ensure that there is evidence supporting management's claim. If there are any doubts or concerns, further investigation may be necessary. The auditor should not assume new risks without proper assessment or evidence1. References: 1(https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/enhancing-the-aud

by farisadeeb26 at Feb 27, 2024, 09:36 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
farisadeeb26
2024-02-27 21:36:40
No, it is rung answer you have to review the changes and determine whether the risk have been addressed.
upvoted 1 times
...
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어