Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 1081 discussion

Actual exam question from Isaca's CISA
Question #: 1081
Topic #: 1
[All CISA Questions]

During a follow-up audit, an IS auditor finds that senior management has implemented a different remediation action plan than what was previously agreed upon. Which of the following is the auditor's BEST course of action?

  • A. Report the deviation by the control owner in the audit report.
  • B. Cancel the follow-up audit and reschedule for the next audit period.
  • C. Evaluate the implemented control to ensure it mitigates the risk to an acceptable level.
  • D. Request justification from management for not implementing the recommended control.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Peter_CISA at April 17, 2023, 2:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
RS66
3 months, 2 weeks ago
Selected Answer: C
C. Evaluate the implemented control to ensure it mitigates the risk to an acceptable level.
upvoted 1 times
...
KAP2HURUF
10 months, 3 weeks ago
Selected Answer: C
. Request justification from management for not implementing the recommended control: While understanding management's rationale for choosing a different action plan is important, the priority should be to evaluate the effectiveness of the controls they have implemented. This understanding can be part of the evaluation process, but it should not precede the assessment of control effectiveness.
upvoted 1 times
...
3008
11 months, 2 weeks ago
Selected Answer: C
C is correct.
upvoted 1 times
...
FAGFUR
1 year ago
Selected Answer: D
The best course of action for the IS auditor, upon finding that senior management has implemented a different remediation action plan than what was previously agreed upon, is to request justification from management for not implementing the recommended control. This allows the auditor to understand the reasons behind the deviation and assess whether the implemented control effectively addresses the identified risks.
upvoted 1 times
...
Peter_CISA
1 year, 7 months ago
why is not answer D?
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel