Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 260 discussion

Actual exam question from Isaca's CISA
Question #: 260
Topic #: 1
[All CISA Questions]

During the planning stage of a compliance audit, an IS auditor discovers that a bank's inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What should the auditor do FIRST?

  • A. Ask management why the regulatory changes have not been included.
  • B. Report the missing regulatory updates to the chief information officer (CIO).
  • C. Discuss potential regulatory issues with the legal department.
  • D. Exclude recent regulatory changes from the audit scope.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by 007Georgeo at May 5, 2023, 2:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
PurpleParrot
3 months ago
Selected Answer: A
Based on the findings from the discussion with management, the auditor can then escalate the issue to the CIO or other relevant stakeholders if necessary. sking management why the recent regulatory changes have not been included in the inventory helps to understand the root cause of the omission. This step is crucial for identifying whether there was a lapse in the process, oversight, or other issues that need to be addressed.
upvoted 2 times
...
Swallows
7 months, 1 week ago
Selected Answer: A
Ensure that management is aware of recent legal and regulatory developments and is making appropriate decisions based on this knowledge.
upvoted 1 times
...
3008
1 year, 5 months ago
Selected Answer: B
the auditor's first step should be to report the missing regulatory updates to the CIO. The CIO is responsible for managing the bank's information technology (IT) systems and ensuring compliance with regulatory requirements. Reporting the missing regulatory updates to the CIO will ensure that the bank's management is aware of the compliance gap and can take corrective action.
upvoted 1 times
cidigi
1 year, 2 months ago
this is not correct. There are steps in between before you report to CIO. U need to disuss the findings with management before you report to the board. .
upvoted 4 times
3008
1 year, 2 months ago
asking management why the regulatory changes have not been included, may not be the most appropriate first step. It is possible that management may not have been aware of the regulatory changes or may have considered them to be insignificant. Therefore, it would be more appropriate to report the missing regulatory updates to the CIO, who is responsible for managing the bank's IT systems.
upvoted 3 times
choboanon
1 month, 4 weeks ago
CIO may not be directly involved. Better to ask the larger group of management first before escalation when you may have no reason to escalate in the first place.
upvoted 1 times
...
...
...
...
007Georgeo
1 year, 6 months ago
Selected Answer: B
Asking management why the regulatory changes have not been included may provide some additional information, but it should be done after reporting the missing regulatory updates to the CIO.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel