ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 314 discussion

Actual exam question from Isaca's CISA
Question #: 314
Topic #: 1
[All CISA Questions]

During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action?

  • A. Add testing of third-party access controls to the scope of the audit.
  • B. Plan to test these controls in another audit.
  • C. Determine whether the risk has been identified in the planning documents.
  • D. Escalate the deficiency to audit management.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 3008 at June 5, 2023, 6:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
roxannebadenhorst
2 months, 1 week ago
Selected Answer: A
Third-party access to an organization's systems presents significant security and compliance risks, so testing controls related to third-party access is essential. If the original audit plan did not include testing for third-party access, it is important to adjust the audit plan to include this critical aspect, ensuring that all access controls are adequately reviewed.
upvoted 1 times
...
RS66
8 months ago
Selected Answer: A
AI says Option A is the most appropriate response because it directly addresses the deficiency by ensuring that testing of third-party access controls is included in the current audit scope. This action is proactive and aims to rectify the identified issue promptly. Therefore, Option A is the correct answer.
upvoted 1 times
...
Swallows
10 months, 3 weeks ago
Selected Answer: C
Determine whether a risk assessment is in place to plan testing of controls that regulate third-party access.
upvoted 1 times
...
Rachy
1 year, 1 month ago
Selected Answer: C
C. Determine if the risk has been identified in the plan
upvoted 2 times
...
shiowbah
1 year, 3 months ago
A. Add testing of third-party access controls to the scope of the audit.
upvoted 1 times
...
BA27
1 year, 4 months ago
C. Determine whether the risk has been identified in the planning documents.
upvoted 2 times
...
BA27
1 year, 6 months ago
C. Determine whether the risk has been identified in the planning documents.
upvoted 2 times
...
3008
1 year, 9 months ago
Selected Answer: D
Escalate the deficiency to audit management: Escalating the deficiency to audit management is the BEST course of action because it allows the auditor to report the issue to higher management and obtain their support to address the deficiency.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago