Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 929 discussion

Actual exam question from Isaca's CISA
Question #: 929
Topic #: 1
[All CISA Questions]

An IS audit reveals an organization has decided not to implement a new regulation by the required deadline because the cost of rapid implementation is higher than the penalty for noncompliance. Which of the following is the auditor’s BEST course of action?

  • A. Ensure a gap analysis is conducted
  • B. Ensure regulatory reporting is completed
  • C. Ensure the risk register is updated
  • D. Ensure risk acceptance is documented
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by SuperMax at Sept. 28, 2023, 10:36 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Vima234
2 months, 2 weeks ago
Selected Answer: B
noncompliance with regulatory reporting, especially when a deadline is involved, can have significant consequences. In this case, ensuring that regulatory reporting is completed (Option B) is crucial because it addresses the immediate compliance requirement and prevents potential legal or regulatory penalties. While documenting risk acceptance (Option D) is important for internal risk management and accountability, completing regulatory reporting is essential to meet external compliance obligations and avoid enforcement actions. Therefore, if the organization is facing a regulatory deadline, ensuring regulatory reporting is completed would be the best course of action to avoid noncompliance penalties
upvoted 1 times
...
KAP2HURUF
10 months, 2 weeks ago
Selected Answer: D
Documenting risk acceptance (D) is essential for ensuring that the organization's management is accountable for the decision and is aware of its implications. It also serves as an important record for future reference, both for internal governance and for external audits or regulatory reviews.
upvoted 2 times
...
SuperMax
1 year, 1 month ago
Selected Answer: D
D. Ensure risk acceptance is documented In this situation, the organization has made a conscious decision not to implement a new regulation by the required deadline because they believe the cost of rapid implementation is higher than the penalty for noncompliance. This represents a risk acceptance decision, where the organization is choosing to accept the risk of noncompliance. To properly address this from an audit perspective, the auditor should ensure that this risk acceptance decision is well-documented. Documenting the risk acceptance decision is important for transparency and accountability within the organization. It ensures that the decision-makers are aware of the risks they are taking and that the reasons for not complying with the regulation are clear. While conducting a gap analysis, updating the risk register, and ensuring regulatory reporting are important tasks, in this specific scenario, documenting the risk acceptance is the most critical action to address the organization's noncompliance decision.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel