ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 1391 discussion

Actual exam question from Isaca's CISA
Question #: 1391
Topic #: 1
[All CISA Questions]

When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?

  • A. Review the changes and determine whether the risks have been addressed.
  • B. Accept management's assertion and report that the risks have been addressed.
  • C. Report that the changes make it impractical to determine whether the risks have been addressed.
  • D. Determine whether the changes have introduced new risks that need to be addressed.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by MJORGER at Feb. 23, 2024, 6:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BenHung
1 month ago
Selected Answer: A
reason: Validate management’s claims: Auditors cannot rely solely on management's statements but should independently review changes to confirm whether risks are actually being addressed. This includes reviewing relevant documentation, processes and technical implementation to ensure the changes are indeed effective. Ensure audit independence: The auditor's role is to provide an objective assessment, not to directly accept management's assertions. By reviewing changes, auditors can ensure that their conclusions are based on facts and evidence. Avoid potential new risks: Organizational changes may introduce new risks, and auditors need to assess whether these changes have had an impact on the overall risk profile.
upvoted 1 times
...
marc4354345
6 months ago
First A, then D.
upvoted 1 times
...
MJORGER
6 months, 1 week ago
D. Determine whether the changes have introduced new risks that need to be addressed. The IS auditor should not simply accept management's assertion without further investigation. Instead, they should critically evaluate the changes made by management to determine whether they effectively mitigate the identified risks or if they have introduced new risks.
upvoted 1 times
MJORGER
3 months, 2 weeks ago
Sorry, the answer is A.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago