ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 564 discussion

Actual exam question from Isaca's CISA
Question #: 564
Topic #: 1
[All CISA Questions]

An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined the user list was not system-generated. Which of the following should be the GREATEST concern?

  • A. Source of the user list reviewed
  • B. Availability of the user list reviewed
  • C. Confidentiality of the user list reviewed
  • D. Completeness of the user list reviewed
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Shrimvs at Aug. 4, 2020, 4:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
52cb16c
2 months, 2 weeks ago
Selected Answer: D
It is important to complete the user list.
upvoted 1 times
...
1Naa
6 months, 1 week ago
Selected Answer: D
If the user list was not system-generated, there is a risk that the list may be incomplete or inaccurate. A manually compiled list may omit some users or include irrelevant ones, which could result in incorrect access rights being granted or improper reviews of user access.
upvoted 1 times
...
85e8e0b
7 months, 2 weeks ago
Selected Answer: D
Lets say you extracted a system-generated user listing, but its not complete, then the list will not be reliable. Hence if you choose a completed listing, it doesnt matter whether what is the source, as long as the user listing is completed. In my 5 years of auditing, not all user listing can be generated from a system. Grow up dudes.
upvoted 2 times
...
Swallows
1 year ago
Selected Answer: A
Relying on manually compiled user lists increases the likelihood of errors, omissions, and inconsistencies, which can undermine the effectiveness of the access review process. It may also lead to incomplete or inaccurate assessments of user access rights, potentially exposing the organization to security risks and compliance issues. While the completeness of the user list (option D) is indeed a concern, the source of the user list reviewed is typically of greater importance. A system-generated user list is generally more reliable and comprehensive, providing a more accurate representation of user access rights within the application.
upvoted 1 times
85e8e0b
7 months, 2 weeks ago
Can you ascertain that all system-generated user listing is complete? What if there are filters applied in the back-end? In the end of the day, "completeness" is what we are looking for.
upvoted 1 times
...
...
samir45
1 year, 5 months ago
Selected Answer: D
I think D should be the answer.
upvoted 3 times
...
spar2kle
1 year, 9 months ago
Selected Answer: A
If the list was not system-generated, there's a greater risk that it's incomplete or inaccurate.
upvoted 1 times
...
Ej24356
3 years, 7 months ago
Selected Answer: A
CISA Review Manual pg. 395 - Reports generated from the system—These represent the data that management relies upon for business decisions and review of business results. Therefore, ensuring the integrity of data in reports is key for the reliability of information in information systems. An IS auditor should validate that the reports are accurate and provide correct representation of the source data.
upvoted 4 times
...
Kushagrasingh97
3 years, 7 months ago
In my opinion the correct answer is 'A'. Because prior to performing the C&A procedures the IS auditor needs to verify the source of the data. The source of the data should be from the in-scope application's production server/db. If the source is not established C&A will not matter.
upvoted 3 times
...
Calven
3 years, 7 months ago
i think completeness and accuracy should be of greatest concern,
upvoted 3 times
Action
1 year, 11 months ago
Exactly my thoughts too. Answer should be D
upvoted 2 times
...
...
solidribs
3 years, 8 months ago
not system-generated being the key. Completeness and Accuracy will be the greatest concern
upvoted 1 times
...
gusni
4 years, 6 months ago
I think the correct answer is A. While completeness is definitely an important consideration, you could still make up a complete but corrupt data. In that case, the data is complete but still corrupt.
upvoted 2 times
Action
1 year, 11 months ago
What is the meaning of complete but corrupt ?
upvoted 1 times
...
Xtrmntr
4 years, 6 months ago
In audit, the source of data is always the most important factor, even more important than completeness. What if the source is the client and they have knowingly omitted information (i.e. completeness) or added false information? Then the data is worthless, regardless if it is "complete".
upvoted 3 times
...
...
Shrimvs
4 years, 11 months ago
What happens if the user list is incomplete? There may be users inthe system but not in the list. So the list has to be extracted from system. Whatever source may be, the list may not be complete
upvoted 2 times
ruestudent
4 years, 10 months ago
I think A is correct. To get the complete user list the source should be reliable.
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel