Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 28 discussion

Actual exam question from Isaca's CISA
Question #: 28
Topic #: 1
[All CISA Questions]

An IS auditor is evaluating controls for monitoring the regulatory compliance of a third party that provides IT services to the organization. Which of the following should be the auditor's GREATEST concern?

  • A. A gap analysis against regulatory requirements has not been conducted.
  • B. The third-party disclosed a policy-related issue of noncompliance.
  • C. The organization has not reviewed the third party's policies and procedures.
  • D. The organization has not communicated regulatory requirements to the third party.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Kandyd at Jan. 6, 2023, 7:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Pumeza
1 week, 1 day ago
A for alpha
upvoted 1 times
...
[Removed]
4 months ago
During due dil, third party policies are reviewed alongside Soc2 report or any certication they hold. Answer should be D
upvoted 1 times
[Removed]
4 months ago
C I meant
upvoted 1 times
...
...
a84n
6 months, 3 weeks ago
Selected Answer: B
Answer: B
upvoted 1 times
...
5b56aae
7 months ago
Selected Answer: D
regulatory issue
upvoted 1 times
...
sundersam23
9 months, 2 weeks ago
Selected Answer: D
The question is related to "regulatory requirements". SO correct answer is D.
upvoted 1 times
...
PC2323
1 year, 2 months ago
if the third party has not been indicated expectations (regulatory requirements) - there is little hope of compliance
upvoted 2 times
...
AB1237
1 year, 2 months ago
Selected Answer: D
It is D
upvoted 3 times
...
sbtt
1 year, 3 months ago
Selected Answer: B
why not B please?
upvoted 1 times
Varokah
7 months, 1 week ago
I think it's better when the third party disclose the matter to our organization than do not, so we can take actions.
upvoted 1 times
...
kclow
1 year, 2 months ago
Policy is probably not a serious issue to be concerned about, only matter if it is law.
upvoted 1 times
...
...
frisbg
1 year, 5 months ago
Selected Answer: C
I think answer is C. If we reviewed other parties policies and procedures and do due diligence activities then even we couldnt submit our requirements it may be low or medium risk, because maybe we already check if third party is compliant. But if policies/procedures are not checked or due diligence performed that means we don't have any third party risk management that makes it high risk finding. Even we submit our requirements maybe other is not followed them.
upvoted 2 times
cidigi
1 year, 3 months ago
No one will sit and review the 3rd party's policies and procedures. D is the correct answer
upvoted 3 times
...
...
Kandyd
1 year, 10 months ago
Why doesn't C take precedence over D
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel