An internal audit department, that organizationally reports
exclusively to the chief financial officer (CFO) rather than
to an audit committee, is MOST likely to:

A. have its audit independence questioned.

B. report more business-oriented and relevant findings.

C. enhance the implementation of the auditor's recommendations.

D. result in more effective action being taken on the
recommendations.

Answers were Sorted based on User's Feedback



An internal audit department, that organizationally reports exclusively to the chief financial offi..

Answer / guest

Answer: A

According to a recent ISACA benchmarking survey most
internal audit departments report directly to an audit
committee. However, many organizations also choose to have
the internal audit department either jointly or solely
report to the chief financial officer (CFO). In this same
survey, the IS audit function almost exclusively reports
directly to the director of internal audit. The IS auditor
who reports to the head of an operational department would
have the appearance of a compromised independence.
Generally, an IS auditor should report one level above the
reporting level of the auditee. Reporting to the CFO may not
have an impact on the content of audit findings, which
should normally be business-oriented and relevant as an
auditor is expected to understand the business being
audited. Taking effective action on an audit's
recommendations should be the responsibility of senior
management and will not be enhanced by the fact that the
audit department reports to the CFO. Follow-up of the
implementation of audit recommendations is conducted by the
auditor and/or by the administration department and would
not be enhanced by reporting to the CFO.

Is This Answer Correct ?    10 Yes 1 No

An internal audit department, that organizationally reports exclusively to the chief financial offi..

Answer / guest

D. result in more effective action being taken on the
recommendations.

Is This Answer Correct ?    2 Yes 6 No

Post New Answer

More CISA Certification Interview Questions

Which of the following audit procedures would MOST likely be used in an audit of a systems development project? A. Develop test transactions B. Use code comparison utilities C. Develop audit software programs D. Review functional requirements documentation

1 Answers  


Which of the following has the LEAST effect on controlling physical access? A. Access to the work area is restricted through a swipe card. B. All physical assets have an identification tag and are properly recorded. C. Access to the premises is restricted and all visitors authorized for entry. D. Visitors are issued a pass and escorted in and out by a concerned employee.

1 Answers  


A malicious code that changes itself with each file it infects is called a: A. logic bomb. B. stealth virus. C. trojan horse. D. polymorphic virus.

2 Answers  


Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)? A. Analyzer B. Administration console C. User interface D. Sensor

1 Answers  


The phases and deliverables of a systems development life cycle (SDLC) project should be determined: A. during the initial planning stages of the project. B. after early planning has been completed, but before work has begun. C. through out the work stages based on risks and exposures. D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls.

2 Answers  






For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback

2 Answers  


Which of the following audit techniques would an IS auditor place the MOST reliance on when determining whether an employee practices good preventive and detective security measures? A. Observation B. Detail testing C. Compliance testing D. Risk assessment

1 Answers  


An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. internal control procedures. B. user acceptance test schedules. C. adequacy of the user training program. D. clerical processes for resubmission of rejected items.

1 Answers  


The MOST likely explanation for the use of applets in an Internet application is that: A. it is sent over the network from the server. B. the server does not run the program and the output is not sent over the network. C. they improve the performance of both the web server and network. D. it is a JAVA program downloaded through the web browser and executed by the web server of the client machine.

1 Answers  


Which of the following is LEAST likely to be contained in a digital certificate for the purposes of verification by a trusted third party (TTP)/certification authority (CA)? A. Name of the TTP/CA B. Public key of the sender C. Name of the public key holder D. Time period for which the key is valid

1 Answers  


Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization? A. Alternate site selection B. Business impact analysis C. Test procedures and frequency D. Information classification

1 Answers  


The use of a GANTT chart can: A. aid in scheduling project tasks. B. determine project checkpoints. C. ensure documentation standards. D. direct the post-implementation review.

2 Answers  


Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)