Corrective action has been taken by an auditee immediately
after the identification of a reportable finding. The
auditor should:
A. include the finding in the final report because the IS
auditor is responsible for an accurate report of all findings.
B. not include the finding in the final report because the
audit report should include only unresolved findings.
C. not include the finding in the final report because
corrective action can be verified by the IS auditor during
the audit.
D. include the finding in the closing meeting for discussion
purposes only.
- 2 Answers
- 9520 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Including the finding in the final report is a generally
accepted audit practice. If an action is taken after the
audit started and before it ended, the audit report should
identify the finding and describe the corrective action
taken. An audit report should reflect the situation, as it
existed at the start of the audit. All corrective actions
taken by the auditee should be reported in writing.
| Is This Answer Correct ? | 5 Yes | 0 No |
Answer / guest
A. include the finding in the final report because the IS
auditor is responsible for an accurate report of all
findings.
| Is This Answer Correct ? | 4 Yes | 1 No |
As a result of a business process reengineering (BPR) project: A. an IS auditor would be concerned with the key controls that existed in the prior business process and not those in the new process. B. system processes are automated in such a way that there are more manual interventions and manual controls. C. the newly designed business processes usually do not involve changes in the way(s) of doing business. D. advantages usually are realized when the reengineering process appropriately suits the business and risk.
During a review of the controls over the process of defining IT service levels, an IS auditor would MOST likely interview the: A. systems programmer. B. legal staff. C. business unit manager. D. application programmer.
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different.
The PRIMARY objective of a firewall is to protect: A. internal systems from exploitation by external threats. B. external systems from exploitation by internal threats. C. internal systems from exploitation by internal threats. D. itself and attached systems against being used to attack other systems.
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning
While planning an audit, an assessment of risk should be made to provide: A. reasonable assurance that the audit will cover material items. B. definite assurance that material items will be covered during the audit work. C. reasonable assurance that all items will be covered by the audit. D. sufficient assurance that all items will be covered during the audit work.
To prevent unauthorized entry to the data maintained in a dial-up fast response system, an IS auditor should recommend: A. online terminals be placed in restricted areas. B. online terminals be equipped with key locks. C. ID cards be required to gain access to online terminals. D. online access be terminated after three unsuccessful attempts.
Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer
Which of the following procedures can a biometric system perform? A. Measure airborne contamination. B. Provide security over physical access. C. Monitor temperature and humidity levels. D. Detect hazardous electromagnetic fields in an area.
An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include: A. defining the conceptual schema. B. defining security and integrity checks. C. liaising with users in developing data model. D. mapping data model with the internal schema.
Which of the following is intended to detect the loss or duplication of input? A. Hash totals B. Check digits C. Echo checks D. Transaction codes
The information that requires special precaution to ensure integrity is termed? A. Public data B. Private data C. Personal data D. Sensitive data
Cisco Certifications 
