Interested to Buy Any Domain ? << Click Here >> for more details...
An internal audit department, that organizationally reports
exclusively to the chief financial officer (CFO) rather than
to an audit committee, is MOST likely to:
A. have its audit independence questioned.
B. report more business-oriented and relevant findings.
C. enhance the implementation of the auditor's recommendations.
D. result in more effective action being taken on the
recommendations.
- 2 Answers
- 8305 Views
- ABC, CISA, I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
According to a recent ISACA benchmarking survey most
internal audit departments report directly to an audit
committee. However, many organizations also choose to have
the internal audit department either jointly or solely
report to the chief financial officer (CFO). In this same
survey, the IS audit function almost exclusively reports
directly to the director of internal audit. The IS auditor
who reports to the head of an operational department would
have the appearance of a compromised independence.
Generally, an IS auditor should report one level above the
reporting level of the auditee. Reporting to the CFO may not
have an impact on the content of audit findings, which
should normally be business-oriented and relevant as an
auditor is expected to understand the business being
audited. Taking effective action on an audit's
recommendations should be the responsibility of senior
management and will not be enhanced by the fact that the
audit department reports to the CFO. Follow-up of the
implementation of audit recommendations is conducted by the
auditor and/or by the administration department and would
not be enhanced by reporting to the CFO.
| Is This Answer Correct ? | 10 Yes | 1 No |
Answer / guest
D. result in more effective action being taken on the
recommendations.
| Is This Answer Correct ? | 2 Yes | 6 No |
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.
Compensating controls are intended to: A. reduce the risk of an existing or potential control weakness. B. predict potential problems before they occur. C. remedy problems discovered by detective controls. D. report errors or omissions.
Which of the following would allow a company to extend it?s enterprise?s intranet across the Internet to it?s business partners? A. Virtual private network B. Client-Server C. Dial-Up access D. Network service provider
An IS auditor reviewing back-up procedures for software need only determine that: A. object code libraries are backed up. B. source code libraries are backed up. C. both object and source codes libraries are backed up. D. program patches are maintained at the originating site.
After implementation of a disaster recovery plan (DRP), pre-disaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon nature of the business.
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
Which of the following MUST exist to ensure the viability of a duplicate information processing facility? A. The site is near the primary site to ensure quick and efficient recovery. B. The site contains the most advanced hardware available. C. The workload of the primary site is monitored to ensure adequate backup is available. D. The hardware is tested when it is installed to ensure it is working properly.
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.
An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that in the event of an emergency it can be easily found. C. should be located in proximity to the originating site so that it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
Which of the following would be included in an IS strategic plan?
A distinction that can be made between compliance testing and substantive testing is that compliance testing tests: A. details, while substantive testing tests procedures. B. controls, while substantive testing tests details. C. plans, while substantive testing tests procedures. D. for regulatory requirements, while substantive testing tests validations.
During an implementation review of a multiuser distributed application, the IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should: A. record the observations separately with the impact of each of them marked against each respective finding. B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones. C. record the observations and the risk arising from the collective weaknesses. D. apprise the departmental heads concerned with each observation and properly document it in the report.
Cisco Certifications 
