Interested to Buy Any Domain ? << Click Here >> for more details...
An internal audit department, that organizationally reports
exclusively to the chief financial officer (CFO) rather than
to an audit committee, is MOST likely to:
A. have its audit independence questioned.
B. report more business-oriented and relevant findings.
C. enhance the implementation of the auditor's recommendations.
D. result in more effective action being taken on the
recommendations.
- 2 Answers
- 8424 Views
- ABC, CISA, I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
According to a recent ISACA benchmarking survey most
internal audit departments report directly to an audit
committee. However, many organizations also choose to have
the internal audit department either jointly or solely
report to the chief financial officer (CFO). In this same
survey, the IS audit function almost exclusively reports
directly to the director of internal audit. The IS auditor
who reports to the head of an operational department would
have the appearance of a compromised independence.
Generally, an IS auditor should report one level above the
reporting level of the auditee. Reporting to the CFO may not
have an impact on the content of audit findings, which
should normally be business-oriented and relevant as an
auditor is expected to understand the business being
audited. Taking effective action on an audit's
recommendations should be the responsibility of senior
management and will not be enhanced by the fact that the
audit department reports to the CFO. Follow-up of the
implementation of audit recommendations is conducted by the
auditor and/or by the administration department and would
not be enhanced by reporting to the CFO.
| Is This Answer Correct ? | 10 Yes | 1 No |
Answer / guest
D. result in more effective action being taken on the
recommendations.
| Is This Answer Correct ? | 2 Yes | 6 No |
The use of a GANTT chart can: A. aid in scheduling project tasks. B. determine project checkpoints. C. ensure documentation standards. D. direct the post-implementation review.
The purpose of debugging programs is to: A. generate random data that can be used to test programs before implementing them. B. protect valid changes from being overwritten by other changes during programming. C. define the program development and maintenance costs to be include in the feasibility study. D. ensure that abnormal terminations and coding flaws are detected and corrected.
During which phase of a system development process should an IS auditor first raise the issue of application controls? A. Construction B. System design C. Acceptance testing D. Functional specification
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations
Which of the following is a detective control? A. Physical access controls B. Segregation of duties C. Backup procedures D. Audit trails
The Primary purpose of audit trails is to
Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway
Which of the following are data file controls? A. Internal and external labeling B. Limit check and logical relationship checks C. Total items and hash totals D. Report distribution procedures
Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password
Which of the following group/individuals should assume overall direction and responsibility for costs and timetables of system development projects? A. User management B. Project steering committee C. Senior management D. Systems development management
Which of the following would be the BEST population to take a sample from when testing program changes? A. Test library listings B. Source program listings C. Program change requests D. Production library listings
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
Cisco Certifications 
