Interested to Buy Any Domain ? << Click Here >> for more details...
An internal audit department, that organizationally reports
exclusively to the chief financial officer (CFO) rather than
to an audit committee, is MOST likely to:
A. have its audit independence questioned.
B. report more business-oriented and relevant findings.
C. enhance the implementation of the auditor's recommendations.
D. result in more effective action being taken on the
recommendations.
- 2 Answers
- 8323 Views
- ABC, CISA, I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
According to a recent ISACA benchmarking survey most
internal audit departments report directly to an audit
committee. However, many organizations also choose to have
the internal audit department either jointly or solely
report to the chief financial officer (CFO). In this same
survey, the IS audit function almost exclusively reports
directly to the director of internal audit. The IS auditor
who reports to the head of an operational department would
have the appearance of a compromised independence.
Generally, an IS auditor should report one level above the
reporting level of the auditee. Reporting to the CFO may not
have an impact on the content of audit findings, which
should normally be business-oriented and relevant as an
auditor is expected to understand the business being
audited. Taking effective action on an audit's
recommendations should be the responsibility of senior
management and will not be enhanced by the fact that the
audit department reports to the CFO. Follow-up of the
implementation of audit recommendations is conducted by the
auditor and/or by the administration department and would
not be enhanced by reporting to the CFO.
| Is This Answer Correct ? | 10 Yes | 1 No |
Answer / guest
D. result in more effective action being taken on the
recommendations.
| Is This Answer Correct ? | 2 Yes | 6 No |
If a database is restored using before-image dumps, where should the process be restarted following an interruption? A. Before the last transaction B. After the last transaction C. The first transaction after the latest checkpoint D. The last transaction before the latest checkpoint
Electromagnetic emissions from a terminal represent an exposure because they: A. affect noise pollution. B. disrupt processor functions. C. produce dangerous levels of electric current. D. can be detected and displayed.
Which of the following has the LEAST effect on controlling physical access? A. Access to the work area is restricted through a swipe card. B. All physical assets have an identification tag and are properly recorded. C. Access to the premises is restricted and all visitors authorized for entry. D. Visitors are issued a pass and escorted in and out by a concerned employee.
Which of the following BEST describes the early stages of an IS audit? A. Observing key organizational facilities. B. Assessing the IS environment. C. Understanding business process and environment applicable to the review. D. Reviewing prior IS audit reports.
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
Detection risk refers to: A. concluding that material errors do not exist, when in fact they do. B. controls that fail to detect an error. C. controls that detect high-risk errors. D. detecting an error but failing to report it.
Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it: A. has been approved by line management. B. does not vary from the IS department's preliminary budget. C. complies with procurement procedures. D. supports the business objectives of the organization.
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a: A. preparedness test. B. module test. C. full test. D. walk-through test.
Which of the following provides the GREATEST assurance of message authenticity? A. The pre-hash code is derived mathematically from the message being sent. B. The pre-hash code is encrypted using the sender's private key. C. Encryption of the pre-hash code and the message using the secret key. D. Sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority.
Which of the following alternative business recovery strategies would be LEAST appropriate for an organization with a large database and online communications network environment? A. Hot site B. Cold site C. Reciprocal agreement D. Dual information processing facilities
Which of the following provides nonrepudiation services for e-commerce transactions? A. Public key infrastructure (PKI) B. Data encryption standard (DES) C. Message authentication code (MAC) D. Personal identification number (PIN)
Cisco Certifications 
