Corrective action has been taken by an auditee immediately
after the identification of a reportable finding. The
auditor should:
A. include the finding in the final report because the IS
auditor is responsible for an accurate report of all findings.
B. not include the finding in the final report because the
audit report should include only unresolved findings.
C. not include the finding in the final report because
corrective action can be verified by the IS auditor during
the audit.
D. include the finding in the closing meeting for discussion
purposes only.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Including the finding in the final report is a generally
accepted audit practice. If an action is taken after the
audit started and before it ended, the audit report should
identify the finding and describe the corrective action
taken. An audit report should reflect the situation, as it
existed at the start of the audit. All corrective actions
taken by the auditee should be reported in writing.
Is This Answer Correct ? | 5 Yes | 0 No |
Answer / guest
A. include the finding in the final report because the IS
auditor is responsible for an accurate report of all
findings.
Is This Answer Correct ? | 4 Yes | 1 No |
A control log basic to a real-time application system is a(n): A. audit log. B. console log. C. terminal log. D. transaction log.
An IS auditor is reviewing a project that is using an agile software development approach. Which of the following should the IS auditor expect to find? A. Use of a capability maturity model (CMM) B. Regular monitoring of task-level progress against schedule C. Extensive use of software development tools to maximize team productivity D. Postiteration reviews that identify lessons learned for future use in the project
Which of the following Internet security threats could compromise integrity? A. Theft of data from the client B. Exposure of network configuration information C. A trojan horse browser D. Eavesdropping on the net
Capacity monitoring software is used to ensure: A. maximum use of available capacity. B. that future acquisitions meet user needs. C. concurrent use by a large number of users. D. continuity of efficient operations.
Which of the following would be the BEST population to take a sample from when testing program changes? A. Test library listings B. Source program listings C. Program change requests D. Production library listings
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.
Which of the following is a substantive test?
As a business process reengineering (BPR) project takes hold it is expected that: A. business priorities will remain stable. B. information technologies will not change. C. the process will improve product, service and profitability. D. input from clients and customers will no longer be necessary.
The role of IT auditor in complying with the Management Assessment of Internal Controls (Section 404 of the Sarbanes-Oxley Act) is: A. planning internal controls B. documenting internal controls C. designing internal controls D. implementing internal controls
When reviewing a business process reengineering (BPR) project, which of the following is the MOST important for an IS auditor to evaluate? A. The impact of removed controls. B. The cost of new controls. C. The BPR project plans. D. The continuous improvement and monitoring plans.