Cisa review questions answers & explanations database năm 2024
|
A2-2 An IS auditor is verifying IT policies and finds that some of the policies have not been approved bymanagement (as required by policy), but the employees strictly follow the policies. What should the ISauditor do FIRST?A.Ignore the absence of management approval because employees follow the policies.B.Recommend immediate management approval of the policies.C.Emphasize the importance of approval to management. D. Report the absence of documentedapproval. Show D is the correct answer.Justification: A.Absence of management approval is an important (material) finding and, although it is not currentlyan issue with relation to compliance because the employees are following the policy without approval,it may be a problem at a later time and should be resolved.B.Although the IS auditor would likely recommend that the policies should be approved as soon as possible and may also remind management of the critical nature of this issue, the first step is to reportthis issue to the relevant stakeholders.C.The first step is to report the finding and provide recommendations later.D. The IS auditor must report the finding. Unapproved policies may present a potential risk tothe organization, even if they are being followed, because this technicality may preventmanagement from enforcing the policies in some cases and may present legal issues. For example, if an employee was terminated as a result of violating an organization policy, and it CISA Review Questions, Answers & Explanations Manual 12 th Edition 73 ISACA. All Rights Reserved. DOMAIN 2-GOVERNANCE AND MANAGEMENT OF IT Information was discovered that the policies had not been approved, the organization may face anexpensive lawsuit. Al-3 What is the PRIMARY consideration for an IS auditor reviewing the prioritization and coordination of IT projects and program management?A.Projects are aligned with the organization's strategy.B.Identified project risk is monitored and mitigated.C.Controls related to project planning and budgeting are appropriate.D.IT project metrics are reported accurately. A is the correct answer.Justification: A. The primary goal of IT projects is to add value to the business, so they must be aligned withthe business strategy to achieve the intended results. Therefore, the IS auditor should firstfocus on ensuring this alignment. B.An adequate process for monitoring and mitigating identified project risk is important; however,strategic alignment helps in assessing identified risk in business terms.C.Completion of projects within a predefined time and budget is important; however, the focus of projectmanagement should be on achieving the desired outcome of the project, which is aligned with the business strategy.D.Adequate reporting of project status is important but may or may not help in providing the strategic perspective of project deliverables.In a review of the human resources policies and procedures within an organization, an IS auditor is MOST concerned How many questions do I need to get right to pass the CISA?Interpreting Converted Scores The Information Systems Auditor (CISA) exam consists of 150 questions, each contributing to your raw score. This score is then scaled between 200-800, with 450 being the pass mark. Is CISA a difficult exam?Given that fact, the CISA exam is also difficult with only 50% of test takers making the cut. This number is even lower for first time test takers. How do I pass CISA in first attempt?How To Prepare For The CISA Exam. Make Use Of The Official Course Book.. Take Practice Tests And Exams To Prepare.. Read The ISACA Exam Candidate Information Guide.. Make a Plan for Studying.. Join CISA Community.. What is the passing guarantee for CISA?CISA passing score is 450 on a scale of 200-800. CertWizard gives you a 100% pass guarantee. We will help you do your online proctored exam, and we are owners of several ISACA authorized testing centers worldwide. |
