While reviewing a quality management system, the information systems (IS) auditor should PRIMARILY focus on collecting evidence to show that:

continuous improvement targets are being monitored.

quality management systems comply with good practices.

standard operating procedures are updated annually.

key performance indicators are defined.

Which of the following is the BEST approach for an information systems (IS) auditor evaluating IT-related controls as a member of an integrated audit team?

Include in the audit report the impact to the business due to weaknesses found in IT controls.

Perform IT audits independently and submit findings to the audit manager to include in the final report.

Prioritize control testing based on the complexity of the technology implemented by the enterprise.

Discuss the findings with the audit manager and afterwards submit the IT audit report to auditee’s management.

During an internal audit, the information systems (IS) auditor discovers that the organization has not updated its risk assessment in over a year. What is the BEST course of action for the auditor?

Recommend immediate updates to the risk assessment process.

Document the finding and suggest it be addressed in the next audit cycle.

Ignore the finding as it is not a critical issue.

Advise management to conduct a full audit of all risk assessments.

Which of the following is the MOST effective method for ensuring compliance with data protection regulations in an organization?

Implementing a strict access control policy for sensitive data.

Conducting annual audits of data protection practices.

Using encryption for all data stored and transmitted.

Regular training sessions for all employees on data protection policies.

What is the PRIMARY purpose of a business continuity plan (BCP) in an organization?

To minimize the impact of disruptions on business operations.

To provide a framework for IT disaster recovery.

To enhance the organization's reputation with stakeholders.

To ensure compliance with legal and regulatory requirements.

What is the most important step in the process of outsourcing a business function?

Performing the due diligence on the external service provider

An organisation has published a new security policy. What is the best course of action for the organisation to undertake to ensure that all employees will support the policy?

The company should require all employees to sign a statement agreeing to support the policy

The company CEO should send an email to all employees, instructing them to support the policy

The company should provide training on the new security policy

The company should publish the policy on an internal website

What is the purpose of a balanced scorecard?

Measures organisational performance and effectiveness against strategic goals

Measures the efficiency of an IT organisation

Evaluates the performance of individual employees

Benchmark a process in the organisation against peer organisations

During an IT governance audit, you notice that several projects have been aborted and many others have exceeded their budgets. Which document would most likely provide insight into the underlying causes of these project dysfunctions?

IT steering committee meeting agendas and minutes

IT organisation chart and job descriptions

CISA Domain 2

Authored by John Lee

Professional Development

Used 26+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Effective IT governance ensures the IT plan is consistent with the enterprise:

Business plan

Audit plan

Security plan

Investment plan

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Responsibility for the governance of IT should rest with the:

IT strategy committee

Chief information officer

Audit committee

Board of directors

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

When developing a security architecture, which of the following steps should be executed first?

Developing security procedures

Defining a security policy

Specifying an access control methodology

Defining roles and responsibilities

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The primary benefit of an enterprise architecture initiative is to:

Enable the enterprise to invest in the most appropriate technology

Ensure security controls are implemented on critical platforms

Allow development teams to be more responsive to business requirements

Provide business units with greater autonomy to select IT solutions that fit their needs

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An IS auditor is assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine first?

An audit clause is present in all contracts

The service level agreement of each contract is substantiated by appropriate key performance indicators

The contractual warranties of the providers support the business needs of the enterprise

At contract termination, support is guaranteed by each outsourcer for new outsourcers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is the PRIMARY objective of a quality assurance (QA) and improvement program for an audit process?

To ensure that all audit findings are accepted, addressed and resolved on time

To provide a basis for evaluating the effectiveness and efficiency of the audit process

To ensure that auditors are adequately trained, qualified and competent to perform audits

To establish standard procedures for conducting audits, analyzing evidence and reporting findings

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An enterprise adopted a policy of periodic verification of IT assets through control self-assessment (CSA). Which of the following is the BEST approach for an information systems (IS) auditor of the enterprise?

The IS auditor should actively participate in the CSA for asset verification.

The IS auditor should suggest that the enterprise incentivize the CSA exercise.

The IS auditor should review the CSA outcome and look for other internal controls in place.

The IS auditor should recuse from the CSA exercise, citing repetition/redundancy of work.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

19 questions

Heath and Safety In Animal Care

Quiz

•

8th Grade - Professio...

17 questions

Week one electronics

Quiz

•

Professional Development

15 questions

ASPIRE - Recap Quiz

Quiz

•

Professional Development

20 questions

CPR_Quiz_Arrays and strings

Quiz

•

Professional Development

15 questions

NEW PENSION SCHEME

Quiz

•

Professional Development

15 questions

Verilog Fundamentals

Quiz

•

Professional Development

15 questions

Pear Deck

Quiz

•

Professional Development

20 questions

PDEC201 - Concepts of Observation/Assessment in ECCE

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Professional Development

20 questions

Employability Skills

Quiz

•

Professional Development

CISA Domain 2

Effective IT governance ensures the IT plan is consistent with the enterprise:

Responsibility for the governance of IT should rest with the:

When developing a security architecture, which of the following steps should be executed first?

The primary benefit of an enterprise architecture initiative is to:

An IS auditor is assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine first?

Which of the following is the PRIMARY objective of a quality assurance (QA) and improvement program for an audit process?

An enterprise adopted a policy of periodic verification of IT assets through control self-assessment (CSA). Which of the following is the BEST approach for an information systems (IS) auditor of the enterprise?

While reviewing a quality management system, the information systems (IS) auditor should PRIMARILY focus on collecting evidence to show that:

Which of the following is the BEST approach for an information systems (IS) auditor evaluating IT-related controls as a member of an integrated audit team?

An information systems (IS) auditor uses computer-assisted audit techniques (CAATs) to collect and analyze data. Which of the following attributes of evidence is MOST affected by using CAATs?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development