During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action?

Questions › Category: CISA › During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action?

0 Vote Up Vote Down

Admin Staff asked 5 months ago

During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action?

A. Add testing of third-party access controls to the scope of the audit.

B. Plan to test these controls in another audit.

C. Determine whether the risk has been identified in the planning documents.

D. Escalate the deficiency to audit management.








 

Suggested Answer: C

Community Answer: C



This question is in CISA Certified Information Systems Auditor Exam
For getting Certified Information Systems Auditor (CISA) Certificate










Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA. 
Trademarks, certification & product names are used for reference only and belong to ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.

During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action?

During an IT operations audit, multiple unencrypted backup tapes containing sensitive credit card information cannot be found. Which of the following presents the GREATEST risk to the organization?

Due to a high volume of customer orders, an organization plans to implement a new application for customers to use for online ordering. Which type of testing is MOST important to ensure the security of the application prior to go-live?

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action?

During an IT operations audit, multiple unencrypted backup tapes containing sensitive credit card information cannot be found. Which of the following presents the GREATEST risk to the organization?

Due to a high volume of customer orders, an organization plans to implement a new application for customers to use for online ordering. Which type of testing is MOST important to ensure the security of the application prior to go-live?

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password