When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?

Questions › Category: CISA › When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?

0 Vote Up Vote Down

Admin Staff asked 5 months ago

When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?

A. Review the changes and determine whether the risks have been addressed.

B. Accept management's assertion and report that the risks have been addressed.

C. Report that the changes make it impractical to determine whether the risks have been addressed.

D. Determine whether the changes have introduced new risks that need to be addressed.








 

Suggested Answer: A





This question is in CISA Certified Information Systems Auditor Exam
For getting Certified Information Systems Auditor (CISA) Certificate










Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA. 
Trademarks, certification & product names are used for reference only and belong to ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.

When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?

Which of the following processes is MOST important to define within a data classification policy?

An IS auditor finds a computer that is suspected to have been involved in a cyber crime. Which of the following activities is MOST critical to ensure data collected is admissible in a court of law?

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?

Which of the following processes is MOST important to define within a data classification policy?

An IS auditor finds a computer that is suspected to have been involved in a cyber crime. Which of the following activities is MOST critical to ensure data collected is admissible in a court of law?

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password