Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 54

  1. A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon. The MOST effective plan of action would be to:

    • use analytical tools to produce exception reports from the system and performance monitoring software
    • re-install the system and performance monitoring software
    • evaluate replacement systems and performance monitoring software
    • restrict functionality of system monitoring software to security-related events
  2. The PRIMARY objective of conducting a post-implementation review is to:

    • determine if project management methodology was applied consistently
    • verify that the information system meets the intended objectives
    • determine if testing documentation was sufficient
    • allow employees to provide feedback on the information system
  3. The MOST significant reason for using key performance indicators (KPIs) to track the progress of IT projects against initial targets is that they:

    • influence management decisions to outsource IT projects
    • identify which projects may require additional funding
    • provide timely indication of when corrective actions need to be taken
    • identify instances where increased stakeholder engagement is required
  4. An organization has implemented an automated match between purchase orders, goods receipts, and invoices. Which of the following risks will this control BEST mitigate?

    • Customer discounts not being applied
    • A legitimate transaction being paid multiple times
    • Invalid payments being processed by the systemឮ
    • Delay of purchase orders
  5. When implementing an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?

    • Test cases
    • Rollback strategy
    • Business case
    • Post-implementation review objectives
  6. A multinational organization is integrating its existing payroll system with a human resource information system. Which of the following should be of GREATEST concern to the IS auditor?

    • System documentation
    • Currency conversion
    • Application interfaces
    • Scope creep
  7. An online retailer is receiving customer about receiving different items from what they ordered on the organization’s website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur. Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?

    • Implement business rules to validate employee data entry.
    • Invest in additional employee training for data entry.
    • Assign responsibility for improving data quality.
    • Outsource data cleansing activities to reliable third parties.
  8. When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case?

    • Project plan
    • Requirements analysis
    • Implementation plan
    • Project budget provisions
  9. What would be an IS auditor’s BEST recommendation upon finding that a third-party IT service provider hosts the organization’s human resources (HR) system in a foreign country?

    • Conduct a privacy impact analysis.
    • Implement change management review.
    • Review third-party audit reports.
    • Perform background verification checks.
  10. The success of an IT projects is measured PRIMARILY by the:

    • translation of business vision to function vision
    • implementation of current technology
    • benefit that the business derives from the outcome
    • efficient use of resources
  11. Which of the following are the PRIMARY considerations when determining the timing of remediation testing?

    • The level of management and business commitment to implementing agreed action plans
    • The difficulty of scheduling resources and availability of management for a follow-up engagement
    • The availability and competencies of control owners for implementing the agreed action
    • The significance of the reported findings and the impact if corrective actions are not taken
  12. Code changes are compiled and placed in a change folder by the developer. An implementation team migrates changes to production from the change folder. Which of the following BEST indicates separation of duties is in place during the migration process?

    • A second individual performs code review before the change is released to production.
    • The developer approves changes prior to moving them to the change folder.
    • The implementation team does not have experience writing code.
    • The implementation team does not have access to change the source code.
  13. Which of the following is a prerequisite to help ensure that IS hardware and software support the delivery of mission-critical functions?

    • Control over IS infrastructure expenditure
    • An independent audit of the process
    • A comprehensive IS applications architecture
    • Documented emergency change procedures
  14. Which of the following is the BEST way to control the concurrent use of licensed software?

    • User self-discipline.
    • Monitor by system administrator.
    • Surprise audit conducted by vendors.
    • Metering software
  15. When determining the specifications for a server supporting an online application using more than a hundred endpoints, which of the following is the MOST important factor to be considered?

    • High availability of different systems
    • Cost-benefit comparison between the available systems
    • Reputation of the vendors and their customer base
    • Transaction volume estimate during peak periods
  16. Following an unauthorized disclosure of data, an organization needs to implement data loss prevention (DLP) measures. The IS auditor’s BEST recommendation should be to:

    • install DLP software on corporate servers to prevent recurrence.
    • monitor and block outgoing emails based on common DLP criteria.
    • restrict removable media access on all computer systems.
    • establish a risk and control framework.
  17. Which of the following is the BEST time for an IS auditor to perform a post-implementation review?

    • When the system has stabilized.
    • After the completion of user testing.
    • Before decommissioning the legacy system.
    • Immediately after the new system goes into production.
  18. Which of the following is the MOST effective mechanism for ensuring that critical IT operational problems are reported to executive management in a timely manner?

    • Regular meetings
    • Escalation procedures
    • Service level monitoring
    • Periodic status reports
  19. What is the PRIMARY advantage of prototyping as part of systems development?

    • Maximizes user satisfaction
    • Eliminates the need for internal controls
    • Increases accuracy in reporting
    • Reduces the need for compliance testing
  20. Which of the following is MOST important to consider when creating audit follow-up procedures?

    • Whether the organization has sufficient funds to address the issue
    • Whether management has determined if risk is within the organization’s risk appetite
    • Whether follow-up procedures would determine if identified risks have been mitigated
    • Whether the auditee has allotted sufficient time for the follow-up