ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 237 discussion

Actual exam question from Isaca's CISA
Question #: 237
Topic #: 1
[All CISA Questions]

To develop meaningful recommendations for findings, which of the following is MOST important for an IS auditor to determine and understand?

  • A. Criteria
  • B. Responsible party
  • C. Impact
  • D. Root cause
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by mmk_mmk at June 1, 2020, 6:42 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hussmohsin
Highly Voted 3 years, 10 months ago
Recommendations are based on impact analysis. Root cause is used for incident management. I think the answer is correct
upvoted 7 times
9akshay
3 years, 7 months ago
Agree with C. For instance auditor finds one of the process is non - compliant with organizational policy, he will recommend based on Impact analysis and not on Root cause.
upvoted 4 times
...
...
KyuSsica
Highly Voted 3 years, 2 months ago
D, root cause. Recommendation should prevent recurrence of the issue.
upvoted 6 times
...
a84n
Most Recent 8 months, 2 weeks ago
Selected Answer: D
Answer: D Root cause analysis enables auditors to address the underlying issues that contribute to findings, leading to more effective and sustainable improvements in the organization's processes or controls.
upvoted 1 times
...
Swallows
9 months ago
Selected Answer: D
It is recommended that the plan be an improvement plan for the root causes of the identified issues.
upvoted 1 times
...
3008
1 year, 6 months ago
MOST important factor for an IS auditor to determine and understand to develop meaningful recommendations for findings is the "criteria" or the standard or benchmark that serves as the basis for the audit. The criteria will provide a reference point for determining whether a finding is significant and requires remediation. Criteria may include industry standards, regulatory requirements, best practices, or company policies and procedures.
upvoted 1 times
Joloms
1 year, 6 months ago
You are a practical Auditor. Criteria is the answer
upvoted 1 times
...
...
Txlara
4 years, 2 months ago
I agree D is a better answer. One would need to understand the root cause first in order to determine the impact.
upvoted 4 times
...
AKS2
4 years, 2 months ago
it should be D.
upvoted 2 times
...
hamrori
4 years, 3 months ago
I think it's D too. "Root cause analysis is the process of diagnosis to establish the origins of events (root causes). Once identified, the root causes can then be used to develop needed controls to accurately address these root causes that lead to system failures and deficiencies. Furthermore, root cause analysis also enables an organization to learn from consequences, typically from errors and problems, in the effort to not repeat undesired actions or results"
upvoted 4 times
...
_user1
4 years, 5 months ago
i think d
upvoted 3 times
Hhssuyy
3 years, 11 months ago
Yes answer is D.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel