During an internal audit of automated controls, an IS auditor identifies that the integrity of data transfer between systems has not been tested since successful implementation two years ago. Which of the following should the auditor do NEXT?
A.
Review previous system interface testing records.
The first thing you need to do is review the policies and procedures because this may not even be a finding. If testing isn't required within that timeframe then nothing needs to be done.
The first thing you need to do is review the policies and procedures because this may not even be a finding. If testing isn't required within that timeframe then nothing needs to be done.
C. Review relevant system changes is the best next step because it helps the auditor determine whether any modifications have occurred in the systems or interfaces that could affect data integrity. If no changes have occurred since implementation, the risk may be lower. If changes have been made, the lack of re-testing becomes a more serious control gap.
Comparisons:
A. Review previous system interface testing records – Useful to establish a baseline, but not sufficient on its own. You still need to assess what has changed since that time.
B. Document the finding in the audit report – This may be appropriate eventually, but the auditor needs to gather more context (such as system changes) before determining the risk and significance of the finding.
D. Review IT testing policies and procedures – Helps understand expected practices, but it doesn’t assess the actual risk posed by the current situation.
C is completely WRONG. As an IS auditor, you’d want to check their policies and procedures to see what they have documented as a standard review timeframe.
The next step the IS auditor should take in this scenario is to review previous system interface testing records. This will provide the auditor with information about how the system interfaces were tested during the implementation two years ago and whether any issues were identified at that time. It will also help the auditor determine if any changes have been made to the system interfaces since the previous testing.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
murphseal
Highly Voted 2 years, 3 months agomurphseal
Highly Voted 2 years, 3 months agoGreens
Most Recent 1 week, 1 day agoteamt
3 months, 3 weeks agoa84n
8 months ago5b56aae
8 months, 1 week agoSwallows
8 months, 3 weeks agoIjahbee
9 months, 1 week agoYejide03
11 months agoI_finite
1 year, 3 months agostarzuu
1 year, 5 months agonecoll007
1 year, 5 months ago3008
1 year, 6 months ago007Georgeo
1 year, 7 months agoDelta67
1 year, 9 months agoBroesweelies
1 year, 10 months agosaado9
1 year, 9 months agoZephaniah
2 years, 3 months ago