ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 226 discussion

Actual exam question from Isaca's CISA
Question #: 226
Topic #: 1
[All CISA Questions]

An employee approaches an IS auditor and expresses concern about a critical security issue in a newly installed application. Which of the following would be the
MOST appropriate action for the auditor to take?

  • A. Discuss the concern with audit management
  • B. Recommend reverting to the previous application.
  • C. Immediately conduct a review of the application.
  • D. Discuss the concern with additional end users.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by botherder88 at Feb. 14, 2023, 8:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
oldmagic
Highly Voted 2 years, 1 month ago
Selected Answer: A
Correct answer should be A. You can not "start a review" immediately based one users feedback.
upvoted 7 times
ChaBum
1 year, 5 months ago
The word "immediately" is pretty strong, but there is nothing forbidding to conduct a review of the application. Having say that, my review would probably start by gathering feedback from other end-users. I love the way ISACA phrase their questions ...
upvoted 3 times
...
...
Swallows
Most Recent 1 year ago
Selected Answer: A
A conversation with your audit manager can help you clarify next steps to determine appropriate investigations and responses, and assess the severity of the issue. This approach is also important for formally recording the issue and engaging with other parties as needed.
upvoted 3 times
...
46080f2
1 year, 2 months ago
Selected Answer: A
When an individual user approaches an auditor, their response should always be coordinated with their audit management. Therefore A. It happens again and again that individual users try to instrumentalize auditors for their own interests. For example, if a user would have preferred a different solution and feels ignored and now wants to take revenge for their choice. As a result of the coordination with the audit management, option B., C. or D. may well emerge as a follow-up action.
upvoted 2 times
...
Baggio13
1 year, 9 months ago
Instead of making a decision based on a complaint from one user, it is better to verify if other users are also experiencing the same issue. D makes sense
upvoted 2 times
...
saado9
2 years, 5 months ago
C. Immediately conduct a review of the application.
upvoted 1 times
...
botherder88
2 years, 5 months ago
Why it isn't C? is it because the auditor might have other commitments? Wouldn't checking with more end users make more people to be aware of the security risk which may be exploited by any disgruntled employee?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel