Answers to Assessment Test

1. D. The risk analysis does not ensure absolute safety. The purpose of using a risk-based audit strategy is to ensure that the audit adds value with meaningful information. For more information, see Chapter 3.

2. A. Authorization should be separate from all other activities. A second person should review changes before implementation. Authorization will be granted if the change is warranted and the level of risk is acceptable. For more information, see Chapter 3.

3. B. The purpose of the audit committee is to review and challenge assurances made and to maintain a positive working relationship with management and the auditors. For more information, see Chapters 2 and 3.

4. B. The first person on the scene is the incident ...

Get CISA® Certified Information Systems Auditor®: Study Guide, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.