CISA Chapter 3: IT Audit Process Questions and Answers, Exams of Nursing

A series of questions related to chapter 3 of the cisa (certified information systems auditor) exam, focusing on the audit process. It covers key areas such as the it assurance framework, change control processes, security controls, risk assessment, service provider audits, project management in auditing, sampling methods, evidence collection, and audit reporting. Each question is followed by a detailed explanation of the correct answer, providing valuable insights for exam preparation and understanding of it audit principles. This material is designed to help students and professionals enhance their knowledge and skills in information systems auditing, ensuring they are well-prepared for the cisa certification and real-world audit scenarios. The questions cover a range of topics, including isaca audit standards, audit planning, and the application of computer-assisted audit techniques (caats).

Typology: Exams

2024/2025

Available from 07/26/2025

nurse1stuvate
nurse1stuvate 🇺🇸

944 documents

1 / 28

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CISA - Chapter 3 Questions (The Audit
Process) Latest update 2023-2024
1. GGThe GGIT GGAssurance GGFramework GGconsists GGof GGall GGof GGthe GGfollowing GGexcept:
GGA. GGISACA GGCode GGof GGProfessional GGEthics
GGB. GGIS GGaudit GGand GGassurance GGstandards
GGC. GGISACA GGAudit GGJob GGPractice
IS GGaudit GGand GGassurance GGguidelines GG- GGC. GGThe GGIT GG Assurance GGFramework GGis
GGan GGISACA GGpublication GGthat GGincludes GGthe GGISACA GGCode GGof GGProfessional
GGEthics, GGIS GGaudit GGand GGassurance GGstandards, GGIS GGaudit GGand GGassurance
GGguidelines, GGand GGIS GGaudit GGand GGassurance GGtools GGand GGtechniques. GGIt GGdoes
GGnot GGcontain GGthe GGISACA GGAudit GGJob GGPractice.
2. GGAn GGauditor GGis GGexamining GGan GGIT GGorganization's GGchange GGcontrol GGprocess.
GGThe GGauditor GGhas GGdetermined GGthat GGchange GGadvisory GGboard GG(CAB) GGmeetings
GGtake GGplace GGon GGTuesdays GGand GGFridays, GGwhere GGplanned GGchanges GGare
GGdiscussed GGand GGapproved. GGThe GGCAB GGdoes GGnot GGdiscuss GGemergency GGchanges
GGthat GGare GGnot GGapproved GGin GGadvance. GGWhat GGopinion GGshould GGthe GGauditor
GGreach GGconcerning GGemergency GGchanges?
GGA. GGThe GGCAB GGshould GGnot GGbe GGdiscussing GGchanges GGmade GGin GGthe GGpast.
GGB. GGThe GGCAB GGshould GGbe GGdiscussing GGrecent GGemergency GGchanges.
GGC. GGPersonnel GGshould GGnot GGbe GGmaking GGemergency GGchanges GGwithout GGCAB
GGpermission.
Change GGcontrol GGis GGconcerned GGonly GGwith GGplanned GG changes, GGnot GGemergency
GGchanges. GG- GGB. GGThe GGCAB GGshould GGbe GGdiscussing GGemergency GGchanges GGthat
GGwere GGmade GGsince GGthe GGlast GGCAB GGmeeting. GGWhile GGthe GGchanges GGwere
GGalready GGmade, GGthey GGshould GGgo GGthrough GGa GGsimilar GGapproval GGprocess GGto
GGensure GGthat GGall GGstakeholders GGare GGaware GGof GGthe GGchanges GGand GGthat GGthey
GGagree GGthat GGthe GGchanges GGmade GGwere GGappropriate.
3. GGA GGconspicuous GGvideo GGsurveillance GG system GGwould GGbe GGcharacterized GGas
GGwhat GGtype(s) GGof GGcontrol?
GGA. GGDetective GGand GGdeterrent
GGB. GGDetective GGonly
GGC. GGDeterrent GGonly
Preventive GGand GGdeterrent GG- GGA. GGA GGvideo GGsurveillance GGsystem GGis GGconsidered
GGa GGdetective GGcontrol GGbecause GGit GGonly GGrecords GGevents GGwithout GGactually
GGpreventing GGevents GGsuch GGas GGcontrols GGlike GGlocked GGdoors GGand GGother GGbarriers.
GGA GGvideo GGsurveillance GGsystem, GGwhen GGits GGcomponents GGare GGconspicuous, GGis
GGalso GGconsidered GGa GGdeterrent GGcontrol, GGbecause GGits GGobvious GGpresence GGserves
GGas GGa GGvisible GGdeterrent GGto GGpersons GGwho GGmay GGbe GGconsidering GGan GGintrusion
GGinto GGa GGbuilding.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c

Partial preview of the text

Download CISA Chapter 3: IT Audit Process Questions and Answers and more Exams Nursing in PDF only on Docsity!

CISA - Chapter 3 Questions (The Audit

Process) Latest update 2023- 2024

  1. GGThe GGIT GGAssurance GGFramework GGconsists GGof GGall GGof GGthe GGfollowing GGexcept: GGA. GGISACA GGCode GGof GGProfessional GGEthics GGB. GGIS GGaudit GGand GGassurance GGstandards GGC. GGISACA GGAudit GGJob GGPractice IS GGaudit GGand GGassurance GGguidelines GG- GGC. GGThe GGIT GGAssurance GGFramework GGis GGan GGISACA GGpublication GGthat GGincludes GGthe GGISACA GGCode GGof GGProfessional GGEthics, GGIS GGaudit GGand GGassurance GGstandards, GGIS GGaudit GGand GGassurance GGguidelines, GGand GGIS GGaudit GGand GGassurance GGtools GGand GGtechniques. GGIt GGdoes GGnot GGcontain GGthe GGISACA GGAudit GGJob GGPractice.
  2. GGAn GGauditor GGis GGexamining GGan GGIT GGorganization's GGchange GGcontrol GGprocess. GGThe GGauditor GGhas GGdetermined GGthat GGchange GGadvisory GGboard GG(CAB) GGmeetings GGtake GGplace GGon GGTuesdays GGand GGFridays, GGwhere GGplanned GGchanges GGare GGdiscussed GGand GGapproved. GGThe GGCAB GGdoes GGnot GGdiscuss GGemergency GGchanges GGthat GGare GGnot GGapproved GGin GGadvance. GGWhat GGopinion GGshould GGthe GGauditor GGreach GGconcerning GGemergency GGchanges? GGA. GGThe GGCAB GGshould GGnot GGbe GGdiscussing GGchanges GGmade GGin GGthe GGpast. GGB. GGThe GGCAB GGshould GGbe GGdiscussing GGrecent GGemergency GGchanges. GGC. GGPersonnel GGshould GGnot GGbe GGmaking GGemergency GGchanges GGwithout GGCAB GGpermission. Change GGcontrol GGis GGconcerned GGonly GGwith GGplanned GGchanges, GGnot GGemergency GGchanges. GG- GGB. GGThe GGCAB GGshould GGbe GGdiscussing GGemergency GGchanges GGthat GGwere GGmade GGsince GGthe GGlast GGCAB GGmeeting. GGWhile GGthe GGchanges GGwere GGalready GGmade, GGthey GGshould GGgo GGthrough GGa GGsimilar GGapproval GGprocess GGto GGensure GGthat GGall GGstakeholders GGare GGaware GGof GGthe GGchanges GGand GGthat GGthey GGagree GGthat GGthe GGchanges GGmade GGwere GGappropriate.
  3. GGA GGconspicuous GGvideo GGsurveillance GGsystem GGwould GGbe GGcharacterized GGas GGwhat GGtype(s) GGof GGcontrol? GGA. GGDetective GGand GGdeterrent GGB. GGDetective GGonly GGC. GGDeterrent GGonly Preventive GGand GGdeterrent GG- GGA. GGA GGvideo GGsurveillance GGsystem GGis GGconsidered GGa GGdetective GGcontrol GGbecause GGit GGonly GGrecords GGevents GGwithout GGactually GGpreventing GGevents GGsuch GGas GGcontrols GGlike GGlocked GGdoors GGand GGother GGbarriers. GGA GGvideo GGsurveillance GGsystem, GGwhen GGits GGcomponents GGare GGconspicuous, GGis GGalso GGconsidered GGa GGdeterrent GGcontrol, GGbecause GGits GGobvious GGpresence GGserves GGas GGa GGvisible GGdeterrent GGto GGpersons GGwho GGmay GGbe GGconsidering GGan GGintrusion GGinto GGa GGbuilding.
  1. GGMichael GGis GGdeveloping GGan GGaudit GGplan GGfor GGan GGorganization's GGdata GGcenter GGoperations. GGWhich GGof GGthe GGfollowing GGwill GGhelp GGMichael GGdetermine GGwhich GGcontrols GGrequire GGpotentially GGmore GGscrutiny GGthan GGothers? GGA. GGSecurity GGincident GGlog GGB. GGLast GGyear's GGdata GGcenter GGaudit GGresults GGC. GGRisk GGassessment GGof GGthe GGdata GGcenter Data GGcenter GGperformance GGmetrics GG- GGC. GGA GGrisk GGassessment GGis GGthe GGprimary GGmeans GGfor GGdetermining GGwhich GGcontrols GGmay GGrepresent GGgreater GGrisk GGto GGthe GGorganization.
  2. GGAn GGorganization GGprocesses GGpayroll GGand GGexpense GGreports GGin GGan GGSaaS- based GGenvironment GGto GGthousands GGof GGcorporate GGcustomers. GGThose GGcustomers GGwant GGassurance GGthat GGthe GGorganization's GGprocesses GGare GGeffective. GGWhat GGkind GGof GGan GGaudit GGshould GGthe GGorganization GGundertake? GGA. GGCompliance GGaudit GGB. GGOperational GGaudit GGC. GGService GGprovider GGaudit IS GGaudit GG- GGC. GGA GGservice GGprovider GGaudit, GGsuch GGas GGan GGSSAE18, GGSOC2, GGISO GG 27001 GGcertification, GGor GGAUP GGaudit, GGis GGdesigned GGfor GGservice GGproviders GGthat GGwant GGto GGprovide GGobjective GGassurance GGof GGthe GGintegrity GGof GGtheir GGcontrol GGenvironment.
  3. GGAn GGaudit GGproject GGhas GGbeen GGtaking GGfar GGtoo GGlong, GGand GGmanagement GGis GGbeginning GGto GGask GGquestions GGabout GGits GGschedule GGand GGcompletion. GGThis GGaudit GGmay GGbe GGlacking: GGA. GGEffective GGproject GGmanagement GGB. GGCooperation GGfrom GGindividual GGauditees GGC. GGEnough GGskilled GGauditors Clearly GGstated GGscope GGand GGobjectives GG- GGA. GGWhile GGany GGof GGthese GGanswers GGis GGplausible, GGthe GGfirst GGthing GGthat GGshould GGbe GGexamined GGis GGwhether GGthe GGaudit GGis GGbeing GGeffectively GGproject GGmanaged, GGso GGthat GGall GGparties GGunderstand GGthe GGaudit's GGobjectives, GGschedule, GGresources GGrequired, GGand GGregular GGstatus GGreporting.
  4. GGAn GGauditor GGis GGauditing GGthe GGuser GGaccount GGrequest GGand GGfulfillment GGprocess. GGThe GGevent GGpopulation GGconsists GGof GGhundreds GGof GGtransactions, GGso GGthe GGauditor GGcannot GGview GGthem GGall. GGThe GGauditor GGwants GGto GGview GGa GGrandom GGselection GGof GGtransactions. GGThis GGtype GGof GGsampling GGis GGknown GGas: GGA. GGJudgmental GGsampling GGB. GGRandom GGsampling GGC. GGStratified GGsampling Statistical GGsampling GG- GGD. GGIn GGan GGaudit GGwhere GGan GGauditor GGneeds GGto GGselect GGa GGportion GGof GGevents GGto GGtest, GGstatistical GGsampling GGis GGthe GGbest GGapproach.

GGISACA GGAudit GGStandards GGis GGa GGcondition GGfor GGearning GGand GGretaining GGthe GGCISA GGcertification. B GGis GGincorrect GGbecause GGISACA GGAudit GGStandards GGare GGnot GGoptional GGfor GGCISA GGcertification GGholders. C GGis GGincorrect GGbecause GGISACA GGAudit GGGuidelines GGare GGnot GGmandatory, GGbut GGinstead GGserve GGas GGhelpful GGguidelines GGfor GGthe GGimplementation GGof GGISACA GGAudit GGStandards. D GGis GGincorrect GGbecause GGISACA GGAudit GGStandards GGare GGmandatory GGfor GGall GGaudits. GGThat GGsaid, GGoften GGthere GGare GGadditional GGaudit GGstandards GGfor GGspecific GGtypes GGof GGaudits, GGsuch GGas GGSarbanes-Oxley GG(SOX), GGPCI-DSS, GGSSAE18, GGand GGothers.

  1. GGAn GGauditor GGis GGauditing GGan GGorganization's GGidentity GGand GGaccess GGmanagement GGprogram. GGThe GGauditor GGhas GGfound GGthat GGautomated GGworkflows GGare GGused GGto GGreceive GGand GGtrack GGaccess GGrequests GGand GGapprovals. GGHowever, GGthe GGauditor GGhas GGidentified GGa GGnumber GGof GGexceptions GGwhere GGsubjects GGwere GGgranted GGaccess GGwithout GGthe GGnecessary GGrequests GGand GGapprovals. GGWhat GGremedy GGshould GGthe GGauditor GGrecommend? GGA. GGMonthly GGreview GGof GGaccess GGapprovers GGB. GGAnnual GGreview GGof GGaccess GGapprovers GGC. GGAnnual GGuser GGaccess GGreviews Monthly GGuser GGaccess GGreviews GG- GGAnswer: D D. GGThe GGproblem GGwith GGthe GGexisting GGbusiness GGprocess GGcan GGbe GGpartly GGremedied GGby GGa GGfrequent GGuser GGaccess GGreview, GGwhich GGwill GGpartly GGcompensate GGfor GGthe GGcontrol GGfailures. GGHowever, GGthe GGorganization GGshould GGseek GGto GGidentify GGand GGcorrect GGthe GGroot GGcause(s) GGof GGthe GGcontrol GGfailures GGso GGthat GGthere GGare GGfewer GGexceptions GGidentified GGin GGthe GGmonthly GGuser GGaccess GGreviews GGas GGwell GGas GGin GGsubsequent GGaudits. A GGis GGincorrect GGbecause GGthe GGproblem GGwith GGthis GGprocess GGis GGnot GGwhether GGthe GGright GGapprovers GGare GGinvolved, GGbut GGthat GGuser GGaccesses GGare GGbeing GGgranted GGthrough GGbypassing GGthe GGrequest GGprocess GGaltogether. B GGis GGincorrect GGbecause GGthe GGproblem GGwith GGthis GGprocess GGis GGnot GGwhether GGthe GGright GGapprovers GGare GGinvolved, GGbut GGthat GGuser GGaccesses GGare GGbeing GGgranted GGthrough GGbypassing GGthe GGrequest GGprocess GGaltogether. C GGis GGincorrect GGbecause GGan GGannual GGuser GGaccess GGreview GGis GGtoo GGinfrequent GGfor GGthis GGsituation.
  2. GGWhy GGare GGpreventive GGcontrols GGpreferred GGover GGdetective GGcontrols? GGA. GGPreventive GGcontrols GGare GGeasier GGto GGjustify GGand GGimplement GGthan GGdetective GGcontrols. GGB. GGPreventive GGcontrols GGare GGless GGexpensive GGto GGimplement GGthan GGdetective GGcontrols. GGC. GGPreventive GGcontrols GGstop GGunwanted GGevents GGfrom GGoccurring, GGwhile GGdetective GGcontrols GGonly GGrecord GGthem.

Detective GGcontrols GGstop GGunwanted GGevents GGfrom GGoccurring, GGwhile GGpreventive GGcontrols GGonly GGrecord GGthem. GG- GGAnswer: C C. GGThe GGbest GGand GGfirst GGapproach GGto GGunwanted GGevents GGis GGprevention. GGWhere GGprevention GGis GGdifficult GGor GGexpensive, GGdetection GGis GGthe GGnext GGbest GGapproach. A GGis GGincorrect GGbecause GGpreventive GGcontrols GGare GGnot GGnecessarily GGeasier GGto GGjustify GGor GGimplement. B GGis GGincorrect GGbecause GGpreventive GGcontrols GGare GGnot GGnecessarily GGless GGexpensive GGto GGimplement. D GGis GGincorrect GGbecause GGdetective GGcontrols GGdo GGnot GGprevent GGevents.

  1. GGFor GGthe GGpurposes GGof GGaudit GGplanning, GGcan GGan GGauditor GGrely GGupon GGthe GGaudit GGclient's GGrisk GGassessment? GGA. GGYes, GGin GGall GGcases. GGB. GGYes, GGif GGthe GGrisk GGassessment GGwas GGperformed GGby GGa GGqualified GGexternal GGentity. GGC. GGNo. GGThe GGauditor GGmust GGperform GGa GGrisk GGassessment GGhimself GGor GGherself. No. GGThe GGauditor GGdoes GGnot GGrequire GGa GGrisk GGassessment GGto GGdevelop GGan GGaudit GGplan. GG- GGAnswer: B B. GGAn GGauditor GGcan GGuse GGa GGrisk GGassessment GGperformed GGby GGa GGqualified GGexternal GGparty GGto GGdevelop GGa GGrisk-based GGaudit GGplan. GGThis GGwill GGresult GGin GGareas GGof GGhigher GGrisk GGbeing GGexamined GGmore GGclosely GGthan GGareas GGof GGlower GGrisk. A GGis GGincorrect GGbecause GGthere GGare GGcertainly GGcases GGwhere GGan GGauditor GGcannot GGuse GGa GGclient's GGrisk GGassessment—for GGexample, GGif GGthe GGclient's GGrisk GGassessment GGwas GGperformed GGby GGunqualified GGpersons GGor GGif GGthere GGwere GGsigns GGof GGbias. C GGis GGincorrect GGbecause GGit GGis GGnot GGalways GGnecessary GGfor GGan GGauditor GGto GGperform GGthe GGaudit GGhimself GGor GGherself. GGOften GGan GGexternal GGrisk GGassessment GGcan GGbe GGused, GGprovided GGit GGis GGsound. D GGis GGincorrect GGbecause GGa GGrisk GGassessment GGwill GGresult GGin GGa GGbetter GGaudit GGplan GGthat GGis GGrisk-aligned.
  2. GGAn GGorganization GGprocesses GGpayroll GGand GGexpense GGreports GGin GGan GGSaaS- based GGenvironment GGto GGthousands GGof GGcorporate GGcustomers. GGThose GGcustomers GGwant GGassurance GGthat GGthe GGorganization's GGprocesses GGare GGeffective. GGWhat GGkind GGof GGan GGaudit GGshould GGthe GGorganization GGundertake? GGA. GGAUP GGB. GGPA-DSS GGC. GGPCI-DSS SSAE18 GG- GGAnswer: D D. GGThe GGpayroll GGservices GGorganization GGshould GGundertake GGan GGSSAE18 GGaudit. GGThis GGtype GGof GGaudit GGis GGdesigned GGfor GGfinancial GGservices GGproviders GGso GGthat GGthe GGauditors GGof GGthe GGcustomers GGof GGthe GGpayroll GGservices GGorganization GGcan

B GGis GGincorrect GGbecause GGsome GGof GGthe GGtransactions GGare GGnot GGbeing GGrandomly GGselected, GGand GGbecause GG"random GGsampling" GGis GGnot GGthe GGofficial GGterm GGfor GGthis GGtechnique. C GGis GGincorrect GGbecause GGthis GGis GGnot GGan GGexample GGof GGstratified GGsampling. D GGis GGincorrect GGbecause GGsome GGof GGthe GGtransactions GGare GGnot GGbeing GGrandomly GGselected.

  1. GGAn GGauditor GGis GGauditing GGan GGorganization's GGuser GGaccount GGrequest GGand GGfulfillment GGprocess. GGAn GGauditor GGhas GGrequested GGthat GGthe GGcontrol GGowner GGdescribe GGthe GGprocess GGto GGthe GGauditor. GGWhat GGtype GGof GGauditing GGis GGtaking GGplace? GGA. GGObservation GGB. GGDocument GGreview GGC. GGWalkthrough Corroborative GGinquiry GG- GGAnswer: C C. GGA GGcontrol GGowner GGdescribing GGa GGprocess GGis GGknown GGas GGa GGwalkthrough. GGHere, GGeach GGstep GGof GGa GGprocess GGis GGdescribed GGin GGdetail GGto GGthe GGauditor. A GGis GGincorrect GGbecause GGobservation GGrefers GGto GGan GGauditor GGwatching GGpersonnel GGperform GGthe GGprocess. B GGis GGincorrect GGbecause GGdocument GGreview GGgenerally GGconsists GGof GGthe GGauditor GGreading GGthe GGdocument GGon GGhis GGor GGher GGown, GGaway GGfrom GGthe GGpresence GGof GGthe GGcontrol GGowner. GGDocument GGreview GGusually GGprecedes GGa GGwalkthrough. D GGis GGincorrect GGbecause GGcorroborative GGinquiry GGusually GGtakes GGplace GGafter GGa GGwalkthrough GGand GGafter GGexamining GGrecords.
  2. GGAn GGexternal GGaudit GGfirm GGis GGperforming GGan GGaudit GGof GGa GGcustomer's GGfinancial GGaccounting GGprocesses GGand GGIT GGsystems. GGWhile GGexamining GGa GGdata GGstorage GGsystem's GGuser GGaccess GGpermissions, GGthe GGstaff GGauditor GGhas GGdiscovered GGthe GGpresence GGof GGillegal GGcontent. GGWhat GGshould GGthe GGstaff GGauditor GGdo GGnext? GGA. GGNotify GGlaw GGenforcement. GGB. GGInform GGhis GGor GGher GGsupervisor. GGC. GGNotify GGthe GGauditee. Notify GGthe GGauditee's GGaudit GGcommittee. GG- GGAnswer: B B. GGThe GGstaff GGauditor GGshould GGfirst GGnotify GGhis GGor GGher GGsupervisor, GGwho GGin GGturn GGmay GGnotify GGothers GGin GGthe GGaudit GGfirm. GGDepending GGupon GGthe GGnature GGof GGthe GGillegal GGcontent, GGit GGmay GGbe GGappropriate GGfor GGthe GGaudit GGfirm GGto GGnotify GGlaw GGenforcement, GGthe GGauditee, GGor GGsenior GGofficials GGin GGthe GGauditee GGorganization, GGsuch GGas GGaudit GGcommittee GGmembers. GGLocal GGlaws GGand GGregulations GGmay GGinfluence GGthis GGdecision. A GGis GGincorrect GGbecause GGthis GGmay GGnot GGbe GGthe GGbest GGnext GGstep, GGdepending GGon GGlocal GGlaws GGand GGregulations. GGIn GGmost GGcases, GGit's GGbest GGto GGnotify GGone's GGsupervisor, GGwho GGin GGturn GGwill GGdiscuss GGthe GGmatter GGwith GGothers GGin GGthe GGaudit GGfirm.

C GGis GGincorrect GGbecause GGthe GGauditee GGcould GGbe GGthe GGperson GGresponsible GGfor GGplacing GGthe GGillegal GGcontent GGon GGthe GGstorage GGsystem. GGNotifying GGthis GGperson GGcould GGgive GGthem GGan GGopportunity GGto GGquickly GGremove GGthe GGcontent GGbefore GGlaw GGenforcement GGis GGable GGto GGexamine GGthe GGstorage GGsystem. D GGis GGincorrect GGbecause GGthe GGaudit GGcommittee GGis GGnot GGnecessarily GGthe GGappropriate GGparty GGto GGnotify GGfirst. GGDepending GGupon GGlocal GGlaws GGand GGregulations, GGlaw GGenforcement GGmay GGneed GGto GGbe GGnotified. GGThe GGbest GGcourse GGof GGaction GGis GGfor GGthe GGauditor GGto GGnotify GGhis GGor GGher GGsupervisor, GGwho GGcan GGthen GGassemble GGindividuals GGin GGthe GGaudit GGfirm GGwho GGcan GGdecide GGthe GGappropriate GGcourse GGof GGaction.

  1. GGA GGQSA GGauditor GGin GGan GGaudit GGfirm GGhas GGcompleted GGa GGPCI-DSS GGaudit GGof GGa GGclient GGand GGhas GGfound GGthe GGclient GGto GGbe GGnoncompliant GGwith GGone GGor GGmore GGPCI-DSS GGcontrols. GGManagement GGin GGthe GGaudit GGfirm GGhas GGasked GGthe GGQSA GGauditor GGto GGsign GGoff GGon GGthe GGaudit GGas GGcompliant, GGarguing GGthat GGthe GGclient's GGlevel GGof GGcompliance GGhas GGimproved GGfrom GGprior GGyears. GGWhat GGshould GGthe GGQSA GGauditor GGdo? GGA. GGRefuse GGto GGsign GGthe GGaudit GGreport GGas GGcompliant. GGB. GGSign GGthe GGaudit GGreport GGas GGcompliant, GGbut GGunder GGduress. GGC. GGSign GGthe GGaudit GGreport GGas GGcompliant. Notify GGthe GGaudit GGclient GGof GGthe GGmatter. GG- GGAnswer: A A. GGThe GGQSA GGauditor GGsigning GGthe GGaudit GGreport GGas GGcompliant GGwould GGbe GGa GGviolation GGof GGthe GGISACA GGCode GGof GGProfessional GGEthics. GGWere GGISACA GGto GGlearn GGabout GGthis GGmatter, GGthe GGauditor GGcould GGlose GGhis GGor GGher GGISACA GGcertifications. B GGis GGincorrect GGbecause GGthis GGmay GGstill GGjeopardize GGthe GGauditor's GGstanding GGwith GGthe GGISACA GGCode GGof GGProfessional GGEthics. C GGis GGincorrect GGbecause GGthis GGwould GGbe GGa GGclear GGviolation GGof GGthe GGISACA GGCode GGof GGProfessional GGEthics, GGand GGthe GGauditor GGcould GGlose GGhis GGor GGher GGISACA GGcertifications. D GGis GGincorrect GGbecause GGthis GGmay GGcause GGconfusion GGor GGanger GGon GGthe GGpart GGof GGthe GGauditee GGorganization.
  2. GGAn GGorganization GGwants GGto GGdrive GGaccountability GGfor GGthe GGperformance GGof GGsecurity GGcontrols GGto GGtheir GGrespective GGcontrol GGowners. GGWhich GGactivity GGis GGthe GGbest GGto GGundertake GGto GGaccomplish GGthis GGobjective? GGA. GGDirect GGcontrol GGowners GGto GGsign GGa GGdocument GGof GGaccountability. GGB. GGHave GGthe GGinternal GGaudit GGdepartment GGaudit GGthe GGcontrols. GGC. GGHave GGan GGexternal GGaudit GGfirm GGaudit GGthe GGcontrols. Undergo GGcontrol GGself-assessments GG(CSAs). GG- GGAnswer: D D. GGControl GGself-assessments GG(CSAs) GGforce GGcontrol GGowners GGto GGfocus GGon GGthe GGeffectiveness GGof GGtheir GGcontrols. GGFor GGthe GGmost GGpart, GGcontrol GGowners GGwill GGself-regulate GGand GGmake GGimprovements GGto GGtheir GGcontrol GGprocedures GGin GGorder GGto GGensure GGthat GGtheir GGcontrols GGare GGmore GGeffective.

B GGis GGincorrect GGbecause GGa GGSOC2 GGaudit GGis GGa GGgeneral-purpose GGaudit GGof GGa GGservice GGprovider, GGbut GGit GGlacks GGfinancially GGspecific GGcontrols. D GGis GGincorrect GGbecause GGan GGSSAE18 GGaudit GGis GGtechnically GGvalid GGonly GGwithin GGthe GGUnited GGStates.

  1. GGA GGQSA GG(PCI) GGaudit GGfirm GGhas GGbeen GGcommissioned GGby GGa GGlarge GGmerchant GGorganization GGto GGperform GGa GGPCI-DSS GGreport GGon GGcompliance GG(ROC). GGThe GGaudit GGfirm GGhas GGnoted GGthat GGthe GGmerchant's GGcompliance GGdeadline GGis GGless GGthan GGone GGmonth GGaway. GGWhat GGshould GGthe GGaudit GGfirm GGdo GGnext? GGA. GGFile GGa GGcompliance GGextension GGwith GGthe GGPCI GGStandards GGCouncil GGon GGbehalf GGof GGthe GGmerchant. GGB. GGInform GGthe GGmerchant GGthat GGthe GGROC GGcan GGbe GGcompleted GGon GGtime. GGC. GGInform GGthe GGmerchant GGthat GGthe GGROC GGcannot GGbe GGcompleted GGon GGtime GGand GGthat GGan GGextension GGshould GGbe GGrequested. File GGa GGcompliance GGextension GGwith GGthe GGmerchant's GGacquiring GGbank. GG- GGAnswer: C C. GGThere GGis GGlittle GGhope GGthat GGthe GGROC GGcan GGbe GGcompleted GGin GGfour GGweeks. GGAfter GGbeing GGnotified GGby GGthe GGaudit GGfirm, GGthe GGmerchant GGorganization GGshould GGrequest GGan GGextension GGof GGits GGacquiring GGbank. A GGis GGincorrect GGbecause GGa GGQSA GGfirm GGdoes GGnot GGfile GGextensions GGon GGbehalf GGof GGits GGaudit GGclients. B GGis GGincorrect GGbecause GGit GGis GGunlikely GGthat GGthe GGROC GGcan GGbe GGcompleted GGin GGfour GGweeks. GGA GGPCI-DSS GGaudit GGof GGa GGlarge GGmerchant GGorganization GGis GGsure GGto GGtake GGseveral GGweeks GGfrom GGstart GGto GGfinish. D GGis GGincorrect GGbecause GGQSA GGfirms GGdo GGnot GGfile GGextensions GGof GGbehalf GGof GGtheir GGaudit GGclients.
  2. GGAn GGauditor GGis GGdeveloping GGan GGaudit GGplan GGfor GGan GGaccounts GGpayable GGfunction. GGRather GGthan GGrandomly GGselecting GGtransactions GGto GGexamine, GGthe GGauditor GGwants GGto GGselect GGtransactions GGfrom GGlow, GGmedium, GGand GGlarge GGpayment GGamounts. GGWhich GGsample GGmethodology GGis GGappropriate GGfor GGthis GGapproach? GGA. GGJudgmental GGsampling GGB. GGStratified GGsampling GGC. GGNon-random GGsampling Statistical GGsampling GG- GGAnswer: B B. GGStratified GGsampling GGinvolves GGselecting GGsamples GGbased GGon GGsome GGquantified GGvalue GGin GGeach GGsample GG(in GGthis GGcase, GGthe GGpayment GGamount). GGStratified GGsampling GGis GGuseful GGfor GGsituations GGlike GGthis GGwhere GGauditors GGwant GGto GGbe GGsure GGto GGexamine GGvery GGhigh- GGor GGvery GGlow-value GGsamples GGthat GGmight GGnot GGbe GGselected GGin GGrandom GGsampling. A GGis GGincorrect GGbecause GGjudgmental GGsampling GGis, GGby GGdefinition, GGnot GGrandom. GGHowever, GGthis GGwould GGbe GGthe GGnext GGbest GGchoice.

C GGis GGincorrect GGbecause GGnon-random GGsampling GGis GGnot GGa GGsampling GGmethodology. D GGis GGincorrect GGbecause GGstatistical GGsampling GGmight GGnot GGcapture GGenough GGof GGthe GGhigh- GGor GGlow-value GGtransactions GGif GGthere GGare GGtoo GGfew GGof GGthese.

  1. GGA GGcybersecurity GGaudit GGfirm GGhas GGcompleted GGa GGpenetration GGtest GGof GGan GGorganization's GGweb GGapplication. GGThe GGfinal GGreport GGcontains GGtwo GGfindings GGthat GGindicate GGthe GGpresence GGof GGtwo GGcritical GGvulnerabilities. GGThe GGorganization GGdisputes GGthe GGfindings GGbecause GGof GGthe GGpresence GGof GGcompensating GGcontrols GGoutside GGof GGthe GGweb GGapplication GGinterface. GGHow GGshould GGthe GGaudit GGproceed? GGA. GGThe GGaudit GGfirm GGshould GGremove GGthe GGfindings GGfrom GGthe GGfinal GGreport. GGB. GGThe GGorganization GGshould GGselect GGanother GGfirm GGto GGconduct GGthe GGpenetration GGtest. GGC. GGOrganization's GGmanagement GGshould GGprotest GGthe GGfindings GGand GGinclude GGa GGletter GGthat GGaccompanies GGthe GGpen GGtest GGreport. The GGaudit GGfirm GGshould GGpermit GGthe GGcustomer GGto GGhave GGsome GGmanagement GGcomments GGincluded GGin GGthe GGfinal GGreport. GG- GGAnswer: D D. GGManagement's GGcomments GGwill GGappear GGin GGthe GGreport GGwhere GGthe GGspecific GGfindings GGare GGdiscussed. A GGis GGincorrect GGbecause GGthe GGaudit GGfirm GGshould GGnot GGremove GGa GGfinding GGsimply GGbecause GGthe GGaudit GGclient GGdisagrees GGwith GGit. B GGis GGincorrect GGbecause GGthis GGmay GGnot GGbe GGa GGviable GGoption GGfor GGcost GGand GGscheduling GGreasons. C GGis GGincorrect GGbecause GGa GGseparate GGmanagement GGletter GGwould GGbe GGseen GGin GGa GGmore GGnegative GGlight. GGHowever, GGthis GGmay GGbe GGthe GGorganization's GGbest GGoption GGif GGthe GGaudit GGfirm GGis GGunwilling GGto GGinclude GGmanagement GGcomments GGin GGthe GGfinal GGreport.
  2. GGWhat GGis GGthe GGobjective GGof GGthe GGISACA GGaudit GGstandard GGon GGorganizational GGindependence? GGA. GGThe GGauditor's GGplacement GGin GGthe GGorganization GGshould GGensure GGthe GGauditor GGcan GGact GGindependently. GGB. GGThe GGauditor GGshould GGnot GGwork GGin GGthe GGsame GGorganization GGas GGthe GGauditee. GGC. GGTo GGensure GGthat GGthe GGauditor GGhas GGthe GGappearance GGof GGindependence. To GGensure GGthat GGthe GGauditor GGhas GGa GGseparate GGoperating GGbudget. GG- GGAnswer: A A. GGISACA GGaudit GGstandard GG1002, GG"Organizational GGIndependence," GGstates GGthe GGfollowing: GG"The GGIS GGauditor's GGplacement GGin GGthe GGcommand-and-control GGstructure GGof GGthe GGorganization GGshould GGensure GGthat GGthe GGIS GGauditor GGcan GGact GGindependently." GGThis GGhelps GGto GGavoid GGthe GGpossibility GGthat GGthe GGauditor GGis GGbeing GGcoerced GGinto GGproviding GGa GGfavorable GGaudit GGopinion. B GGis GGincorrect GGbecause GGthe GGaudit GGstandard GGdoes GGnot GGrequire GGthe GGauditor GGto GGwork GGin GGa GGdifferent GGorganization. GGIndeed, GGinternal GGaudit GGdepartments GGin GGU.S. GGpublic GGcompanies GGare GGa GGpart GGof GGthe GGorganization.
  1. GGPrior GGto GGplanning GGan GGaudit, GGan GGauditor GGwould GGneed GGto GGconduct GGa GGrisk GGassessment GGto GGidentify GGhigh-risk GGareas GGin GGall GGof GGthe GGfollowing GGsituations GGexcept GGfor: GGA. GGWhen GGa GGclient's GGmost GGrecent GGrisk GGassessment GGis GGtwo GGyears GGold GGB. GGWhen GGa GGclient's GGrisk GGassessment GGdoes GGnot GGappear GGto GGbe GGadequately GGrigorous GGC. GGA GGPCI GG"report GGon GGcompliance" GGaudit A GGSOC2 GGaudit GG- GGAnswer: C C. GGThe GGPCI GGaudit GGis GGnot GGrisk-based, GGand GGthe GGpresence GGor GGabsence GGof GGa GGrisk GGassessment GGwill GGnot GGalter GGthe GGaudit GGplan. GGThis GGis GGdespite GGthe GGfact GGthat GGPCI GG(as GGof GGversion GG3.2.1) GGrequires GGan GGorganization GGto GGconduct GGa GGrisk GGassessment, GGalthough GGthis GGhas GGno GGbearing GGon GGthe GGorganization's GGobligation GGto GGimplement GGall GGcontrols GGin GGthe GGstandard. A, GGB, GGand GGD GGare GGincorrect GGbecause GGthese GGare GGvalid GGreasons GGthat GGwould GGcompel GGan GGauditor GGto GGconduct GGa GGrisk GGassessment GGprior GGto GGdeveloping GGthe GGaudit GGplan.
  2. GGWhich GGof GGthe GGfollowing GGaudit GGtypes GGis GGappropriate GGfor GGa GGfinancial GGservices GGprovider GGsuch GGas GGa GGpayroll GGservice? GGA. GGSSAE GGB. GGSAS GGC. GGAUP Sarbanes-Oxley GG- GGAnswer: A A. GGAn GGSSAE18 GGaudit GGis GGspecifically GGintended GGfor GGfinancial GGservice GGproviders GGsuch GGas GGpayroll, GGgeneral GGaccounting, GGexpense GGmanagement, GGand GGother GGfinancial GGservices. B GGis GGincorrect GGbecause GGthe GGSAS70 GGaudit GGstandard GGhas GGbeen GGdeprecated GGand GGreplaced GGby GGthe GGSSAE18 GGstandard. C GGis GGincorrect GGbecause GGan GGAUP GGaudit GGis GGgeneral GGpurpose GGin GGnature GGand GGnot GGspecifically GGdesigned GGfor GGfinancial GGservices. D GGis GGincorrect GGbecause GGa GGSarbanes-Oxley GGaudit GGis GGintended GGfor GGthe GGfinancial GGbusiness GGprocesses GGof GGa GGU.S. GGpublic GGcompany.
  3. GGWhich GGof GGthe GGfollowing GGis GGthe GGbest GGmethod GGfor GGensuring GGthat GGan GGaudit GGproject GGcan GGbe GGcompleted GGon GGtime? GGA. GGDistribute GGa GG"provided GGby GGclient" GGevidence GGrequest GGlist GGat GGthe GGstart GGof GGthe GGaudit. GGB. GGPre-populate GGthe GGissues GGlist GGwith GGfindings GGlikely GGto GGoccur. GGC. GGIncrease GGthe GGnumber GGof GGauditors GGon GGthe GGaudit GGteam. Reduce GGthe GGfrequency GGof GGstatus GGmeetings GGfrom GGweekly GGto GGmonthly. GG- GGAnswer: A A. GGAuditees GGsometimes GGtake GGquite GGa GGlong GGtime GGto GGsearch GGfor GGand GGprovide GGrequested GGevidence GGto GGauditors. GGBy GGproviding GGthis GGrequest GGlist GGat GGthe

GGbeginning GGof GGthe GGaudit, GGauditors GGwill GGobtain GGevidence GGearlier GGthan GGif GGthey GGwait GGuntil GGtheir GGwalkthrough GGmeetings. B GGis GGincorrect GGbecause GGthis GGis GGnot GGan GGaccepted GGpractice, GGand GGit GGwould GGnot GGsave GGmuch GGtime GGeven GGin GGcircumstances GGwhere GGauditors GGwere GGsure GGthat GGcertain GGexceptions GGwere GGgoing GGto GGoccur. C GGis GGincorrect GGbecause GGit GGmay GGnot GGbe GGfeasible GGto GGincrease GGthe GGsize GGof GGthe GGaudit GGteam. GGBesides, GGthe GGnumber GGof GGauditors GGis GGnot GGalways GGthe GGfactor GGthat GGdetermines GGthe GGduration GGof GGan GGaudit. D GGis GGincorrect GGbecause GGreducing GGaudit GGstatus GGmeetings GGfrom GGweekly GGto GGmonthly GGcould GGhave GGthe GGopposite GGeffect GGand GGincrease GGthe GGtime GGfor GGan GGaudit GGproject GGto GGcomplete, GGbecause GGof GGreduced GGcommunication.

  1. GGAn GGauditor GGis GGabout GGto GGstart GGan GGaudit GGof GGa GGuser GGaccount GGaccess GGrequest GGand GGfulfillment GGprocess. GGThe GGaudit GGcovers GGa GGsix-month GGperiod GGfrom GGJanuary GGthrough GGJune. GGThe GGpopulation GGcontains GG1,800 GGtransactions. GGWhich GGof GGthe GGfollowing GGsampling GGmethodologies GGis GGbest GGsuited GGfor GGthis GGaudit? GGA. GGExamine GGthe GGresults GGof GGthe GGclient's GGcontrol GGself-assessment GG(CSA). GGB. GGSubmit GGsome GGuser GGaccount GGaccess GGrequests GGand GGobserve GGhow GGthey GGare GGperformed. GGC. GGRequest GGthe GGfirst GG 30 GGtransactions GGfrom GGthe GGauditee. Request GGthe GGfirst GGfive GGtransactions GGfrom GGeach GGmonth GGin GGthe GGaudit GGperiod. GG- GGAnswer: D D. GGThis GGmethodology GGcaptures GGtransactions GGthrough GGthe GGentire GGaudit GGperiod. GGIn GGa GGperiod GGof GGthis GGlength, GGthere GGcould GGbe GGpersonnel GGchanges GGand GGother GGchanges GGthat GGcould GGresult GGin GGinstances GGof GGacceptable GGor GGunacceptable GGperformance GGthroughout GGthe GGperiod. A GGis GGincorrect GGbecause GGan GGauditee's GGCSA GGmight GGnot GGbe GGof GGsufficient GGintegrity GGto GGbe GGrelied GGupon. GGFurther, GGspecific GGaudit GGrules GGor GGstandards GGmight GGpreclude GGthe GGuse GGof GGa GGCSA. B GGis GGincorrect GGbecause GGreperformance GGassesses GGthe GGcurrent GGeffectiveness GGof GGa GGcontrol, GGnot GGwhether GGthe GGcontrol GGwas GGeffective GGthroughout GGthe GGaudit GGperiod. C GGis GGincorrect GGbecause GGthis GGwill GGassess GGthe GGprocess GGonly GGat GGthe GGbeginning GGof GGthe GGsix-month GGaudit GGperiod. GGIf GGthe GGprocess GGwas GGeffective GGin GGJanuary GGbut GGineffective GGfor GGthe GGrest GGof GGthe GGperiod, GGthis GGtechnique GGwould GGconceal GGthis GGpossibility.
  2. GGAn GGauditor GGis GGauditing GGan GGorganization's GGpersonnel GGonboarding GGprocess GGand GGis GGexamining GGthe GGbackground GGcheck GGprocess. GGThe GGauditor GGis GGmainly GGinterested GGin GGwhether GGbackground GGchecks GGare GGperformed GGfor GGall GGpersonnel GGand GGwhether GGbackground GGcheck GGresults GGlead GGto GGno-hire GGdecisions. GGWhich GGof GGthe GGfollowing GGevidence GGcollection GGtechniques GGwill GGsupport GGthis GGaudit GGobjective? GGA. GGRequest GGthe GGfull GGcontents GGof GGbackground GGchecks GGalong GGwith GGhire/no- hire GGdecisions.

A GGis GGincorrect GGbecause GGthe GGservice GGprovider GGshould GGnot GGneed GGto GGprovide GGthe GGentire GGROC, GGas GGthis GGwould GGprovide GGexcessive GGdetails GGof GGits GGinternal GGoperations. GGThe GGAOC GGcontains GGsufficient GGinformation GGregarding GGthe GGpass GGor GGfail GGstatus GGof GGthe GGaudit GGand GGits GGPCI GGcompliance. C GGis GGincorrect, GGas GGan GGROV GGwas GGnot GGperformed. D GGis GGincorrect GGbecause GGan GGSAQ GGwas GGnot GGcompleted.

  1. GGWhich GGof GGthe GGfollowing GGstatements GGabout GGthe GGISACA GGAudit GGGuidelines GGis GGcorrect? GGA. GGISACA GGAudit GGGuidelines GGapply GGonly GGto GGaudit GGfirms GGand GGnot GGto GGinternal GGaudit GGdepartments. GGB. GGISACA GGAudit GGGuidelines GGare GGrequired. GGViolations GGmay GGresult GGin GGfines GGfor GGviolators. GGC. GGISACA GGAudit GGGuidelines GGare GGrequired. GGViolations GGmay GGresult GGin GGloss GGof GGcertifications. ISACA GGAudit GGGuidelines GGare GGnot GGrequired. GG- GGAnswer: D D. GGISACA GGAudit GGGuidelines GGare GGsuggested GGimplementation GGguidelines GGand GGnot GGrequired GGof GGISACA-certified GGpersonnel. A GGis GGincorrect GGbecause GGISACA GGAudit GGGuidelines GGapply GGin GGall GGauditing GGsituations. B GGand GGC GGare GGincorrect GGbecause GGISACA GGAudit GGGuidelines GGare GGoptional GGand GGnot GGrequired.
  2. GGAn GGexternal GGauditor GGis GGauditing GGan GGorganization's GGthird-party GGrisk GGmanagement GG(TPRM) GGprocess. GGThe GGauditor GGhas GGobserved GGthat GGthe GGorganization GGhas GGdeveloped GGan GGISO-based GGquestionnaire GGthat GGis GGsent GGto GGall GGthird-party GGservice GGproviders GGannually. GGWhat GGvalue-added GGremarks GGcan GGthe GGauditor GGprovide? GGA. GGThe GGprocess GGcan GGbe GGmore GGefficient GGif GGthe GGorganization GGdevelops GGrisk- based GGtiers GGto GGsave GGtime GGauditing GGlow-risk GGvendors. GGB. GGThe GGorganization GGshould GGnot GGbe GGsending GGquestionnaires GGto GGvendors GGevery GGyear. GGC. GGThe GGorganization GGshould GGstructure GGits GGquestionnaires GGbased GGon GGCSA GGStar. The GGorganization GGshould GGoutsource GGits GGthird-party GGmanagement GGprocess. GG- GGAnswer: A A. GGThe GGTPRM GGprocess GGcould GGindeed GGbe GGmore GGefficient GGif GGthe GGorganization GGstratifies GGits GGvendors GGbased GGon GGrisk. GGThe GGhighest-risk GGvendors GGwould GGbe GGassessed GGannually GGwith GGthe GGmost GGrigorous GGquestionnaire, GGwhile GGvendors GGat GGlower-risk GGtiers GGwould GGbe GGassessed GGwith GGshorter GGquestionnaires GGor GGnot GGat GGall. B GGis GGincorrect GGbecause GGthe GGorganization GGshould GGbe GGsending GGquestionnaires GGto GGits GGhigh-risk GGvendors GGannually.

C GGis GGincorrect, GGas GGan GGISO-based GGquestionnaire GGmay GGvery GGpossibly GGbe GGsufficient. D GGis GGincorrect GGbecause GGthere GGis GGno GGindication GGthat GGsuggests GGthe GGTPRM GGprocess GGshould GGbe GGoutsourced.

  1. GGWhat GGis GGthe GGdifference GGbetween GGan GGSSAE18 GGType GGI GGaudit GGand GGan GGSSA18 GGType GGII GGaudit? GGA. GGA GGType GGI GGaudit GGis GGan GGaudit GGof GGprocess GGeffectiveness, GGwhereas GGa GGType GGII GGaudit GGis GGan GGaudit GGof GGprocess GGeffectiveness GGand GGprocess GGdesign. GGB. GGA GGType GGI GGaudit GGis GGan GGaudit GGof GGprocess GGdesign GGand GGprocess GGeffectiveness, GGwhereas GGa GGType GGII GGaudit GGis GGan GGaudit GGof GGprocess GGdesign. GGC. GGA GGType GGI GGaudit GGis GGan GGaudit GGof GGprocess GGdesign, GGwhereas GGa GGType GGII GGaudit GGis GGan GGaudit GGof GGprocess GGdesign GGand GGprocess GGeffectiveness. A GGType GGI GGaudit GGis GGan GGaudit GGof GGprocess GGdesign GGand GGeffectiveness, GGwhereas GGa GGType GGII GGaudit GGis GGan GGaudit GGof GGprocess GGeffectiveness. GG- GGAnswer: C C. GGThis GGis GGthe GGcorrect GGdefinition GGof GGSSAE18 GGType GGI GGand GGType GGII GGaudits. A, GGB, GGand GGD GGare GGincorrect GGbecause GGthese GGare GGincorrect GGdefinitions GGof GGSSAE18 GGType GGI GGand GGType GGII GGaudits.
  2. GGAn GGauditor GGis GGauditing GGthe GGpayment GGsystems GGfor GGa GGretail GGstore GGchain GGthat GGhas GG 80 GGstores GGin GGthe GGregion. GGThe GGauditor GGneeds GGto GGobserve GGand GGtake GGsamples GGfrom GGsome GGof GGthe GGstores' GGsystems. GGThe GGaudit GGclient GGhas GGselected GGtwo GGstores GGthat GGare GGlocated GGin GGthe GGsame GGcity GGas GGthe GGstore GGchain GGheadquarters GGand GGtwo GGstores GGin GGa GGnearby GGtown. GGHow GGshould GGthe GGaudit GGof GGthe GGstore GGlocations GGproceed? GGA. GGThe GGauditor GGshould GGlearn GGmore GGabout GGthe GGstores' GGsystems GGand GGpractices GGbefore GGdeciding GGwhat GGto GGdo. GGB. GGThe GGauditor GGshould GGaudit GGthe GGselected GGstores GGand GGproceed GGaccordingly. GGC. GGThe GGauditor GGshould GGaccept GGthe GGsampling GGbut GGselect GGadditional GGstores. The GGauditor GGshould GGselect GGwhich GGstores GGto GGexamine GGand GGproceed GGaccordingly. GG- GGAnswer: A A. GGWhile GGthe GGauditee's GGdesire GGto GGselect GGthe GGstores GGto GGaudit GGmay GGseem GGproactive, GGthe GGauditor GGneeds GGto GGbetter GGunderstand GGthe GGnature GGof GGeach GGstore's GGinformation GGsystems GGbefore GGoverruling GGthe GGauditee. GGFor GGinstance, GGthe GGsystems GGin GGall GGstores GGmay GGbe GGidentically GGconfigured, GGand GGthe GGnearby GGstore GGoperators GGmay GGbe GGbetter GGequipped GGto GGexplain GGaudit GGprocesses. GGOn GGthe GGother GGhand, GGif GGstore GGsystems GGwere GGnot GGidentically GGconfigured GGand GGoperated, GGthe GGclient's GGdesire GGto GGselect GGsamples GGmay GGhave GGto GGbe GGoverruled, GGso GGthat GGthe GGauditor GGretains GGindependence GGin GGfact. B GGis GGincorrect. GGThere GGmay GGbe GGreasons GGwhy GGthe GGauditee GGselected GGthe GGnearby GGstores; GGamong GGthem, GGtheir GGprocesses GGmay GGbe GGmore GGdisciplined GGthan GGothers GGthat GGare GGfarther GGaway. GGUnless GGthe GGauditor GGis GGconfident GGthat GGall GGstores' GGsystems GGare GGidentical, GGthe GGauditor GGmust GGselect GGsamples GGhimself GGor GGherself.

A. GGAn GGauditor GGis GGfree GGto GGcontact GGan GGauditee GGafter GGan GGaudit GGto GGshow GGconcern GGfor GGthe GGauditee GGand GGbe GGsure GGthat GGthe GGauditee GGis GGproceeding GGproperly GGby GGworking GGto GGresolve GGany GGfindings GGidentified GGby GGthe GGauditor. B GGis GGincorrect, GGas GGthe GGauditor GGis GGnot GGacting GGimproperly. C GGis GGincorrect, GGas GGthe GGauditor GGis GGwithin GGhis GGor GGher GGprofessional GGbounds GGto GGcommunicate GGwith GGthe GGauditee GGafter GGthe GGaudit. GGIn GGmany GGcases, GGauditors GGare GGencouraged GGin GGthis GGregard. D GGis GGincorrect GGbecause GGit GGis GGindeed GGhoped GGthat GGthe GGauditor GGis GGnot GG"fishing GGfor GGbusiness" GGby GGfeigning GGinterest GGin GGthe GGauditee's GGwell-being.

  1. GGAccording GGto GGISACA GGAudit GGStandard GG1202, GGwhich GGtypes GGof GGrisks GGshould GGbe GGconsidered GGwhen GGplanning GGan GGaudit? GGA. GGFraud GGrisk GGB. GGBusiness GGrisk GGC. GGCybersecurity GGrisk Financial GGrisk GG- GGAnswer: B B. GGAll GGtypes GGof GGrisks GGshould GGbe GGconsidered GGwhen GGplanning GGan GGaudit GGof GGa GGbusiness GGprocess GGor GGsystem. A GGis GGincorrect GGbecause GGfraud GGrisk GGis GGnot GGthe GGonly GGrisk GGthat GGshould GGbe GGconsidered. C GGis GGincorrect, GGas GGcybersecurity GGrisk GGis GGonly GGone GGtype GGof GGrisk GGthat GGshould GGbe GGconsidered. D GGis GGincorrect GGbecause GGfinancial GGrisk GGis GGonly GGone GGtype GGof GGrisk GGthat GGshould GGbe GGconsidered.
  2. GGAn GGIT GGservice GGdesk GGdepartment GGthat GGprovisions GGuser GGaccounts GGperforms GGa GGmonthly GGactivity GGwhereby GGall GGuser GGaccount GGchanges GGthat GGoccurred GGin GGthe GGprior GGmonth GGare GGchecked GGagainst GGthe GGlist GGof GGcorresponding GGrequests GGin GGthe GGticketing GGsystem. GGThis GGactivity GGis GGknown GGas: GGA. GGAn GGaudit GGB. GGA GGmonthly GGprovisioning GGreview GGC. GGA GGcontrol GGthreat-assessment GG(CTA) A GGrisk GGassessment GG- GGAnswer: B B. GGThe GGservice GGdesk GGis GGperforming GGa GGmonthly GGreview GGof GGuser GGaccount GGprovisioning GGto GGmake GGsure GGthat GGall GGsuch GGaccount GGprovisioning GGactivities GGwere GGin GGfact GGrequested. A GGis GGincorrect GGbecause GGthis GGactivity GGis GGnot GGan GGaudit, GGbecause GGthe GGservice GGdesk GGis GGchecking GGits GGown GGwork. C GGis GGincorrect GGbecause GGthreats GGare GGnot GGbeing GGanalyzed GGin GGthis GGactivity. D GGis GGincorrect GGbecause GGthis GGactivity GGis GGnot GGa GGrisk GGassessment, GGbut GGan GGactivity GGreview.
  1. GGAn GGorganization GGwith GGvideo GGsurveillance GGat GGa GGwork GGcenter GGhas GGplaced GGvisible GGnotices GGon GGbuilding GGentrances GGthat GGinform GGpeople GGthat GGvideo GGsurveillance GGsystems GGare GGin GGuse. GGThe GGnotices GGare GGan GGexample GGof: GGA. GGAdministrative GGcontrols GGB. GGPreventive GGcontrols GGC. GGDetective GGcontrols Deterrent GGcontrols GG- GGAnswer: D D. GGVisible GGnotices GGannouncing GGits GGpresence GGis GGan GGexample GGof GGa GGdeterrent GGcontrol. A GGis GGincorrect GGbecause GGvisible GGnotes GGare GGnot GGexamples GGof GGadministrative GGcontrols. GGAn GGexample GGof GGan GGadministrative GGcontrol GGis GGa GGpolicy. B GGis GGincorrect GGbecause GGneither GGvideo GGsurveillance GGnor GGvisible GGnotices GGare GGpreventive GGcontrols. GGAn GGexample GGof GGa GGpreventive GGcontrol GGis GGa GGlocked GGdoor. C GGis GGincorrect. GGWhile GGvideo GGsurveillance GGitself GGis GGa GGdetective GGcontrol, GGa GGvisible GGnotice GGannouncing GGvideo GGsurveillance GGis GGa GGdeterrent GGcontrol.
  2. GGAn GGauditor GGis GGplanning GGan GGaudit GGof GGa GGfinancial GGplanning GGapplication. GGCan GGthe GGauditor GGrely GGon GGa GGrecent GGpenetration GGtest GGof GGthe GGapplication GGas GGa GGrisk-based GGaudit? GGA. GGNo, GGbecause GGa GGpenetration GGtest GGdoes GGnot GGreveal GGrisks. GGB. GGNo, GGbecause GGa GGpenetration GGtest GGis GGnot GGa GGrisk GGassessment. GGC. GGYes, GGthe GGauditor GGcan GGmake GGuse GGof GGthe GGpen GGtest, GGbut GGa GGrisk GGassessment GGis GGstill GGneeded. Yes, GGthe GGpenetration GGtest GGserves GGas GGa GGrisk GGassessment GGin GGthis GGcase. GG- GGAnswer: C C. GGA GGpenetration GGtest GGreveals GGa GGlimited GGview GGof GGrisks, GGalthough GGa GGfull GGrisk GGassessment GGis GGstill GGneeded GGif GGthe GGaudit GGis GGto GGbe GGtruly GGrisk-driven. A GGis GGincorrect GGbecause GGpenetration GGtests GGdo GGreveal GGsome GGrisks. B GGis GGincorrect. GGWhile GGit GGis GGtrue GGthat GGa GGpenetration GGtest GGis GGnot GGa GGrisk GGassessment, GGthe GGauditor GGcan GGstill GGrely GGupon GGit GGin GGorder GGto GGhave GGa GGpartial GGview GGof GGrisk. D GGis GGincorrect GGbecause GGa GGpenetration GGtest GGis GGnever GGconsidered GGa GGfull GGrisk GGassessment.
  3. GGWhich GGof GGthe GGfollowing GGis GGthe GGbest GGexample GGof GGa GGcontrol GGself- assessment GGof GGa GGuser GGaccount GGprovisioning GGprocess? GGA. GGAn GGexamination GGof GGActive GGDirectory GGto GGensure GGthat GGonly GGdomain GGadministrators GGcan GGmake GGuser GGaccount GGpermission GGchanges GGB. GGChecks GGto GGsee GGthat GGonly GGauthorized GGpersonnel GGmade GGuser GGaccount GGchanges GGC. GGConfirmation GGthat GGall GGuser GGaccount GGchanges GGwere GGapproved GGby GGappropriate GGpersonnel