During the course of an audit, an IS auditor's organizational independence is impaired. The IS auditor should FIRST

• A.obtain the auditee s approval before continuing the audit.
• B.inform senior management in writing and proceed with the audit
• C.inform audit management of the situation.
• D.proceed with the audit as planned after documenting the incident.

Comment: *

Name: *

Email: *

Verification: *

When migrating critical systems to a cloud provider, the GREATEST data security concern for an
organization would be that data from different clients may be:

• A.subject to different service level agreements (SLAs) for disaster recovery.
• B.subject to varying government compliance regulations.
• C.improperly separated from each other.
• D.requested during a legal discovery process.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor invited to a development project meeting notes that no project risks have been documented.
When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impactingthe project, a risk manager will be hired. The appropriate response of the IS auditor would be to:

• A.stress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans.
• B.accept the project manager's position as the project manager is accountable for the outcome of the project.
• C.offer to work with the risk manager when one is appointed.
• D.inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the project.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST justification for deferring remediation testing until the next audit?

• A.The auditor who conducted the audit and agreed with the timeline has left the organization.
• B.Auditee management has accepted all observations reported by the auditor.
• C.The audit environment has changed significantly.
• D.Management's planned actions are sufficient given the relative importance of the observations.

Comment: *

Name: *

Email: *

Verification: *

Which of the following application input controls would MOST likoly detect data input errors in the customer account number field during the processing of an accounts receivable transaction?

• A.Limit check
• B.Reasonableness check
• C.Validity check
• D.Parity check

Comment: *

Name: *

Email: *

Verification: *