To communicate the risk associated with IT in business terms, which of the following MUST be defined?

• A.Risk appetite of the organization
• B.Compliance objectives
• C.Organizational objectives
• D.Inherent and residual risk

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to assess the effectiveness of an access management process?

• A.Reconciling a list of accounts belonging to terminated employees
• B.Reviewing access logs for user activity
• C.Reviewing for compliance with acceptable use policy
• D.Comparing the actual process with the documented process

Comment: *

Name: *

Email: *

Verification: *

Which of the following is of GREATEST concern when uncontrolled changes are made to the control environment?

• A.An increase in the level of residual risk
• B.An increase in inherent risk
• C.A decrease in control layering effectiveness
• D.An increase in control vulnerabilities

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of the GHT project. You are accessing data for further analysis. You have chosen such a data extraction method in which management monitors its own controls. Which of the following data extraction methods you are using here?

• A.Extracting data directly from the source systems after system owner approval
• B.Extracting data from the system custodian (IT) after system owner approval
• C.Extracting data from risk register
• D.Extracting data from lesson learned register
• E.Explanation:
  Direct extraction from the source system involves management monitoring its own controls,
  instead of auditors/third parties monitoring management's controls. It is preferable over extraction
  from the system custodian.
• F.and D are incorrect. These are not data extraction methods.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?

• A.Closed management action plans from the previous audit
• B.Annual risk assessment results
• C.An updated vulnerability management report
• D.A list of identified generic risk scenarios

Comment: *

Name: *

Email: *

Verification: *