IIA Exam IIA-CHAL-QISA Topic 3 Question 19 Discussion

Actual exam question for IIA's IIA-CHAL-QISA exam

Question #: 19
Topic #: 3

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address this risks highlighted by the Internal audit Which of the following Is the most appropriate action to address the outstanding audit recommendation?

AThe auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

BThe auditor accepts managements explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

CThe auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

DThe auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Show Suggested Answer

Suggested Answer: A

Verification of Controls: The auditor should verify that the new IT system addresses the previously identified risks. This involves reviewing the system documentation and ensuring that the controls in the new system effectively mitigate the risks.

Reporting: Once the auditor has confirmed that the new system controls address the risks, they can report to senior management and close the outstanding issue, ensuring that all audit recommendations are appropriately resolved.

Other Options:

Accepting Management's Explanation: Without verification (option B) is not appropriate as it may leave risks unmitigated.

Escalating Without Verification: Advising management and escalating (option C) is premature if the new system may already address the issues.

Detailed Process Evaluation: Requiring additional details about the process (option D) may be unnecessary if the auditor can verify the controls directly.

by Adelaide at Dec 06, 2024, 02:21 PM

Limited Time Offer

25%

Off

Get Premium IIA-CHAL-QISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Carlota

5 days ago

I think option C is the most appropriate action.

upvoted 0 times

...