IIA Exam IIA-CHAL-QISA Topic 1 Question 11 Discussion

Actual exam question for IIA's IIA-CHAL-QISA exam

Question #: 11
Topic #: 1

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address this risks highlighted by the Internal audit Which of the following Is the most appropriate action to address the outstanding audit recommendation?

AThe auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

BThe auditor accepts managements explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

CThe auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

DThe auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Show Suggested Answer

Suggested Answer: A

Verification of Controls: The auditor should verify that the new IT system addresses the previously identified risks. This involves reviewing the system documentation and ensuring that the controls in the new system effectively mitigate the risks.

Reporting: Once the auditor has confirmed that the new system controls address the risks, they can report to senior management and close the outstanding issue, ensuring that all audit recommendations are appropriately resolved.

Other Options:

Accepting Management's Explanation: Without verification (option B) is not appropriate as it may leave risks unmitigated.

Escalating Without Verification: Advising management and escalating (option C) is premature if the new system may already address the issues.

Detailed Process Evaluation: Requiring additional details about the process (option D) may be unnecessary if the auditor can verify the controls directly.

by Ora at Sep 08, 2024, 07:01 PM

Limited Time Offer

25%

Off

Get Premium IIA-CHAL-QISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Shonda

30 days ago

Haha, I bet the new system has built-in controls like a 'Ignore Audit Findings' button. Option C is the way to go, no excuses!

upvoted 0 times

Daniel

2 days ago

Definitely, option C is the best way to address the outstanding audit recommendation and hold management accountable.

upvoted 0 times

...

Oretha

5 days ago

Yeah, the auditor needs to escalate the issue to senior management and the board to ensure accountability.

upvoted 0 times

...

Casie

15 days ago

I agree, management should not be able to just ignore the audit findings by switching to a new system.

upvoted 0 times

...

Fallon

1 months ago

I still think option C is the best course of action to address the outstanding audit recommendation.

upvoted 0 times

...

Almeta

1 months ago

That's a valid point, but it's important to ensure that the agreed action plan is implemented, regardless of the new system.

upvoted 0 times

...

Sunshine

1 months ago

But what if the new IT system really does address the risk? Shouldn't we trust management's decision?

upvoted 0 times

...

Fallon

1 months ago

I agree with Almeta, the auditor should escalate the issue to senior management and the board.

upvoted 0 times

...

Stacey

1 months ago

Option D seems more prudent. The auditor should examine the process for selecting the new system and whether other options were considered before closing the issue.

upvoted 0 times

Barney

16 days ago

It's crucial for the auditor to gather all the necessary information before making a decision on closing the outstanding audit recommendation.

upvoted 0 times

...

Latonia

17 days ago

Definitely. The auditor needs to have a clear understanding of the decision-making process behind selecting the new IT system.

upvoted 0 times

...

Rikki

27 days ago

I agree. It's important to ensure that the new system was chosen thoughtfully and that all options were considered.

upvoted 0 times

...

Elliot

29 days ago

Option D seems more prudent. The auditor should examine the process for selecting the new system and whether other options were considered before closing the issue.

upvoted 0 times

...

Almeta

2 months ago

I think option C is the most appropriate action.

upvoted 0 times

...

Charlette

2 months ago

I agree with Floyd. The auditor should hold management accountable for the previous agreement, regardless of the new system. Option C is the right call here.

upvoted 0 times

Patria

21 days ago

The auditor needs to ensure that the agreed action plan is implemented, regardless of the change in IT systems.

upvoted 0 times

...

Hubert

28 days ago

Agreed, option C is the right call in this situation.

upvoted 0 times

...

Tomas

30 days ago

I think the auditor should escalate the issue to senior management and the board.

upvoted 0 times

...

Sommer

1 months ago

Management should still be held accountable for the previous agreement, even with the new system.

upvoted 0 times

...

Floyd

2 months ago

Option C is the most appropriate. Management can't just ignore the agreed action plan because they decided to move to a new system. The auditor should escalate this to senior management and the board.

upvoted 0 times

France

2 months ago

I agree, the auditor should escalate this to senior management and the board.

upvoted 0 times

...

Marquetta

2 months ago

Option C is the most appropriate. Management can't just ignore the agreed action plan because they decided to move to a new system.

upvoted 0 times

...