IIA Exam IIA-CIA-Part2 Topic 8 Question 100 Discussion

Actual exam question for IIA's IIA-CIA-Part2 exam

Question #: 100
Topic #: 8

Which of the following would be most useful for an internal auditor to obtain during the preliminary survey of an engagement on internal controls over user access management?

AThe policy for granting, modifying, and deleting user access to ensure processing requirements are clearly articulated.

BA sample of change request forms to verify whether the forms bear the required approval for the user access change.

CUser access reports that were reviewed by management to ensure that access rights are appropriate for employee roles.

DA current listing of system users and an employee listing to determine whether system users are active employees of the organization.

Show Suggested Answer

Suggested Answer: A

Step-by-Step Detailed Explanation:

A . The policy for granting, modifying, and deleting user access:

Correct. Understanding the policy ensures the auditor knows the framework and controls in place.

B . A sample of change request forms:

Useful for testing but not as foundational as reviewing the policy.

C . User access reports reviewed by management:

This evaluates monitoring but does not establish a baseline understanding of controls.

D . A current listing of system users and employees:

Important for reconciliation but secondary to understanding the control framework.

CIA Exam Syllabus Reference:

Domain V: Performing Internal Audit Services -- Preliminary Surveys.

by Florinda at Apr 06, 2025, 05:13 AM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!