XML Feeds
| « Overdeliveries in SAP Inventory Management - How to Allow Overdeliveries in SAP | Total Cost of Internal Controls - Sarbanes Oxley Section 404 Control Performance and Assessment of Controls » |
Compensating Controls CISA Practice Questions - CISA Exam Database
Compensating Controls CISA Practice Questions - CISA Exam Database
Q). After identifying a weakness in control, what is the first action an IS auditor should take?
A. Suggest a corrective action
B. Take the finding directly to the steering committee
C. Try and find a compensating control for the identified weakness
D. Take note of it for inclusion in the final audit report
Answer: Correct answer is "C". After identifying a weakness in controls, an IS auditor should review compensating controls before reporting such weakness. A single control normally does not fully achieve a control objective. The IS auditor will have to evaluate a number of controls in order to meet the control objectives.
Related CISA Exam Questions
Data Processing Requirements
Risk Based Audit Approach
Quantitative Risk Analysis
IS Security Policy
Feedback awaiting moderation
This post has 2 feedbacks awaiting moderation...