Isaca CISA Exam With Confidence Using Practice Dumps

The audit procedure that would have most likely identified the exception of critical servers not included in the central log repository is to compare a list of all servers from the directory server against a list of all servers present in the central log repository. This would allow the IS auditor to detect any discrepancies or omissions in the central log repository. The other audit procedures (A, C and D) would not be effective in identifying this exception, as they would only focus on the alerts generated, the alert settings configured, or the servers included in the previous year’s audit, which may not reflect the current state of the central log repository. References: IS Audit and Assurance Guideline 2202: Evidence Collection Techniques, CISA Review Manual (Digital Version), Chapter 5: Protection of Information Assets, Section 5.3: Logging and Monitoring

 The finding that should be the IS auditor’s greatest concern is that the data model is not clearly documented. A data model is a representation of the structure, relationships, and constraints of the data used by an application. It is a vital component of the software development process, as it helps to ensure the accuracy, consistency, and quality of the data1. A clear and comprehensive documentation of the data model is essential for the maintenance and support of the application, as it facilitates the understanding, modification, and troubleshooting of the data and the application logic2.

If the organization plans to bring the support and future maintenance of the application back in-house, it will need to have access to the data model documentation from the vendor. Without it, the organization may face difficulties in transferring the knowledge and skills from the vendor to the in-house team, as well as in adapting and enhancing the application to meet changing businessneeds and requirements3. The lack of data model documentation may also increase therisk of errors, inconsistencies, and inefficiencies in the data and the application performance2.

The other findings are not as concerning as the lack of data model documentation, because they do not directly affect the quality and maintainability of the application. The cost of outsourcing is lowerthan in-house development is a benefit rather than a risk for the organization, as it implies that outsourcing has helped to save time and money for the organization4. The vendor development team is located overseas is a common practice in outsourcing, and it does not necessarily imply a lower quality or a higher risk of the application. However, it may pose some challenges in terms of communication, coordination, and cultural differences, which can bemanaged by establishing clear expectations, roles, and responsibilities, as well as using effective tools and methods for communication and collaboration5. A training plan for business users has not been developed is a gap that should be addressed by the organization before deploying the application, as it may affect the user acceptance and satisfaction of the application. However, it does not directly impact the quality or maintainability of the application itself. References:

What is Data Modeling? Definition & Types | Informatica1

Data Modeling Best Practices: Documentation | erwin2

Data Model Documentation - an overview |ScienceDirect Topics3

Outsourcing App Development Pros and Cons – Droids On Roids4

8 Risks of Software Development Outsourcing & Their Solutions - Acropolium5

Software Training Plan: How to Create One for Your Business - Elinext