Download Full Version CISA Isaca Exam

An outsourced accounting application has the most inherent risk and should be prioritized during audit planning because it involves external parties, sensitive data, and complex transactions that are susceptible to material misstatement, error, or fraud12. An outsourced accounting application also requires more oversight and monitoring from the internal audit department to ensure compliance with the service level agreement and the organization’s policies and standards3.

References

1: Inherent Risk: Definition, Examples, and 3 Types of Audit Risks 2: 3 Types of Audit Risk - Inherent, Control and Detection - Accountinguide 3: IS Audit Basics: The Core of IT Auditing

The change management process is the set of procedures and activities that ensure that changes to the information system are authorized, tested, documented, and implemented in a controlled manner12. A defect in a recent release indicates that there may be issues with the quality assurance, testing, or approval of the changes, which could affect the reliability, security, and performance of the system3 . Therefore, the auditor’s next step should be to evaluate the change management process and identify the root cause of the defect, as well as the impact and remediation of the incident.

References

1: Change Management - CISA

2: What is Change Management? - Definition from Techopedia

3: How to Audit Change Management - ISACA Journal

The Business Case for Security | CISA

This control is best implemented through system configuration because it can be enforced automatically by setting a parameter in the network operating system or directory service. This ensures that temporary workers do not have access to the network beyond their authorized period, and reduces the risk of unauthorized or malicious use of their accounts12.

References1: Configuration and Change Management - CISA2: What is IT Governance? - Definition from Techopedia