QUESTION: 317

As part of an audit response, an auditee has concerns with the recommendations and is hesitant to implement them. Which of the following would be the BEST course of action for the IS auditor?

Suggest hiring a third-party consultant to perform a current state assessment.
Issue a final report without including the opinion of the auditee.
Conduct further discussions with the auditee to develop a mitigation plan.
Accept the auditee's response and perform additional testing.

Answer(s): C

Show Answer Next Question

After discussing findings with an auditee, an IS auditor is required to obtain approval of the report from the CEO before issuing it to the audit committee. This requirement PRIMARILY affects the IS auditor's:

judgment
effectiveness
independence
integrity

Answer(s): C

Show Answer Next Question

QUESTION: 319

During a review of IT service desk practices, an IS auditor notes that help desk personnel are spending more time fulfilling user requests for password resets than resolving critical incidents. Which of the following recommendations to IT management would BEST address this situation?

Calculate the age of incident tickets and alert senior IT personnel when they exceed service level agreements (SLAs).
Provide annual password management training to end users to reduce the number of instances requiring password resets.
Incentivize service desk personnel to close incidents within agreed service levels.
Implement a self-service solution and redirect users to access frequently requested services.

Answer(s): D

Show Answer Next Question