IT Risk Assessment Process Overview

Questions and Answers

What is the purpose of the reporting standards in the ISACA Code of Professional Ethics?

• To communicate audit findings and recommendations effectively (correct)
• To ensure auditors document all material irregularities and illegal acts encountered
• To set out minimum acceptable performance levels
• To disclaim any responsibility for audit outcomes

What information should be included in the report provided by auditors according to the ISACA Code?

• Only the scope of the audit work
• Details like scope, objectives, period of coverage, extent of work performed, etc. (correct)
• General information without specifics
• High-level summaries of findings without details

According to ISACA Code 1402, what is the auditor's responsibility regarding follow-up activities?

• To repeatedly monitor relevant information (correct)
• To conclude that management has taken appropriate action
• To disclaim any responsibility for follow-up
• To ignore any follow-up activities after the initial audit report

What does ISACA state about using the standards mentioned in the 1400 Series?

Sets a minimum level of acceptable performance (D)

Which of the following is NOT a part of the details that should be included in the auditor's report?

Nature of management's response (B)

What is the main responsibility of auditors regarding communication as per ISACA Code?

To communicate audit results effectively to relevant parties (B)

Why does ISACA disclaim that using the standards will not assure a successful outcome?

To encourage auditors to go beyond minimum standards (D)

What is the purpose of auditing follow-up activities as per ISACA Code 1402?

To assess if management has taken appropriate action on audit findings (B)

'Exclusive' in relation to the ISACA Code standards means they:

'Exclude other procedures and tests reasonably directed at obtaining the same results' (C)