Free Access IIA.IIA-CIA-Part2.v2022-09-28.q589 Practice Test (Page 107)

Question 526

During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:

A.Review the recovery plan and report weaknesses to management.

B.Update the recovery plan for management as part of the review.

C.Recommend that management and users update and test the recovery plan.

D.Ask management to test the recovery plan immediately.

Question 527

Which of the following would be the best audit procedure to use to determine if a division's unusually high sales and gross margin for November and December were the result of fraudulently recorded sales?

A.Trace a sample of shipping documents to related sales invoices to verify proper billing.

B.Confirm accounts receivable balances with customers.

C.Compare sales and gross margin totals with those of the previous ten months and the first month of the following year.

D.Use regression analysis techniques to estimate the sales and cost of goods sold for November and December.

Question 528

According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management's responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.

A.3 and 4

B.2 and 3

C.1 and 4

D.1 and 2

Question 529

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?