Isaca Updated CISA Exam Questions and Answers by reeva

The most concerning thing for an IS auditor reviewing an IT strategy document is that the strategic IT goals are derived solely from the latest market trends. An IT strategy document is a blueprint that defines how an organization will use technology to achieve its goals. It should be based on a thorough analysis of the organization’s internal and external factors, such as its vision, mission, values, objectives, strengths, weaknesses, opportunities, threats, customers, competitors, regulations, and industry standards. An IT strategy document should also align with the organization’s business strategy and reflect its unique needs and capabilities. If an IT strategy document is derived solely from the latest market trends, it may not be relevant or appropriate for the organization’s specific situation. It may also lack coherence, consistency, feasibility, or sustainability.

The other options are not as concerning as option C. Target architecture is defined at a technical level is not a concern for an IS auditor reviewing an IT strategy document. Target architecture is the desired state of an organization’s IT systems in terms of their structure, functionality, performance, security, interoperability, and integration. Defining target architecture at a technical level can help an IS auditor to understand how the organization plans to achieve its strategic IT goals and what technical requirements and standards it needs to follow. The previous year’s IT strategic goals were not achieved is not a concern for an IS auditor reviewing an IT strategy document. The previous year’s IT strategic goals are the outcomes that the organization intended to accomplish with its IT initiatives in the past year. Not achieving these goals may indicate some challenges or gaps in the organization’s IT performance or execution. However, this does not necessarily affect the quality or validity of the current IT strategy document. An IS auditor should focus on evaluating whether the current IT strategy document is realistic, measurable, achievable, relevant, and time-bound. Financial estimates of new initiatives are disclosed within the document is not a concern for an IS auditor reviewing an IT strategy document. Financial estimates are projections of the costs and benefits of new initiatives that are part of the IT strategy document. Disclosing financial estimates within the document can help an IS auditor to assess whether the new initiatives are aligned with the organization’s budget and resources and whether they provide value for money. References: IT Strategy Template for a Successful Strategic Plan | Gartner, Definitive Guide to Developing an IT Strategy and Roadmap - CioPages, An Example of a Well-Developed IT Strategy Plan - Resolute

In the event of a disaster where the data center is no longer available, the first step should be to activate the call tree1. A call tree is a layered hierarchical communication model used to notify specific individuals of an event and coordinate recovery efforts1. This ensures that all relevant parties are informed about the situation and can begin executing their parts of the disaster recovery plan1.

References:

IT Disaster Recovery Plan | Ready.gov

The auditor implemented a specific control during the development of the system. This would impair the auditor’s independence, as it would create a self-review threat, which is a situation where an auditor has to evaluate or review the results of his or her own work or judgment1. A self-review threat may compromise the auditor’s objectivity and impartiality, as the auditor may be biased or influenced by his or her own involvement or interest in the system1. The auditor may also face a conflict of interest or a loss of credibility if he or she has to report on any issues or deficiencies related to the control he or she implemented.

Given the large volume of data transactions, continuous monitoring is the best testing strategy for auditing the inventory control process. Continuous monitoring involves the automated review of operational and financial data to identify anomalies or areas of concern12. This approach allows for real-time identification and resolution of issues, making it particularly effective for large organizations with high transaction volumes12.

References: ISACA’s Information Systems Auditor Study Materials1