Isaca Updated CISA Exam Questions and Answers by kaiden

 The greatest benefit of adopting an international IT governance framework rather than establishing a new framework based on the actual situation of a specific organization is wide acceptance by different business and support units with IT governance objectives. An international IT governance framework, such as COBIT, provides a common language and understanding for IT governance among various stakeholders, such as management, users, auditors and regulators. This facilitates alignment, communication and collaboration among them. Readily available resources, comprehensive coverage and fewer resources expended are also benefits of adopting an international IT governance framework, but they are not the greatest benefit. References: CISA Review Manual (Digital Version) , Chapter 1, Section 1.3.1.

Data collection and obtaining consentis themost critical regulatory requirementwhen using customer data for AI training, especially under laws likeGDPR, CCPA, and ISO 27701.

Collection of Data and Obtaining Consent (Correct Answer – C)

Ensures compliance withprivacy lawsthat require explicit customer consent.

Example:UnderGDPR, companies mustinform usershow their data will be used and allow them toopt out.

AI Algorithm Accuracy (Incorrect – A)

Important formodel performancebutnot a primary legal concern.

Ethical Use of Computing Resources (Incorrect – B)

Ethical considerations are valuable butnot a regulatory priority.

Continuous Monitoring of AI (Incorrect – D)

Ensuresperformance, butregulatory compliance focuses on data privacy.

The correct answer is B. External audit.

An external audit provides the strongest assurance of objectivity because it is performed by an independent party outside the organization. A governing body, such as the board or audit committee, relies on independent assurance to determine whether information system controls have been reviewed without management bias or internal influence.

Option A is not the best answer because an administrative audit generally focuses on administrative procedures or operational compliance and does not necessarily provide independent assurance over IS controls. Option C is not the best answer because a forensic audit is usually performed to investigate suspected fraud, misconduct, or evidence-related matters. Option D is valuable, but internal audit is still part of the organization; therefore, an external audit generally provides stronger objective assurance to the governing body.

This maps to Information Systems Auditing Process , because ISACA’s CISA Exam Content Outline includes IS audit standards, audit execution, evidence, reporting, and assurance activities under Domain 1. ( ISACA )