When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware of which of the following?

Posted by: Pdfprep Category: CISA Tags: , ,

When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware of which of the following?
A . The point at which controls are exercised as data flow through the system
B . Only preventive and detective controls are relevant
C . Corrective controls can only be regarded as compensating
D . Classification allows an IS auditor to determine which controls are missing

Answer: A

Explanation:

An IS auditor should focus on when controls are exercised as data flow through a computer system. Choice B is incorrect since corrective controls may also be relevant. Choice C is incorrect, since corrective controls remove or reduce the effects of errors or irregularities and are exclusively regarded as compensating controls. Choice D is incorrect and irrelevant since the existence and function of controls is important, not the classification.

Leave a Reply

Your email address will not be published.