Isaca Updated CISA Exam Questions and Answers by hania

The best way to address segregation of duties issues in an organization with budget constraints is to implement compensating controls, which are alternative controls that reduce or eliminate the risk of errors or fraud due to inadequate segregation of duties. Compensating controls may include independent reviews, reconciliations, approvals, or supervisions. Rotating job duties periodically may reduce the risk of collusion or abuse of privileges, but it may also affect operational efficiency and continuity. Performing an independent audit may detect segregation of duties issues, but it does not prevent them. Hiring temporary staff may increase operational costs and introduce new risks. References: CISA Review Manual (Digital Version), Chapter 2, Section 2.4

Reviewing input and output control reports to verify the accuracy of the system decisions is the most important procedure for the IS auditor to perform during the post-implementation review of intelligent-agent software for granting loans to customers, because it can help identify any errors or anomalies in the system logic or data that may affect the quality and reliability of the system outcomes. Reviewing system and error logs, signed approvals, and system documentation are also important procedures, but they are not as critical as verifying the accuracy of the system decisions. References: CISA Review Manual (Digital Version), Chapter 4, Section 4.2.21

 The best method to safeguard data on an organization’s laptop computers is full disk encryption. Full disk encryption is a technique that encrypts all the data stored on a hard drive, including the operating system, applications, files, and folders. This means that if the laptop is lost, stolen, or accessed by an unauthorized person, they will not be able to read or modify any data without knowing the encryption key or password. Full disk encryption provides a strong level of protection for data at rest, as it prevents data leakage or exposure in case of physical theft or loss of the device.

References:

• How to Protect the Data on Your Laptop
• 6 Steps to Practice Strong Laptop Security

Controls to minimize risk and maximize value for the IT portfolio should be the most important consideration when conducting a review of IT portfolio management, because they ensure that the IT portfolio aligns with the business strategy, objectives, and priorities, and that the IT investments deliver optimal benefits and outcomes. Assignment of responsibility for each project to an IT team member, adherence to best practice and industry approved methodologies, and frequency of meetings where the business discusses the IT portfolio are also relevant aspects of IT portfolio management, but they are not as important as controls to minimize risk and maximize value. References: CISA Review Manual (Digital Version), Chapter 1, Section 1.2.3