Isaca Updated CISA Exam Questions and Answers by minha

The primary advantage of this approach is that it improves audit efficiency. Audit efficiency is the measure of how well the audit resources are used to achieve the audit objectives. Audit efficiency can be enhanced by using methods or techniques that can save time, cost, or effort without compromising the quality or scope of the audit. By requesting direct access to data required to perform audit procedures instead of asking management to provide the data, the auditor can reduce the dependency on management’s cooperation, availability, or timeliness. The auditor can also avoid potential delays, errors, or biases that may occur when management provides the data. References:

CISA Review Manual (Digital Version), Chapter 2, Section 2.41

CISA Online Review Course, Domain 1, Module 1, Lesson 42

 The most important thing for an IS auditor to confirm when reviewing an organization’s plans to implement robotic process automation (RPA) to automate routine business tasks is that the end-to-end process is understood and documented. This is because RPA involves the use of software robots or digital workers to mimic human actions and execute predefined rules and workflows. Therefore, it is essential that the IS auditor verifies that the organization has a clear and accurate understanding of the current state of the process, the desired state of the process, the inputs and outputs, the exceptions and errors, the roles and responsibilities, and the performance measures12. Without a properdocumentation of the end-to-end process, the organizationmay face challenges in designing, developing, testing, deploying, and monitoring the RPA solution3. References: 1: CISA ReviewManual (Digital Version), Chapter 4: Information Systems Operations and Business Resilience, Section 4.2: IT Service Delivery and Support, page 211 2:CISA Online Review Course, Module 4: Information Systems Operations and Business Resilience, Lesson 4.2: IT Service Delivery and Support 3: ISACA Journal Volume 5, 2019, Article: Robotic Process Automation: Benefits, Risks and Controls

The primary advantage of a decentralized database architecture over a centralized one is that it reduces the concentration of risk in a single location or single service point. Because data and processing are distributed, the effect of a single outage or denial of service event is generally reduced compared with a centralized architecture, where one core point of failure can disrupt the whole environment.

Option A is therefore the best answer. Decentralization improves resilience by avoiding total dependency on one central database or service node. In audit and risk terms, this lowers the impact of certain availability attacks or failures by distributing exposure.

Option B is incorrect because real-time synchronization over public networks is usually more difficult, not easier, in decentralized environments. Distributed synchronization introduces latency, consistency, and network management challenges.

Option C is incorrect because transaction consistency is generally harder to maintain in decentralized systems. Distributed databases often trade some degree of simplicity or immediacy of consistency for resilience, scalability, or local autonomy.

Option D is incorrect because uniform security policy enforcement is usually easier in centralized architectures, where governance and administration can be applied from a single control point.

So the correct answer is A, because the main architectural benefit of decentralization in this context is reduced single-point failure risk and reduced impact from centralized service disruption.

References (Official ISACA):

ISACA Glossary — control and architecture terminology reference.

ISACA COBIT resources — governance and resilience principles support reducing concentration risk through architectural design choices.