Exam CISA Topic 3 Question 244 Discussion
Actual exam question for ISACA's CISA exam
Question #: 244
Topic #: 3
Question #: 244
Topic #: 3
During the planning stage of a compliance audit, an IS auditor discovers that a bank ' s inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What should the auditor do FIRST?
Suggested Answer: A Vote an answer
Asking management why the regulatory changes have not been included is the first thing that an IS auditor should do during the planning stage of a compliance audit. An IS auditor should inquire about the reasons for not updating the inventory of compliance requirements with recent regulatory changes related to managing data risk. This will help the IS auditor to understand whether there is a gap in awareness, communication, or implementation of compliance obligations within the organization. The other options are not the first things that an IS auditor should do, but rather possible subsequent actions that may depend on management's response. References:
CISA Review Manual (Digital Version), Chapter 2, Section 2.31
CISA Review Questions, Answers and Explanations Database, Question ID 214
CISA Review Manual (Digital Version), Chapter 2, Section 2.31
CISA Review Questions, Answers and Explanations Database, Question ID 214
by Hilary at Jul 12, 2026, 06:11 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).