If you look at the org chart then you are only going to end up looking at the job descriptions and will still have questions. However, a manager can directly tell you about the job duties of their staff.
Option A (Discuss with IT Managers) could also be useful, but it could potentially be limited in scope. IT Managers would likely be knowledgeable about the responsibilities of their staff and could provide useful information. However, their understanding might be focused on their specific department and may not include a comprehensive view of the segregation of duties across the entire organization. Additionally and MORE important is managers might have biased views or blind spots about their own department's operations, Management WOULD NEVER disclose their loopholes to Auditors.
It’s actually answer B. I spoke to two CISA certified auditors, and they confirmed the correct answer is B. So I would go back and triple-check this answer.
Thank you. I failed my first CISA exam. I wish I had seen this before, because it has made me think from a different perspective when looking at the questions. I know the manual back to front but interpreting the questions is still difficult.
🔍 Looking at ACLs, checking access controls, and using data analytics are better for checking duties in a system audit than just talking with IT managers. These ways give real proof of who can do what and test if controls work well, showing duties more clearly and fairly. Talking with IT managers can be biased by personal views. So, I think both looking at the organization's structure (D) and talking (A) are important, each making up 50%. But using the "odd man out" idea, I'd pick A as the best choice when you can't use direct evidence or active tests.
Good video. Maybe it's just me, I do have a Project Management cert. Lets say you have a signed off Audit Charter. I could be wrong since I'm very early in my CISA studying. I would think planning would have something like plan communication management. Part of that would be communicating with stakeholders. A stakeholder would be the IT manager. IT manager(s) would have high importance for having the audit/assessment done, so discussing SOD with IT manager(s) would be something they could resolve or give guidance to so that you can move forward with auditing/assessing to find that it is true or false.
To know more about CISA complete package please visit our website www.cisathismuch.com
If you look at the org chart then you are only going to end up looking at the job descriptions and will still have questions. However, a manager can directly tell you about the job duties of their staff.
Option A (Discuss with IT Managers) could also be useful, but it could potentially be limited in scope. IT Managers would likely be knowledgeable about the responsibilities of their staff and could provide useful information. However, their understanding might be focused on their specific department and may not include a comprehensive view of the segregation of duties across the entire organization. Additionally and MORE important is managers might have biased views or blind spots about their own department's operations, Management WOULD NEVER disclose their loopholes to Auditors.
It’s actually answer B. I spoke to two CISA certified auditors, and they confirmed the correct answer is B. So I would go back and triple-check this answer.
Thank you. I failed my first CISA exam. I wish I had seen this before, because it has made me think from a different perspective when looking at the questions. I know the manual back to front but interpreting the questions is still difficult.
Glad its helping you, understanding the correct reading skills is extremely crucial for passing the exam. You will surely pass the exam this time
🔍 Looking at ACLs, checking access controls, and using data analytics are better for checking duties in a system audit than just talking with IT managers. These ways give real proof of who can do what and test if controls work well, showing duties more clearly and fairly.
Talking with IT managers can be biased by personal views.
So, I think both looking at the organization's structure (D) and talking (A) are important, each making up 50%.
But using the "odd man out" idea, I'd pick A as the best choice when you can't use direct evidence or active tests.
Good video. Maybe it's just me, I do have a Project Management cert. Lets say you have a signed off Audit Charter. I could be wrong since I'm very early in my CISA studying. I would think planning would have something like plan communication management. Part of that would be communicating with stakeholders. A stakeholder would be the IT manager. IT manager(s) would have high importance for having the audit/assessment done, so discussing SOD with IT manager(s) would be something they could resolve or give guidance to so that you can move forward with auditing/assessing to find that it is true or false.
yes its right
Sir I am a CA and working in psu as manager and I have earlier experience of ca firm. Am my experience is eligible for CISA certification
Yes you are. You can enter in IT Audits without experience.
Thank you sir for reply.
@@aadityasthis-muchlearnings2758 experience is reqd than how can I go without experience
Soooo many you know