Examice

Exam CISA All QuestionsBrowse all questions from this exam

Go to Exam

Question 229

What is the MAIN purpose of an organization's internal IS audit function?

Provide assurance to management about the effectiveness of the organization's risk management and internal controls.

Identify and initiate necessary changes in the control environment to help ensure sustainable improvement.

Review the organization's policies and procedures against industry best practice and standards.

Independently attest the organization's compliance with applicable legal and regulatory requirements.

Correct Answer: A

The main purpose of an organization's internal IS audit function is to provide assurance to management about the effectiveness of the organization's risk management and internal controls. This is the primary objective of internal auditing, which focuses on evaluating and improving the effectiveness of governance, risk management, and control processes.

Discussion

ChangwhaOption: A

A. Provide assurance to management about the effectiveness of the organization's risk management and internal controls.

BA27Option: A

A. Provide assurance to management about the effectiveness of the organization's risk management and internal controls.

[Removed]Option: A

Assurance first of all

Ray81Option: B

IS audit is not all about assurance. Audit reports usually indicate areas of necessary improvement in control effectiveness or implementations

46080f2Option: A

A. is the corect answer. The main purpose of an organization's internal IS audit function is to ensure effective risk management and internal controls through direct, dependent reporting to top management. The means to fulfill this main purpose is then e.g. the identification of necessary changes for a sustainable improvement process as listed under B.

RachyOption: A

A. Provide assurance. B is not correct because we identify but don’t initiate a control improvement, rather we make recommendations.