ExpertHard1 markMultiple Choice
CPA · Question 50 · Area III: SOC Engagements
An auditor is testing the 'Termination' process. They sample 10 employees who left the company. For one employee, the Active Directory account was disabled 3 days after their departure date. The policy states 'within 24 hours'. What is the auditor's next step?
An auditor is testing the 'Termination' process. They sample 10 employees who left the company. For one employee, the Active Directory account was disabled 3 days after their departure date. The policy states 'within 24 hours'. What is the auditor's next step?
Answer options:
A.
Ignore it as an isolated incident.
B.
Immediately issue an adverse opinion.
C.
Investigate whether any activity occurred on the account during the 3-day gap.
D.
Change the policy to 'within 3 days'.
How to approach this question
When you find a deviation: 1. Document it. 2. Assess impact (did bad stuff happen?). 3. Expand sample if needed.
Full Answer
C.Investigate whether any activity occurred on the account during the 3-day gap.✓ Correct
C
Upon discovering a control deviation, the auditor should evaluate the implications. Checking for activity determines if a security breach actually occurred, which affects the risk assessment of the deviation.
Common mistakes
Jumping straight to the report opinion without investigating impact.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard