CISA-JPN 試験問題 336
新しい財務アプリケーションの開発では、情報システム監査人が最初に関与すべき事項は次のとおりです。
正解: B
In the development of a new financial application, the IS auditor's first involvement should be in the feasibility study. A feasibility study is a preliminary analysis that evaluates the technical, operational, economic, and legal aspects of a proposed project or system. A feasibility study helps determine whether the project or system is viable, feasible, and desirable for the organization and its stakeholders.
The IS auditor's role in the feasibility study is to provide an independent and objective assessment of the project or system's risks, benefits, costs, and impacts. The IS auditor should also ensure that the feasibility study follows a structured and systematic approach, considers all relevant factors and alternatives, and complies with the organization's policies and standards. The IS auditor should also verify that the feasibility study is documented and communicated to the appropriate decision-makers.
The IS auditor's involvement in the feasibility study is important because it can help:
* Identify and mitigate potential risks and issues that could affect the project or system's success
* Evaluate and justify the project or system's alignment with the organization's strategy, goals, and value proposition
* Estimate and optimize the project or system's resources, budget, schedule, and quality
* Assess and enhance the project or system's security, reliability, performance, and usability
* Ensure that the project or system meets the expectations and requirements of the users and other stakeholders The other three options are not the first involvement of the IS auditor in the development of a new financial application, although they may be part of the subsequent stages of the development process. Control design is the process of defining and implementing controls that ensure the security, integrity, availability, and efficiency of the system. Application design is the process of specifying the functional and technical features of the system. System test is the process of verifying that the system meets the specifications and requirements.
Therefore, feasibility study is the best answer.
References:
* [Feasibility Study - ISACA]
* [IS Auditing Guideline G13 Performing an IS Audit Engagement - ISACA]
The IS auditor's role in the feasibility study is to provide an independent and objective assessment of the project or system's risks, benefits, costs, and impacts. The IS auditor should also ensure that the feasibility study follows a structured and systematic approach, considers all relevant factors and alternatives, and complies with the organization's policies and standards. The IS auditor should also verify that the feasibility study is documented and communicated to the appropriate decision-makers.
The IS auditor's involvement in the feasibility study is important because it can help:
* Identify and mitigate potential risks and issues that could affect the project or system's success
* Evaluate and justify the project or system's alignment with the organization's strategy, goals, and value proposition
* Estimate and optimize the project or system's resources, budget, schedule, and quality
* Assess and enhance the project or system's security, reliability, performance, and usability
* Ensure that the project or system meets the expectations and requirements of the users and other stakeholders The other three options are not the first involvement of the IS auditor in the development of a new financial application, although they may be part of the subsequent stages of the development process. Control design is the process of defining and implementing controls that ensure the security, integrity, availability, and efficiency of the system. Application design is the process of specifying the functional and technical features of the system. System test is the process of verifying that the system meets the specifications and requirements.
Therefore, feasibility study is the best answer.
References:
* [Feasibility Study - ISACA]
* [IS Auditing Guideline G13 Performing an IS Audit Engagement - ISACA]
CISA-JPN 試験問題 337
IS 監査人は、IT 管理者がバランスト スコアカードを使用して次のことを行うことを推奨する可能性が最も高いでしょう。
正解: D
A balanced scorecard is a strategic planning framework that companies use to assign priority to their products, projects, and services; communicate about their targets or goals; and plan their routine activities1. The scorecard enables companies to monitor and measure the success of their strategies to determine how well they have performed. A balanced scorecard for IT management can help assess IT functions and processes by defining four perspectives: financial, customer, internal business process, and learning and growth2. These perspectives can help IT management align their IT objectives with the organization's vision and mission, identify and prioritize the key performance indicators (KPIs) for IT, and evaluate the effectiveness and efficiency of IT operations and services3.
References
1: Balanced Scorecard - Overview, Four Perspectives 2: The IT Balanced Scorecard (BSC) Explained - BMC Software 3: A BALANCED SCORECARD (BSC) FOR IT PERFORMANCE MANAGEMENT - SAS Support
References
1: Balanced Scorecard - Overview, Four Perspectives 2: The IT Balanced Scorecard (BSC) Explained - BMC Software 3: A BALANCED SCORECARD (BSC) FOR IT PERFORMANCE MANAGEMENT - SAS Support
CISA-JPN 試験問題 338
監査目標が確立される主な根拠は次のうちどれですか?
正解: B
The primary basis on which audit objectives are established is the consideration of risks12. This involves identifying and assessing the risks that could prevent the organization from achieving its objectives12. The audit objectives are then designed to address these risks and provide assurance that the organization's controls are effective in managing them12. While audit risk, assessment of prior audits, and business strategy are important factors in the audit process, they are secondary to the fundamental requirement of considering risks12.
References:
Objectives of Auditing - Primary and Secondary Objectives of Auditing | Auditing Management Notes Audit Objectives | Primary and Subsidiary Audit Objectives - EDUCBA
References:
Objectives of Auditing - Primary and Secondary Objectives of Auditing | Auditing Management Notes Audit Objectives | Primary and Subsidiary Audit Objectives - EDUCBA
CISA-JPN 試験問題 339
支払い取引データが適切なユーザーに制限されるようにするための最良の方法はどれですか?
正解: C
The best way to ensure payment transaction data is restricted to the appropriate users is implementing role- based access at the application level. Role-based access is a method of access control that assigns permissions or privileges to users based on their roles or functions within an organization or system. Role-based access can help ensure that payment transaction data is restricted to the appropriate users, by allowing only authorized users who have a legitimate need or purpose to access or use the payment transaction data, and preventing unauthorized or unnecessary access or use by other users. Implementing two-factor authentication is a possible way to enhance the security and verification of user identities, but it is not the best way to ensure payment transaction data is restricted to the appropriate users, as it does not define what permissions or privileges users have on the payment transaction data. Restricting access to transactions using network security software is a possible way to protect the network communication and transmission of payment transaction data, but it is not the best way to ensure payment transaction data is restricted to the appropriate users, as it does not specify what actions or operations users can perform on the payment transaction data.
Using a single menu for sensitive application transactions is a possible way to simplify the user interface and navigation of payment transaction data, but it is not the best way to ensure payment transaction data is restricted to the appropriate users, as it does not limit what users can access or use the payment transaction data.
Using a single menu for sensitive application transactions is a possible way to simplify the user interface and navigation of payment transaction data, but it is not the best way to ensure payment transaction data is restricted to the appropriate users, as it does not limit what users can access or use the payment transaction data.
CISA-JPN 試験問題 340
次のどれがビジネスクリティカルなアプリケーションの監査の品質に最も貢献しますか?
正解: D
Involving the application owner early in the audit planning process is the best way to contribute to the quality of an audit of a business-critical application. The application owner has a deep understanding of the application and its business context, which can provide valuable insights for the audit. Early involvement can also help ensure that the audit is aligned with the business objectives and risks, and that any potential issues are identified and addressed promptly12.
References:
Business Critical Applications: An In-Depth Look
Framework for Audit Quality - IFAC
References:
Business Critical Applications: An In-Depth Look
Framework for Audit Quality - IFAC
- 他のバージョン
- 1179ISACA.CISA-JPN.v2025-06-05.q596
- 1112ISACA.CISA-JPN.v2025-05-16.q572
- 2172ISACA.CISA-JPN.v2023-04-10.q297
- 2047ISACA.CISA-JPN.v2023-04-03.q306
- 2185ISACA.CISA-JPN.v2023-03-20.q319
- 2226ISACA.CISA-JPN.v2022-08-01.q273
- 2286ISACA.CISA-JPN.v2022-05-28.q253
- 最新アップロード
- 140NCLEX.NCLEX-RN.v2026-06-27.q583
- 111Juniper.JN0-232.v2026-06-27.q23
- 110BICSI.INSTC_V8.v2026-06-27.q59
- 150Cisco.300-710.v2026-06-26.q474
- 141ISACA.CISM.v2026-06-26.q913
- 126Salesforce.Integration-Architect.v2026-06-26.q116
- 147Cisco.350-401.v2026-06-26.q363
- 136Salesforce.MC-101.v2026-06-26.q44
- 129CheckPoint.156-315.81.v2026-06-26.q678
- 195Peoplecert.MSP-Practitioner.v2026-06-24.q75