Which of the following tests is an IS auditor performing
when a sample of programs is selected to determine if the
source and object versions are the same?
A. A substantive test of program library controls
B. A compliance test of program library controls
C. A compliance test of the program compiler controls
D. A substantive test of the program compiler controls
- 1 Answers
- 5465 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
A compliance test determines if controls are operating as
designed and are being applied in a manner that complies
with management policies and procedures. For example, if the
IS auditor is concerned whether program library controls are
working properly, the IS auditor might select a sample of
programs to determine if the source and object versions are
the same. In other words, the broad objective of any
compliance test is to provide auditors with reasonable
assurance that a particular control on which the auditor
plans to rely is operating as the auditor perceived it in
the preliminary evaluation.
| Is This Answer Correct ? | 10 Yes | 1 No |
What data should be used for regression testing? A. Different data than used in the previous test B. The most current production data C. The data used in previous tests D. Data produced by a test data generator
Receiving an EDI transaction and passing it through the communications interface stage usually requires: A. translating and unbundling transactions. B. routing verification procedures. C. passing data to the appropriate application system. D. creating a point of receipt audit log.
In a risk-based audit approach, an IS auditor should FIRST complete :
A single digitally signed instruction was given to a financial institution to credit a customer's account. The financial institution received the instruction three times and credited the account three times. Which of the following would be the MOST appropriate control against such multiple credits? A. Encrypting the hash of the payment instruction with the public key of the financial institution. B. Affixing a time stamp to the instruction and using it to check for duplicate payments. C. Encrypting the hash of the payment instruction with the private key of the instructor. D. Affixing a time stamp to the hash of the instruction before being digitally signed by the instructor.
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? A. Function point analysis B. PERT chart C. Rapid application development D. Object-oriented system development
Which of the following is a measure of the size of an information system based on the number and complexity of a system?s inputs, outputs and files? A. Function point (FP) B. Program evaluation review technique (PERT) C. Rapid application design (RAD) D. Critical path method (CPM)
Which of the following is an objective of a control self-assessment (CSA) program? A. Concentration on areas of high risk B. Replacement of audit responsibilities C. Completion of control questionnaires D. Collaborative facilitative workshops
Which of the following is a strength of the program evaluation review technique (PERT) over other techniques? PERT: A. considers different scenarios for planning and control projects. B. allows the user to input program and system parameters. C. tests system maintenance processes accurately. D. estimates costs of system projects.
Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files? A. Program evaluation review technique (PERT) B. Rapid application development (RAD) C. Function point analysis (FPA) D. Critical path method (CPM)
An IS auditor performing an access controls review should be LEAST concerned if: A. audit trails were not enabled. B. programmers have access to the live environment. C. group logons are being used for critical functions. D. the same user can initiate transactions and also change related parameters.
Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant? A. Ownership of program and files B. Statement of due care and confidentiality C. Continued service of outsourcer in the event of a disaster D. Detailed description of computer hardware used by the vendor
Cisco Certifications 
