The impact of EDI on internal controls will be:
A. that fewer opportunities for review and authorization
will exist.
B. an inherent authentication.
C. a proper distribution of EDI transactions while in the
possession of third parties.
D. that IPF management will have increased responsibilities
over data center controls.
Answer / guest
Answer: A
EDI promotes a more efficient paperless environment, but at
the same time, less human intervention makes it more
difficult for reviewing and authorizing. Choice B is
incorrect since the interaction between parties is
electronic there is no inherent authentication occurring.
Computerized data can look the same no matter what the
source and does not include any distinguishing human element
or signature. Choice C is incorrect because this is a
security risk associated with EDI. Choice D is incorrect
because there are relatively few, if any, additional data
center controls associated with the implementation of EDI
applications. Instead, more control will need to be
exercised by the user's application system to replace manual
controls, such as site reviews of documents. More emphasis
will need to be placed on control over data transmission
(network management controls).
Is This Answer Correct ? | 2 Yes | 0 No |
An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.
Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
When auditing the requirements phase of a system development project, an IS auditor would: A. assess the adequacy of audit trails. B. identify and determine the criticality of the need. C. verify cost justifications and anticipated benefits. D. ensure that control specifications have been defined.
A LAN administrator normally would be restricted from: A. having end-user responsibilities. B. reporting to the end-user manager. C. having programming responsibilities. D. being responsible for LAN security administration.
A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a: A. digest signature. B. electronic signature. C. digital signature. D. hash signature.
Which of the following is the MOST important consideration when developing a business continuity plan for a bank? A. Antivirus software B. Naming standards C. Customer balance list D. Password policy
When implementing continuous monitoring systems an IS auditor's first step is to identify: A. reasonable target thresholds. B. high-risk areas within the organization. C. the location and format of output files. D. applications that provide the highest potential payback.
Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check
Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality? A. Function point analysis B. Critical path methodology C. Rapid application development D. Program evaluation review technique
When assessing the portability of a database application, the IS auditor should verify that: A. a structured query language (SQL) is used. B. information import and export procedures with other systems exist. C. indexes are used. D. all entities have a significant name and identified primary and foreign keys.
Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally change jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.