Which of the following normally would be the MOST reliable
evidence for an auditor?
A. A confirmation letter received from a third party
verifying an account balance
B. Assurance from line management that an application is
working as designed
C. Trend data obtained from World Wide Web (Internet) sources
D. Ratio analysis developed by the IS auditor from reports
supplied by line management
- 1 Answers
- 4117 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Evidence obtained from independent third parties almost
always is considered to be the most reliable. Answers B, C
and D would not be considered as reliable.
| Is This Answer Correct ? | 3 Yes | 0 No |
Which of the following normally would be the MOST reliable evidence for an auditor? A. A confirmation letter received from a third party verifying an account balance B. Assurance from line management that an application is working as designed C. Trend data obtained from World Wide Web (Internet) sources D. Ratio analysis developed by the IS auditor from reports supplied by line management
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
Which of the following is an example of the physiological biometrics technique? A. Hand scans B. Voice scans C. Signature scans D. Keystroke monitoring
Which of the following is an advantage of an integrated test facility (ITF)? A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction. B. Periodic testing does not require separate test processes. C. It validates application systems and tests the ongoing operation of the system. D. It eliminates the need to prepare test data.
Which of the following protocols would be involved in the implementation of a router and interconnectivity device monitoring system? A. Simple network management B. File transfer C. Simple Mail Transfer Protocol D. Telnet
Which of the following audit procedures would an IS auditor normally perform FIRST when reviewing an organization's systems development methodology? A. Determine procedural adequacy. B. Analyze procedural effectiveness. C. Evaluate level of compliance with procedures. D. Compare established standards to observed procedures.
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a: A. preparedness test. B. module test. C. full test. D. walk-through test.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
The FIRST step in data classification is to: A. establish ownership. B. perform a criticality analysis. C. define access rules. D. create a data dictionary.
An audit charter should: A. be dynamic and change often to coincide with the changing nature of technology and the audit profession. B. clearly state audit objectives for the delegation of authority for the maintenance and review of internal controls. C. document the audit procedures designed to achieve the planned audit objectives. D. outline the overall authority, scope and responsibilities of the audit function.
An organization has outsourced network and desktop support. Although the relationship has been reasonably successful, risks remain due to connectivity issues. Which of the following controls should FIRST be performed to assure the organization reasonably mitigates these possible risks? A. Network defense program B. Encryption/Authentication C. Adequate reporting between organizations D. Adequate definition in contractual relationship
Cisco Certifications 
