The primary role of an IS auditor during the system design
phase of an application development project is to:
A. advise on specific and detailed control procedures.
B. ensure the design accurately reflects the requirement.
C. ensure all necessary controls are included in the initial
design.
D. advise the development manager on adherence to the schedule.
Answer / guest
Answer: C
The duty of the IS auditor is to ensure that required
controls are included. Unless specifically present as a
consultant, the IS auditor should not be involved in
detailed designs. During the design phase, the IS auditor's
primary role is to ensure controls are included. Unless
there is any potential slippage to report, the IS auditor is
not concerned with project control at this stage.
Is This Answer Correct ? | 9 Yes | 0 No |
Which of the following alternative business recovery strategies would be LEAST appropriate for an organization with a large database and online communications network environment? A. Hot site B. Cold site C. Reciprocal agreement D. Dual information processing facilities
Which of the following is an example of the physiological biometrics technique? A. Hand scans B. Voice scans C. Signature scans D. Keystroke monitoring
Which of the following ensures completeness and accuracy of accumulated data? A. Processing control procedures B. Data file control procedures C. Output controls D. Application controls
What is a risk associated with attempting to control physical access to sensitive areas, such as computer rooms, through card keys, locks, etc.? A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. B. The contingency plan for the organization cannot effectively test controlled access practices. C. Access cards, keys, and pads can be easily duplicated allowing easy compromise of the control. D. Removing access for people no longer authorized is complex.
Linux is an __________ operating system
Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files? A. Program evaluation review technique (PERT) B. Rapid application development (RAD) C. Function point analysis (FPA) D. Critical path method (CPM)
Which of the following is a substantive audit test? A. Verifying that a management check has been performed regularly B. Observing that user IDs and passwords are required to sign on the computer C. Reviewing reports listing short shipments of goods received D. Reviewing an aged trial balance of accounts receivable
In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, an IS auditor should: A. identify and assess the risk assessment process used by management. B. identify information assets and the underlying systems. C. disclose the threats and impacts to management. D. identify and evaluate the existing controls.
Data flow diagrams are used by IS auditors to: A. order data hierarchically. B. highlight high-level data definitions. C. graphically summarize data paths and storage. D. portray step-by-step details of data generation.
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features that can be implemented in this environment, which of the following makes implementation and maintenance difficult? A. User isolation B. Controlled remote access C. Transparent remote access D. The network environments
A network diagnostic tool that monitors and records network information is a/an: A. online monitor. B. downtime report. C. help desk report. D. protocol analyzer.