An IS auditor's MAJOR concern as a result of reviewing a
business process reengineering (BPR) project should be
whether the:
A. newly designed business process has key controls in place.
B. changed process will affect organization structure,
finances and personnel.
C. roles for suppliers have been redefined.
D. process has been documented before and after reengineering.
- 1 Answers
- 4475 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The IS auditor should review the redesigned process, assess
the risks, evaluate the controls and recommend the
inclusion, if appropriate, of additional controls. Whether
the changed process affects organizational structure,
finances and personnel, is a concern for the change
management team. The redefinition of roles for suppliers is
normally outside the scope of a BPR project. Choice D is an
important task but not as critical as a strong control
environment.
| Is This Answer Correct ? | 4 Yes | 0 No |
An organization is considering installing a LAN in a site under construction. If system availability is the main concern, which of the following topologies is MOST appropriate? A. Ring B. Line C. Star D. Bus
Prices are charged on the basis of a standard master file rate that changes as volume increases. Any exceptions must be manually approved. What is the MOST effective automated control to help ensure that all price exceptions are approved? A. All amounts are displayed back to the data entry clerk, who must verify them visually. B. Prices outside the normal range should be entered twice to verify data entry accuracy. C. The system beeps when price exceptions are entered and prints such occurrences on a report. D. A second-level password must be entered before a price exception can be processed.
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A. Acceptance testing is to be managed by users. B. A quality plan is not part of the contracted deliverables. C. Not all business functions will be available on initial implementation. D. Prototyping is being used to confirm that the system meets business requirements.
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
An IS auditor needs to link his/her microcomputer to a mainframe system that uses binary synchronous data communications with block data transmission. However, the IS auditor's microcomputer, as presently configured, is capable of only asynchronous ASCII character data communications. Which of the following must be added to the IS auditor's computer to enable it to communicate with the mainframe system? A. Buffer capacity and parallel port B. Network controller and buffer capacity C. Parallel port and protocol conversion D. Protocol conversion and buffer capability
An IS steering committee should: A. include a mix of members from different departments and staff levels. B. ensure that IS security policies and procedures have been executed properly. C. have formal terms of reference and maintain minutes of its meetings. D. be briefed about new trends and products at each meeting by a vendor.
With regard to sampling it can be said that: A. sampling is generally applicable when the population relates to an intangible or undocumented control. B. if an auditor knows internal controls are strong, the confidence coefficient may be lowered. C. attribute sampling would help prevent excessive sampling of an attribute by stopping an audit test at the earliest possible moment. D. variable sampling is a technique to estimate the rate of occurrence of a given control or set of related controls.
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. Policies that result in instant dismissal if violated
When logging on to an online system, which of the following processes would the system perform FIRST? A. Initiation B. Verification C. Authorization D. Authentication
Which of the following types of transmission media provide the BEST security against unauthorized access? A. Copper wire B. Twisted pair C. Fiber-optic cables D. Coaxial cables
Change control procedures to prevent scope creep during an application development project should be defined during: A. design. B. feasibility. C. implementation. D. requirements definition.
Cisco Certifications 
