Interested to Buy Any Domain ? << Click Here >> for more details...
Once an organization has finished the business process
reengineering (BPR) of all its critical operations, the IS
auditor would MOST likely focus on a review of:
A. pre-BPR process flowcharts.
B. post-BPR process flowcharts.
C. BPR project plans.
D. continuous improvement and monitoring plans.
- 2 Answers
- 7980 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
The IS auditor's task is to identify and ensure that key
controls have been incorporated into the reengineered
process. Choice A is incorrect because an IS auditor must
review the process as it is today, not as it was in the
past. Choices C and D are incorrect because they are steps
within a BPR project.
| Is This Answer Correct ? | 6 Yes | 0 No |
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
Which of the following is a strength of a client-server security system? A. Change control and change management procedures are inherently strong. B. Users can manipulate data without controlling resources on the mainframe. C. Network components seldom become obsolete. D. Access to confidential data or data manipulation is controlled tightly.
In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: A. isolation. B. consistency. C. atomicity. D. durability.
The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.
An IS auditor doing penetration testing during an audit of Internet connections would: A. evaluate configurations. B. examine security settings. C. ensure virus-scanning software is in use. D. use tools and techniques that are available to a hacker.
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
A database administrator is responsible for: A. defining data ownership. B. establishing operational standards for the data dictionary. C. creating the logical and physical database. D. establishing ground rules for ensuring data integrity and security.
Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster? A. The alternate facility will be available until the original information processing facility is restored. B. User management was involved in the identification of critical systems and their associated critical recovery times. C. Copies of the plan are kept at the homes of key decision making personnel. D. Feedback to management assuring them that the business continuity plans are indeed workable and that the procedures are current.
IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.
A request for a change to a report format in a module (subsystem) was made. After making the required changes, the programmer should carry out: A. unit testing. B. unit and module testing. C. unit, module and regression testing. D. module testing.
Which of the following audit procedures would an IS auditor normally perform FIRST when reviewing an organization's systems development methodology? A. Determine procedural adequacy. B. Analyze procedural effectiveness. C. Evaluate level of compliance with procedures. D. Compare established standards to observed procedures.
When developing a risk management program, the FIRST activity to be performed is a/an: A. threats assessment. B. classification of data. C. inventory of assets. D. criticality analysis.
Cisco Certifications 
