Is it appropriate for an IS auditor from a company that is
considering outsourcing its IS processing to request and
review a copy of each vendor's business continuity plan?
A. Yes, because the IS auditor will evaluate the adequacy of
the service bureau's plan and assist his/her company in
implementing a complementary plan.
B. Yes, because, based on the plan, the IS auditor will
evaluate the financial stability of the service bureau and
its ability to fulfill the contract.
C. No, because the backup to be provided should be specified
adequately in the contract.
D. No, because the service bureau's business continuity plan
is proprietary information.
Answer / guest
Answer: A
The primary responsibility of the IS auditor is to assure
that the company assets are being safeguarded. This is true
even if the assets do not reside on the immediate premises.
Reputable service bureaus will have a well-designed and
tested business continuity plan.
Is This Answer Correct ? | 12 Yes | 2 No |
Which of the following is a substantive test?
An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable? A. Electromagnetic interference (EMI) B. Cross talk C. Dispersion D.Attenuation
Which of the following is an output control objective? A. Maintenance of accurate batch registers B. Completeness of batch processing C. Appropriate accounting for rejections and exceptions D. Authorization of file updates
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules
Which of the following is the MOST important objective of data protection? A. Identifying persons who need access to information B. Ensuring the integrity of information C. Denying or authorizing access to the IS system D. Monitoring logical accesses
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
Utility programs that assemble software modules needed to execute a machine instruction application program version are: A. text editors. B. program library managers. C. linkage editors and loaders. D. debuggers and development aids.
Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual's experience and: A. the length of service since this will help ensure technical competence. B. age as training in audit techniques may be impractical. C. IS knowledge since this will bring enhanced credibility to the audit function. D. ability, as an IS auditor, to be independent of existing IS relationships.
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity
In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the: A. registration authority (RA). B. issuing certification authority (CA). C. subject CA. D. policy management authority.
If the decision has been made to acquire software rather than develop it internally, this decision is normally made during the: A. requirements definition phase of the project. B. feasibility study phase of the project. C. detailed design phase of the project. D. programming phase of the project.