An IS auditor performing an audit of the company's IS
strategy would be LEAST likely to:
A. assess IS security procedures.
B. review both short- and long-term IS strategies.
C. interview appropriate corporate management personnel.
D. ensure that the external environment has been considered.
Answer / guest
Answer: A
When performing an audit of IS strategic planning it is
unlikely that the IS auditor would assess specific security
procedures. During an IS strategy review overall goals and
business plans would be reviewed to determine that the
organization's plans are consistent with its goals.
Is This Answer Correct ? | 9 Yes | 0 No |
Which of the following types of firewalls provide the GREATEST degree and granularity of control? A. Screening router B. Packet filter C. Application gateway D. Circuit gateway
Digital signatures require the: A. signer to have a public key and the receiver to have a private key. B. signer to have a private key and the receiver to have a public key. C. signer and receiver to have a public key. D. signer and receiver to have a private key.
Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer
Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
When reviewing a business process reengineering (BPR) project, which of the following is the MOST important for an IS auditor to evaluate? A. The impact of removed controls. B. The cost of new controls. C. The BPR project plans. D. The continuous improvement and monitoring plans.
Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source
The PRIMARY purpose of compliance tests is to verify whether: A. controls are implemented as prescribed. B. documentation is accurate and current. C. access to users is provided as specified. D. data validation procedures are provided.
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
Which of the following types of controls is designed to provide the ability to verify data and record values through the stages of application processing? A. Range checks B. Run-to-run totals C. Limit checks on calculated amounts D. Exception reports
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.