A PRIMARY benefit derived from an organization employing
control self-assessment (CSA) techniques is that it:
A. can identify high-risk areas that might need a detailed
review later.
B. allows IS auditors to independently assess risk.
C. can be used as a replacement for traditional audits.
D. allows management to relinquish responsibility for control.
- 1 Answers
- 6389 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
CSA is predicated on the review of high-risk areas that
either need immediate attention, or a more thorough review
at a later date. Answer B is incorrect because CSA requires
the involvement of both auditors and line management. What
occurs is that the internal audit function shifts some of
the control monitoring responsibilities to the functional
areas. Answer C is incorrect because CSA is not a
replacement for traditional audits. CSA is not intended to
replace audit's responsibilities, but to enhance them.
Answer D is incorrect because CSA does not allow management
to relinquish its responsibility for control.
| Is This Answer Correct ? | 5 Yes | 0 No |
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP? A. Full operational test B. Preparedness test C. Paper test D. Regression test
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
Which of the following would MOST likely ensure that a system development project meets business objectives? A. Maintenance of program change logs B. Development of a project plan identifying all development activities C. Release of application changes at specific times of the year D. User involvement in system specification and acceptance
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.
Which of the following is the MOST important consideration when developing a business continuity plan for a bank? A. Antivirus software B. Naming standards C. Customer balance list D. Password policy
Which of the following would be MOST appropriate to ensure the confidentiality of transactions initiated via the Internet? A. Digital signature B. Data encryption standard (DES) C. Virtual private network (VPN) D. Public key encryption
Web and e-mail filtering tools are PRIMARILY valuable to an organization because they: A. Safeguard the organization’s image. B. Maximize employee performance. C. Protect the organization from viruses and nonbusiness materials. D. Assist the organization in preventing legal issues.
The use of coding standards is encouraged by IS auditors because they: A. define access control tables. B. detail program documentation. C. standardize dataflow diagram methodology. D. ensure compliance with field naming conventions.
An IS auditor conducting an access controls review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that: A. exposure is greater since information is available to unauthorized users. B. operating efficiency is enhanced since anyone can print any report, any time. C. operating procedures are more effective since information is easily available. D. user friendliness and flexibility is facilitated since there is a smooth flow of information among users.
A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing? A. Unit testing B. Integration testing C. Design walk-throughs D. Configuration management
An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low. B. hot sites can be used for an extended amount of time. C. hot sites can be made ready for operation within a short period of time. D. they do not require that equipment and systems software be compatible with the primary site.
Cisco Certifications 
