A manufacturing firm wants to automate its invoice payment
system. Objectives state that the system should require
considerably less time for review and authorization and the
system should be capable of identifying errors that require
follow up. Which of the following would BEST meet these
objectives?
A. Establishing an inter-networked system of client servers
with suppliers for increased efficiencies
B. Outsourcing the function to a firm specializing in
automated payments and accounts receivable/invoice processing
C. Establishing an EDI system of electronic business
documents and transactions with key suppliers, computer to
computer, in a standard format
D. Reengineering the existing processing and redesigning the
existing system
- 1 Answers
- 6046 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
EDI is the best answer. Properly implemented (e.g.,
agreements with trading partners transaction standards,
controls over network security mechanisms in conjunction
with application controls) EDI is best suited to identify
and follow up on errors more quickly, given reduced
opportunities for review and authorization.
| Is This Answer Correct ? | 8 Yes | 1 No |
Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions? A. Response B. Correction C. Detection D. Monitoring
Which of the following is critical to the selection and acquisition of the correct operating system software? A. Competitive bids B. User department approval C. Hardware-configuration analysis D. Purchasing department approval
When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify? A. Social engineering B. Windstorm C. Earthquake D. Flooding
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
The impact of EDI on internal controls will be: A. that fewer opportunities for review and authorization will exist. B. an inherent authentication. C. a proper distribution of EDI transactions while in the possession of third parties. D. that IPF management will have increased responsibilities over data center controls.
Which of the following alternative business recovery strategies would be LEAST appropriate for an organization with a large database and online communications network environment? A. Hot site B. Cold site C. Reciprocal agreement D. Dual information processing facilities
An IS auditor, in evaluating proposed biometric control devices reviews the false rejection rates (FRRs), false acceptance rates (FARs) and equal error rates (ERRs) of three different devices. The IS auditor should recommend acquiring the device having the: A. least ERR. B. most ERR. C. least FRR but most FAR. D. least FAR but most FRR.
Which of the following network topologies yields the GREATEST redundancy in the event of the failure of one node? A. Mesh B. Star C. Ring D. Bus
An IS auditor reviewing an organization's IT strategic plan should FIRST review: A. the existing IT environment. B. the business plan. C. the present IT budget. D. current technology trends.
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity
With reference to the risk management process, which of the following statements is correct? A. Vulnerabilities can be exploited by a threat. B. Vulnerabilities are events with the potential to cause harm to IS resources. C. Vulnerability exists because of threats associated with use of information resources. D. Lack of user knowledge is an example of a threat.
Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source
Cisco Certifications 
