Which of the following is the MOST important function to be
performed by IS management when a service has been outsource?
A. Ensuring that invoices are paid to the provider
B. Participating in systems design with the provider
C. Renegotiating the provider's fees
D. Monitoring the outsourcing provider's performance
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
In an outsourcing environment, the company is dependent on
the performance of the service provider. Therefore, it is
critical the outsourcing provider's performance be monitored
to ensure that services are delivered to the company as
required. Payment of invoices is a finance function, which
would be done per contractual requirements. Participating in
systems design is a by-product of monitoring the outsourcing
provider's performance, while renegotiating fees is usually
a one-time activity.
Is This Answer Correct ? | 7 Yes | 1 No |
Answer / guest
D. Monitoring the outsourcing provider's performance
Is This Answer Correct ? | 3 Yes | 0 No |
In a risk-based audit approach an IS auditor should FIRST complete a/an: A. inherent risk assessment. B. control risk assessment. C. test of control assessment. D. substantive test assessment.
Which of the following would not prevent the loss of an asset but would assist in recovery by transferring part of the risk to a third party? A. Full system backups B. Insurance C. Testing D. Business impact analysis
A hub is a device that connects: A. two LANs using different protocols. B. a LAN with a WAN. C. a LAN with a metropolitan area network (MAN). D. two segments of a single LAN.
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them? A. A neural network B. Database management software C. Management information systems D. Computer assisted audit techniques
When reviewing a system development project an IS auditor would be PRIMARILY concerned with whether: A. business objectives are achieved. B. security and control procedures are adequate. C. the system utilizes the strategic technical infrastructure. D. development will comply with the approved quality management processes
When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that: A. a clear business case has been approved by management. B. corporate security standards will be met. C. users will be involved in the implementation plan. D. the new system will meet all required user functionality.
Which of the following data validation edits is effective in detecting transposition and transcription errors? A. Range check B. Check digit C. Validity check D. Duplicate check
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.
When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify? A. Social engineering B. Windstorm C. Earthquake D. Flooding
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
In planning an audit, the MOST critical step is the identification of the:
Which of the following should be the FIRST step of an IS audit? A. Create a flowchart of the decision branches. B. Gain an understanding of the environment under review. C. Perform a risk assessment. D. Develop the audit plan.