A long-term IS employee with a strong technical background
and broad managerial experience has applied for a vacant
position in the IS audit department. Determining whether to
hire this individual for this position should be based on
the individual's experience and:
A. the length of service since this will help ensure
technical competence.
B. age as training in audit techniques may be impractical.
C. IS knowledge since this will bring enhanced credibility
to the audit function.
D. ability, as an IS auditor, to be independent of existing
IS relationships.
- 2 Answers
- 6949 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
Independence should be continually assessed by the auditor
and management. This assessment should consider such factors
as changes in personal relationships, financial interests
and prior job assignments and responsibilities. The fact
that the employee has worked in IS for many years may not in
itself ensure credibility. The audit department's needs
should be defined and any candidate should be evaluated
against those requirements. In addition, the length of
service will not ensure technical competency, and evaluating
an individual's qualifications based on the age of the
individual is not a good criterion and is illegal in many
parts of the world.
| Is This Answer Correct ? | 6 Yes | 0 No |
Answer / guest
D. ability, as an IS auditor, to be independent of existing
IS relationships.
| Is This Answer Correct ? | 5 Yes | 0 No |
When planning an audit of a network set up, the IS auditor should give highest priority to obtaining which of the following network documentation? A. Wiring and schematic diagram B. Users list and responsibilities C. Applications list and their details D. Backup and recovery procedures
Which of the following is a benefit of using callback devices? A. Provide an audit trail B. Can be used in a switchboard environment C. Permit unlimited user mobility D. Allow call forwarding
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
Which of the following is a measure of the size of an information system based on the number and complexity of a system?s inputs, outputs and files? A. Function point (FP) B. Program evaluation review technique (PERT) C. Rapid application design (RAD) D. Critical path method (CPM)
Disaster recovery planning addresses the: A. technological aspect of business continuity planning. B. operational piece of business continuity planning. C. functional aspect of business continuity planning. D. overall coordination of business continuity planning.
When reviewing an organization's logical access security, which of the following would be of the MOST concern to an IS auditor? A. Passwords are not shared. B. Password files are encrypted. C. Redundant logon IDs are deleted. D. The allocation of logon IDs is controlled.
In planning an audit, the MOST critical step is the identification of the:
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify? A. Social engineering B. Windstorm C. Earthquake D. Flooding
When a new system is to be implemented within a short time frame, it is MOST important to: A. finish writing user manuals. B. perform user acceptance testing. C. add last-minute enhancements to functionalities. D. ensure that code has been documented and reviewed.
Cisco Certifications 
