Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor performing a review of the IS department
discovers that formal project approval procedures do not
exist. In the absence of these procedures the IS manager has
been arbitrarily approving projects that can be completed in
a short duration and referring other more complicated
projects to higher levels of management for approval. The IS
auditor should recommend as a FIRST course of action that:
A. users participate in the review and approval process.
B. formal approval procedures be adopted and documented.
C. projects be referred to appropriate levels of management
for approval.
D. the IS manager's job description be changed to include
approval authority.
- 2 Answers
- 5435 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
It is imperative that formal written approval procedures be
established to set accountability. This is true of both the
IS manager and higher levels of management. Choices A, C and
D would be subsequent recommendations once authority has
been established.
| Is This Answer Correct ? | 7 Yes | 0 No |
Answer / guest
B. formal approval procedures be adopted and documented.
| Is This Answer Correct ? | 0 Yes | 0 No |
A distinction that can be made between compliance testing and substantive testing is that compliance testing tests: A. details, while substantive testing tests procedures. B. controls, while substantive testing tests details. C. plans, while substantive testing tests procedures. D. for regulatory requirements, while substantive testing tests validations.
When auditing the requirements phase of a software acquisition, the IS auditor should: A. assess the feasibility of the project timetable. B. assess the vendor?s proposed quality processes. C. ensure that the best software package is acquired. D. review the completeness of the specifications.
Which of the following is the MOST important reason for an IS auditor to be involved in a system development project? A. Evaluate the efficiency of resource utilization. B. Develop audit programs for subsequent audits of the system. C. Evaluate the selection of hardware to be used by the system. D. Ensure that adequate controls are built into the system during development.
In a risk-based audit approach an IS auditor should FIRST complete a/an: A. inherent risk assessment. B. control risk assessment. C. test of control assessment. D. substantive test assessment.
Before reporting results of an audit to senior management, an IS auditor should: A. Confirm the findings with auditees. B. Prepare an executive summary and send it to auditee management. C. Define recommendations and present the findings to the audit committee. D. Obtain agreement from the auditee on findings and actions to be taken.
Which of the following is a network architecture configuration that links each station directly to a main hub? A. Bus B. Ring C. Star D. Completed connected
In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, an IS auditor should: A. identify and assess the risk assessment process used by management. B. identify information assets and the underlying systems. C. disclose the threats and impacts to management. D. identify and evaluate the existing controls.
A web-based bookstore has included the customer relationship management (CRM) system in its operations. An IS auditor has been assigned to perform a call center review. Which of the following is the MOST appropriate first step for the IS auditor to take? A. Review the company's performance since the CRM was implemented. B. Review the IT strategy. C. Understand the business focus of the bookstore. D. Interview salespeople and supervisors.
Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway
The Primary purpose of audit trails is to
A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.
Which of the following would be considered an essential feature of a network management system? A. A graphical interface to map the network topology B. Capacity to interact with the Internet to solve the problems C. Connectivity to a help desk for advice on difficult issues D. An export facility for piping data to spreadsheets
Cisco Certifications 
