The FIRST task an IS auditor should complete when performing
an audit in an unfamiliar area is to:
A. design the audit programs for each system or function
involved.
B. develop a set of compliance tests and substantive tests.
C. gather background information pertinent to the new audit.
D. assign human and economical resources.
Answer / guest
Answer: C
Proper planning is the necessary first step in performing
effective audits. The IS auditor's first task should be to
gather background information, such as business sector,
applied benchmarks, specific trends and regulatory and legal
requirements. This will allow the auditor to better
understand what to audit. After gathering initial
information, the auditor would then identify the audit
subject and audit objectives, define the scope, establish
the information systems and functions involved, and identify
the needed resources.
Is This Answer Correct ? | 3 Yes | 0 No |
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Without causing a conflict of interest, a duty compatible with those of a security administrator would be: A. quality assurance. B. application programming. C. systems programming. D. data entry.
Following a reorganization of a company's legacy database, it was discovered that records were accidentally deleted. Which of the following controls would have MOST effectively detected this occurrence? A. Range check B. Table lookups C. Run-to-run totals D. One-for-one checking
An IS auditor reviews an organization chart PRIMARILY for: A. an understanding of workflows. B. investigating various communication channels. C. understanding the responsibilities and authority of individuals. D. investigating the network connected to different employees.
When logging on to an online system, which of the following processes would the system perform FIRST? A. Initiation B. Verification C. Authorization D. Authentication
Which of the following functions would be acceptable for the security administrator to perform in addition to his/her normal functions? A. Systems analyst B. Quality assurance C. Computer operator D. Systems programmer
Utilizing audit software to compare the object code of two programs is an audit technique used to test program: A. logic. B. changes. C. efficiency. D. computations.
Which of the following LAN physical layouts is subject to total loss if one device fails? A. Star B. Bus C. Ring D. Completely connected
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: A. users may prefer to use contrived data for testing. B. unauthorized access to sensitive data may result. C. error handling and credibility checks may not be fully proven. D. full functionality of the new process is not necessarily tested.
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan? A. Yes, because the IS auditor will evaluate the adequacy of the service bureau's plan and assist his/her company in implementing a complementary plan. B. Yes, because, based on the plan, the IS auditor will evaluate the financial stability of the service bureau and its ability to fulfill the contract. C. No, because the backup to be provided should be specified adequately in the contract. D. No, because the service bureau's business continuity plan is proprietary information.
There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is: A. alternative routing. B. diverse routing. C. long-haul network diversity. D. last mile circuit protection.