Many organizations require an employee to take a mandatory
vacation (holiday) of a week or more to:
A. ensure the employee maintains a quality of life, which
will lead to greater productivity.
B. reduce the opportunity for an employee to commit an
improper or illegal act.
C. provide proper cross training for another employee.
D. eliminate the potential disruption caused when an
employee takes vacation one day at a time.
Answer / guest
Answer: B
Required vacations/holidays of a week or more duration in
which someone other than the regular employee performs the
job function is often mandatory for sensitive positions.
This reduces the opportunity to commit improper or illegal
acts, and during this time it may be possible to discover
any fraudulent activity that was taking place. Choices A, C
and D all could be organizational benefits from a mandatory
vacation policy, but not the reason why it is established.
Is This Answer Correct ? | 21 Yes | 1 No |
When auditing the requirements phase of a software acquisition, the IS auditor should: A. assess the feasibility of the project timetable. B. assess the vendor?s proposed quality processes. C. ensure that the best software package is acquired. D. review the completeness of the specifications.
Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
The PRIMARY purpose of undertaking a parallel run of a new system is to: A. verify that the system provides required business functionality. B. validate the operation of the new system against its predecessor. C. resolve any errors in the program and file interfaces. D. verify that the system can process the production load.
The FIRST step in data classification is to: A. establish ownership. B. perform a criticality analysis. C. define access rules. D. create a data dictionary.
An IT steering committee would MOST likely perform which of the following functions? A. Placement of a purchase order with the approved IT vendor B. Installation of systems software and application software C. Provide liaison between IT department and user department D. Interview staff for the IT department
Which of the following is a check (control) for completeness? A. Check digits B. Parity bits C. One-for-one checking D. Prerecorded input
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and inter-user communications D. Performance management, audit and control
The BEST overall quantitative measure of the performance of biometric control devices is: A. false rejection rate. B. false acceptance rate. C. equal error rate. D. estimated error rate.
When an IS auditor obtains a list of current users with access to a WAN/LAN and verifies that those listed are active associates, the IS auditor is performing a: A. compliance test. B. substantive test. C. statistical sample. D. risk assessment.