Which of the following would be the LEAST likely indication
that complete or selected outsourcing of IS functions should
be considered?
A. The applications development backlog is greater than
three years.
B. It takes one year to develop and implement a
high-priority system.
C. More than 60 percent of programming costs are spent on
system maintenance.
D. Duplicate information systems functions exist at two sites.
Answer / guest
Answer: B
The development and implementation of a high-priority system
typically would take from one year to 18 months. Having it
take one year would not be an indicator that outsourcing
would improve the development time. Choices A, C and D would
all be indicators that outsourcing selected IS functions may
be warranted.
Is This Answer Correct ? | 3 Yes | 0 No |
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be PRIMARILY concerned about: A. the soundness of the impact analysis. B. hardware and software compatibility. C. differences in IS policies and procedures. D. frequency of system testing.
An IS auditor performing an access controls review should be LEAST concerned if: A. audit trails were not enabled. B. programmers have access to the live environment. C. group logons are being used for critical functions. D. the same user can initiate transactions and also change related parameters.
Which of the following is a benefit of using callback devices? A. Provide an audit trail B. Can be used in a switchboard environment C. Permit unlimited user mobility D. Allow call forwarding
An enterprise has established a steering committee to oversee its e-business program. The steering committee would MOST likely be involved in the: A. documentation of requirements. B. escalation of project issues. C. design of interface controls. D. specification of reports.
Which of the following represents the GREATEST potential risk in an EDI environment? A. Transaction authorization B. Loss or duplication of EDI transmissions C. Transmission delay D. Deletion or manipulation of transactions prior to or after establishment of application controls
An IS auditor is reviewing the change management process for an enterprise resource planning (ERP) application. Which of the following is the BEST method for testing program changes? A. Select a sample of change tickets and review them for authorization. B. Perform a walk-through by tracing a program change from start to finish. C. Trace a sample of modified programs to supporting change tickets. D. Use query software to analyze all change tickets for missing fields.
Which of the following satisfies a two-factor user authentication? A. Iris scanning plus finger print scanning B. Terminal ID plus global positioning system (GPS) C. A smart card requiring the user's PIN D. User ID along with password
Which of the following is widely accepted as one of the critical components in networking management? A. Configuration management B. Topological mappings C. Application of monitoring tools D. Proxy server trouble shooting
Which of the following is a role of an IS steering committee? A. Initiate computer applications. B. Ensure efficient use of data processing resources. C. Prepare and monitor system implementation plans. D. Review the performance of the systems department.
Which of the following would be included in an IS strategic plan?
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis