Interested to Buy Any Domain ? << Click Here >> for more details...
During an implementation review of a multiuser distributed
application, the IS auditor finds minor weaknesses in three
areas-the initial setting of parameters is improperly
installed, weak passwords are being used and some vital
reports are not being checked properly. While preparing the
audit report, the IS auditor should:
A. record the observations separately with the impact of
each of them marked against each respective finding.
B. advise the manager of probable risks without recording
the observations, as the control weaknesses are minor ones.
C. record the observations and the risk arising from the
collective weaknesses.
D. apprise the departmental heads concerned with each
observation and properly document it in the report.
- 1 Answers
- 6907 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The weaknesses individually are minor, however together they
have the potential to substantially weaken the overall
control structure. Choices A and D reflect a failure on the
part of the IS auditor to recognize the combined affect of
the control weakness. Advising the local manager without
reporting the facts and observations would conceal the
findings from other stakeholders.
| Is This Answer Correct ? | 4 Yes | 0 No |
When auditing a mainframe operating system, what would the IS auditor do to establish which control features are in operation? A. Examine the parameters used when the system was generated B. Discuss system parameter options with the vendor C. Evaluate the systems documentation and installation guide D. Consult the systems programmers
Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
Which of the following is an objective of a control self-assessment (CSA) program? A. Audit responsibility enhancement B. Problem identification C. Solution brainstorming D. Substitution for an audit
An IS auditor auditing hardware monitoring procedures should review A. system availability reports. B. cost-benefit reports. C. response time reports. D. database utilization reports.
Which of the following is a disadvantage of image processing? A. Verifies signatures B. Improves service C. Relatively inexpensive to use D. Reduces deterioration due to handling
Which of the following types of risks assumes an absence of compensating controls in the area being reviewed? A. Control risk B. Detection risk C. Inherent risk D. Sampling risk
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? A. Check digit B. Existence check C. Completeness check D. Reasonableness check
Which is the first software capability maturity model (CMM) level to include a standard software development process? A. Initial (level 1) B. Repeatable (level 2) C. Defined (level 3) D. Optimizing (level 5)
A PRIMARY benefit derived from an organization employing control self-assessment (CSA) techniques is that it: A. can identify high-risk areas that might need a detailed review later. B. allows IS auditors to independently assess risk. C. can be used as a replacement for traditional audits. D. allows management to relinquish responsibility for control.
Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks? A. Gateway B. Protocol converter C. Front-end communication processor D. Concentrator/multiplexor
Information requirement definitions, feasibility studies and user requirements are significant considerations when: A. defining and managing service levels. B. identifying IT solutions. C. managing changes. D. assessing internal IT control.
Which of the following BEST provides access control to payroll data being processed on a local server? A. Logging of access to personal information B. Separate password for sensitive transactions C. Software restricts access rules to authorized staff D. System access restricted to business hours
Cisco Certifications 
