During an implementation review of a multiuser distributed
application, the IS auditor finds minor weaknesses in three
areas-the initial setting of parameters is improperly
installed, weak passwords are being used and some vital
reports are not being checked properly. While preparing the
audit report, the IS auditor should:
A. record the observations separately with the impact of
each of them marked against each respective finding.
B. advise the manager of probable risks without recording
the observations, as the control weaknesses are minor ones.
C. record the observations and the risk arising from the
collective weaknesses.
D. apprise the departmental heads concerned with each
observation and properly document it in the report.
Answer / guest
Answer: C
The weaknesses individually are minor, however together they
have the potential to substantially weaken the overall
control structure. Choices A and D reflect a failure on the
part of the IS auditor to recognize the combined affect of
the control weakness. Advising the local manager without
reporting the facts and observations would conceal the
findings from other stakeholders.
Is This Answer Correct ? | 4 Yes | 0 No |
The most common reason for the failure of information systems to meet the needs of users is that: A. user needs are constantly changing. B. the growth of user requirements was forecast inaccurately. C. the hardware system limits the number of concurrent users. D. user participation in defining the system's requirements was inadequate.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
According to the Committee of Sponsoring Organizations (COSO), the internal control framework consists of which of the following? A. Processes, people, objectives. B. Profits, products, processes. C. Costs, revenues, margins. D. Return on investment, earnings per share, market share.
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
Which of the following ensures completeness and accuracy of accumulated data? A. Processing control procedures B. Data file control procedures C. Output controls D. Application controls
In a data warehouse, data quality is achieved by: A. cleansing. B. restructuring. C. source data credibility. D. transformation.
What type of transmission requires modems? A. Encrypted B. Digital C. Analog D. Modulated
When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify? A. Social engineering B. Windstorm C. Earthquake D. Flooding
The secure socket layer (SSL) protocol addresses the confidentiality of a message through: A. symmetric encryption. B. message authentication code. C. hash function. D. digital signature certificates.
An IS auditor auditing hardware monitoring procedures should review A. system availability reports. B. cost-benefit reports. C. response time reports. D. database utilization reports.
The use of coding standards is encouraged by IS auditors because they: A. define access control tables. B. detail program documentation. C. standardize dataflow diagram methodology. D. ensure compliance with field naming conventions.