Which of the following is the BEST form of transaction
validation?
A. Use of key field verification techniques in data entry
B. Use of programs to check the transaction against criteria
set by management
C. Authorization of the transaction by supervisory personnel
in an adjacent department
D. Authorization of the transaction by a department
supervisor prior to the batch process
Answer / guest
Answer: B
Use of programs to check the transaction against criteria
set by management is the best answer because validation
involves comparison of the transaction against predefined
criteria.
Is This Answer Correct ? | 2 Yes | 0 No |
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.
In the development of an important application affecting the entire organization, which of the following would be the MOST appropriate project sponsor? A. The information systems manager B. A member of executive management C. An independent management consultant D. The manager of the key user department
Creation of an electronic signature: A. encrypts the message. B. verifies where the message came from. C. cannot be compromised when using a private key. D. cannot be used with e-mail systems.
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
An IS auditor is assigned to perform a post implementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: A. implemented a specific control during the development of the application system. B. designed an embedded audit module exclusively for auditing the application system. C. participated as a member of the application system project team, but did not have operational responsibilities. D.provided consulting advice concerning application system best practices.
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them? A. A neural network B. Database management software C. Management information systems D. Computer assisted audit techniques
The PRIMARY reason for using digital signatures is to ensure data: A. confidentiality. B. integrity. C. availability. D. timeliness.
The MAJOR concern for an IS auditor when reviewing an organization's business process reengineering (BRP) efforts is: A. cost overrun of the project. B. employees resistance to change. C. key controls may be removed from a business process. D. lack of documentation of new processes.
When selecting software, which of the following business and technical issues is the MOST important to be considered? A. Vendor reputation B. Requirements of the organization C. Cost factors D. Installed base
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that: A. this lack of knowledge may lead to unintentional disclosure of sensitive information. B. information security is not critical to all functions. C. IS audit should provide security training to the employees. D. the audit finding will cause management to provide continuous training to staff.
Which of the following issues should be included in the business continuity plan? A. The staff required to maintain critical business functions in the short, medium and long term B. The potential for a natural disaster to occur, such as an earthquake C. Disastrous events impacting information systems processing and end-user functions D. A risk analysis that considers systems malfunctions, accidental file deletions or other failures