An organization acquiring other businesses continues using
its legacy EDI systems, and uses three separate value added
network (VAN) providers. No written VAN agreements exist.
The IS auditor should recommend that management:
A. obtain independent assurance of the third party service
providers.
B. set up a process for monitoring the service delivery of
the third party.
C. ensure that formal contracts are in place.
D. consider agreements with third party service providers in
the development of continuity plans.
- 1 Answers
- 5870 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Written agreements would assist management in ensuring
compliance with external requirements. While management
should obtain independent assurance of compliance, this can
not be achieved until there is a contract in place. One
aspect of managing third party services is to provide
monitoring, however, this can not be achieved until there is
a contract. Ensuring that VAN agreements are available for
review may assist in the development of continuity plans if
they are deemed critical IT resources, however, this can not
be achieved until there is a contract in place.
| Is This Answer Correct ? | 2 Yes | 0 No |
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
The development of an IS security policy is ultimately the responsibility of the: A. IS department. B. security committee. C. security administrator. D. board of directors.
Compensating controls are intended to: A. reduce the risk of an existing or potential control weakness. B. predict potential problems before they occur. C. remedy problems discovered by detective controls. D. report errors or omissions.
Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly? A. Using key verification B. Segregating the data entry function from data entry verification C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks D. Adding check digits
When developing a risk management program, the FIRST activity to be performed is a/an: A. threats assessment. B. classification of data. C. inventory of assets. D. criticality analysis.
An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error
Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.
In a risk-based audit approach an IS auditor should FIRST complete a/an: A. inherent risk assessment. B. control risk assessment. C. test of control assessment. D. substantive test assessment.
Which of the following would normally be found in application run manuals? A. Details of source documents B. Error codes and their recovery actions C. Program flowcharts and file definitions D. Change records for the application source code
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations
The use of object-oriented design and development techniques would MOST likely: A. facilitate the ability to reuse modules. B. improve system performance. C. enhance control effectiveness. D. speed up the system development life cycle.
A dry-pipe fire extinguisher system is a system that uses: A. water, but in which water does not enter the pipes until a fire has been detected. B. water, but in which the pipes are coated with special watertight sealants. C. carbon dioxide instead of water. D. halon instead of water.
Cisco Certifications 
