Interested to Buy Any Domain ? << Click Here >> for more details...
When auditing the requirements phase of a software
acquisition, the IS auditor should:
A. assess the feasibility of the project timetable.
B. assess the vendor?s proposed quality processes.
C. ensure that the best software package is acquired.
D. review the completeness of the specifications.
- 2 Answers
- 12441 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
The purpose of the requirements phase is to specify the
functionality of the proposed system; therefore the IS
auditor would concentrate on the completeness of the
specifications. The decision to purchase a package from a
vendor would come after the requirements have been
completed. Therefore choices B and C are incorrect. Choice A
is incorrect because a project timetable normally would not
be found in a requirements document.
| Is This Answer Correct ? | 7 Yes | 0 No |
Answer / antoine
B. assess the vendor?s proposed quality processes.
| Is This Answer Correct ? | 2 Yes | 4 No |
Which of the following data validation edits is effective in detecting transposition and transcription errors? A. Range check B. Check digit C. Validity check D. Duplicate check
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
Which of the following processes describes risk assessment? Risk assessment is: A. subjective. B. objective. C. mathematical. D. statistical.
LANs: A. protect against virus infection. B. protect against improper disclosure of data. C. provide program integrity from unauthorized changes. D. provide central storage for a group of users.
After implementation of a disaster recovery plan (DRP), pre-disaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon nature of the business.
An advantage of using sanitized live transactions in test data is that: A. all transaction types will be included. B. every error condition is likely to be tested. C. no special routines are required to assess the results. D. test transactions are representative of live processing.
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them? A. A neural network B. Database management software C. Management information systems D. Computer assisted audit techniques
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A. Acceptance testing is to be managed by users. B. A quality plan is not part of the contracted deliverables. C. Not all business functions will be available on initial implementation. D. Prototyping is being used to confirm that the system meets business requirements.
An IS auditor reviewing back-up procedures for software need only determine that: A. object code libraries are backed up. B. source code libraries are backed up. C. both object and source codes libraries are backed up. D. program patches are maintained at the originating site.
Cisco Certifications 
