Interested to Buy Any Domain ? << Click Here >> for more details...
When conducting a review of business process re-engineering,
an IS auditor found that a key preventive control had been
removed. In this case, the IS auditor should:
A. inform management of the finding and determine if
management is willing to accept the potential material risk
of not having that preventing control.
B. determine if a detective control has replaced the
preventive control during the process and if so, not report
the removal of the preventive control.
C. recommend that this and all control procedures that
existed before the process was reengineered be included in
the new process.
D. develop a continuous audit approach to monitor the
effects of the removal of the preventive control.
- 2 Answers
- 11275 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Choice A is the best answer. Management should be informed
immediately to determine if they are willing to accept the
potential material risk of not having that preventive
control in place. The existence of a detective control
instead of a preventive control usually increases the risks
that a material problem may occur. Often during a BPR many
non-value-added controls will be eliminated. This is good,
unless they increase the business and financial risks. The
IS auditor may wish to monitor or recommend that management
monitor the new process, but this should be done only after
management has been informed and accepts the risk of not
having the preventive control in place.
| Is This Answer Correct ? | 12 Yes | 0 No |
Answer / antoine
A. inform management of the finding and determine if
management is willing to accept the potential material risk
of not having that preventing control.
| Is This Answer Correct ? | 4 Yes | 0 No |
Change management procedures are established by IS management to: A. control the movement of applications from the test environment to the production environment. B. control the interruption of business operations from lack of attention to unresolved problems. C. ensure the uninterrupted operation of the business in the event of a disaster. D. verify that system changes are properly documented.
The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as: A. rules. B. decision trees. C. semantic nets. D. data flow diagrams.
The MAIN reason for requiring that all computer clocks across an organization be synchronized is to: A. prevent omission or duplication of transactions. B. ensure smooth data transition from client machines to servers. C. ensure that email messages have accurate time stamps. D. support the incident investigation process.
The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.
If the decision has been made to acquire software rather than develop it internally, this decision is normally made during the: A. requirements definition phase of the project. B. feasibility study phase of the project. C. detailed design phase of the project. D. programming phase of the project.
The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.
The PRIMARY objective of an IS audit function is to: A. determine whether everyone uses IS resources according to their job description. B. determine whether information systems safeguard assets, and maintain data integrity. C. examine books of accounts and relative documentary evidence for the computerized system. D. determine the ability of the organization to detect fraud.
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? A. Review software migration records and verify approvals. B. Identify changes that have occurred and verify approvals. C. Review change control documentation and verify approvals. D. Ensure that only appropriate staff can migrate changes into production.
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
Which of the following is a substantive audit test? A. Verifying that a management check has been performed regularly B. Observing that user IDs and passwords are required to sign on the computer C. Reviewing reports listing short shipments of goods received D. Reviewing an aged trial balance of accounts receivable
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
The rate of change of technology increases the importance of: A. outsourcing the IS function. B. implementing and enforcing good processes. C. hiring personnel willing to make a career within the organization. D. meeting user requirements.
Cisco Certifications 
