Interested to Buy Any Domain ? << Click Here >> for more details...
When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
A. incorporates state of the art technology.
B. addresses the required operational controls.
C. articulates the IT mission and vision.
D. specifies project management practices.
- 1 Answers
- 3454 Views
- I also Faced
- E-Mail Answers
The correct answer is C.
A. The plan does not need to address state of the art technology; the decision to implement new technology is dependent on the approach to risk and management strategy.
B. The plan does not need to address operational controls because those are too granular for strategic planning.
C. The IT strategic plan must include a clear articulation of the IT mission and vision.
D. The plan should be implemented with proper project management, but the plan does not need to address project management practices.
Question #: 147 CISA Job Practice Task Statement: 2.1
| Is This Answer Correct ? | 6 Yes | 0 No |
When conducting a review of business process re-engineering, an IS auditor found that a key preventive control had been removed. In this case, the IS auditor should: A. inform management of the finding and determine if management is willing to accept the potential material risk of not having that preventing control. B. determine if a detective control has replaced the preventive control during the process and if so, not report the removal of the preventive control. C. recommend that this and all control procedures that existed before the process was reengineered be included in the new process. D. develop a continuous audit approach to monitor the effects of the removal of the preventive control.
An enterprise has established a steering committee to oversee its e-business program. The steering committee would MOST likely be involved in the: A. documentation of requirements. B. escalation of project issues. C. design of interface controls. D. specification of reports.
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:
A debugging tool, which reports on the sequence of steps executed by a program, is called a/an: A. output analyzer. B. memory dump. C. compiler. D. logic path monitor.
As a result of a business process reengineering (BPR) project: A. an IS auditor would be concerned with the key controls that existed in the prior business process and not those in the new process. B. system processes are automated in such a way that there are more manual interventions and manual controls. C. the newly designed business processes usually do not involve changes in the way(s) of doing business. D. advantages usually are realized when the reengineering process appropriately suits the business and risk.
Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)? A. Analyzer B. Administration console C. User interface D. Sensor
Of the following, the MAIN purpose for periodically testing offsite backup facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules
A validation which ensures that input data are matched to predetermined reasonable limits or occurrence rates, is known as: A. Reasonableness check. B. Validity check. C. Existence check. D. Limit check.
Large-scale systems development efforts: A. are not affected by the use of prototyping tools. B. can be carried out independent of other organizational practices. C. require that business requirements be defined before the project begins. D. require that project phases and deliverables be defined during the duration of the project.
In which of the following phases of the system development life cycle (SDLC) is it the MOST important for the IS auditor to participate? A. Design B. Testing C. Programming D. Implementation
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
Cisco Certifications 
