When evaluating the collective effect of preventive,
detective or corrective controls within a process an IS
auditor should be aware:
A. of the point at which controls are exercised as data
flows through the system.
B. that only preventive and detective controls are relevant.
C. that corrective controls can only be regarded as
compensating.
D. that classification allows an IS auditor to determine
which controls are missing.
Answer Posted / guest
Answer: A
An IS auditor should focus on when controls are exercised as
data flows through a computer system. Choice B is incorrect
since corrective controls may also be relevant. Choice C is
incorrect since corrective controls remove or reduce the
effects of errors or irregularities and are exclusively
regarded as compensating controls. Choice D is incorrect and
irrelevant since the existence and function of controls is
important, not the classification.
Is This Answer Correct ? | 6 Yes | 0 No |
Post New Answer View All Answers