Which audit technique provides the BEST evidence of the
segregation of duties in an IS department?
A. Discussion with management
B. Review of the organization chart
C. Observation and interviews
D. Testing of user access rights
- 1 Answers
- 12118 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
By observing the IS staff performing their tasks, the IS
auditor can identify whether they are performing any
noncompatible operations and by interviewing the IS staff
the auditor can get an overview of the tasks performed.
Based on the observations and interviews the auditor can
evaluate the segregation of duties. Management may not be
aware of the detailed functions of each employee in the IS
department, therefore discussion with the management would
provide only limited information regarding segregation of
duties. An organization chart would not provide details of
the functions of the employees and testing of user rights
would provide information about the rights they have within
the IS systems, but would not provide complete information
about the functions they perform.
| Is This Answer Correct ? | 8 Yes | 5 No |
To develop a successful business continuity plan, end user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis D. Testing and maintenance
The PRIMARY objective of a business continuity and disaster recovery plan should be to: A. safeguard critical IS assets. B. provide for continuity of operations. C. minimize the loss to an organization. D. protect human life.
The interface that allows access to lower or higher level network services is called: A. firmware. B. middleware. C. X.25 interface. D. utilities.
During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.
The intent of application controls is to ensure that when inaccurate data is entered into the system, the data is: A. accepted and processed. B. accepted and not processed. C. not accepted and not processed. D. not accepted and processed.
Which of the following database administrator (DBA) activities is unlikely to be recorded on detective control logs? A. Deletion of a record B. Change of a password C. Disclosure of a password D. Changes to access rights
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
Which of the following can be used to verify output results and control totals by matching them against the input data and control totals? A. Batch header forms B. Batch balancing C. Data conversion error corrections D. Access controls over print spools
Which of the following is a control to detect an unauthorized change in a production environment? A. Denying programmers access to production data. B. Requiring change request to include benefits and costs. C. Periodically comparing control and current object and source programs. D. Establishing procedures for emergency changes.
Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source
During which phase of a system development process should an IS auditor first raise the issue of application controls? A. Construction B. System design C. Acceptance testing D. Functional specification
A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing? A. Unit testing B. Integration testing C. Design walk-throughs D. Configuration management
Cisco Certifications 
