When performing a review of the structure of an electronic
funds transfer (EFT) system, an IS auditor observes that the
technological infrastructure is based on a centralized
processing scheme that has been outsourced to a provider in
another country. Based on this information, which of the
following conclusions should be the main concern of the IS
auditor?
A. There could be a question with regards to the legal
jurisdiction.
B. Having a provider abroad will cause excesive costs in
future audits.
C. The auditing process will be difficult because of the
distances.
D. There could be different auditing norms.
- 2 Answers
- 4537 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
In the funds transfer process, when the processing scheme is
centralized in a different country, there could be legal
issues of jurisdiction that might affect the right to
perform a review in the other country. The other choices,
though possible, are not as relevant as the issue of legal
jurisdiction.
| Is This Answer Correct ? | 6 Yes | 0 No |
Answer / guest
A. There could be a question with regards to the legal
jurisdiction.
| Is This Answer Correct ? | 2 Yes | 0 No |
A probable advantage to an organization that has outsourced its data processing services is that: A. needed IS expertise can be obtained from the outside. B. greater control can be exercised over processing. C. processing priorities can be established and enforced internally. D. greater user involvement is required to communicate user needs.
A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is: A. an independent review of the transaction listing. B. a programmed edit check to prevent entry of invalid data. C. programmed reasonableness checks with 20 percent data entry range. D. a visual verification of data entered by the processing department.
An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as: A. critical. B. vital. C. sensitive. D. noncritical.
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a: A. preparedness test. B. module test. C. full test. D. walk-through test.
Detection risk refers to: A. concluding that material errors do not exist, when in fact they do. B. controls that fail to detect an error. C. controls that detect high-risk errors. D. detecting an error but failing to report it.
Which of the following controls is LEAST likely to detect changes made online to master records? A. Update access to master file is restricted to a supervisor independent of data entry. B. Clerks enter updates online and are finalized by an independent supervisor. C. An edit listing of all updates is produced daily and reviewed by an independent supervisor. D. An update authorization form must be approved by an independent supervisor before entry.
After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools? A. Differential reporting B. False positive reporting C. False negative reporting D. Less detail reporting
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility? A. Security awareness B. Reading the security policy C. Security committee D. Logical access controls
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
Which of the following network topologies yields the GREATEST redundancy in the event of the failure of one node? A. Mesh B. Star C. Ring D. Bus
Which of the following is the FIRST thing an IS auditor should do after the discovery of a trojan horse program in a computer system? A. Investigate the author. B. Remove any underlying threats. C. Establish compensating controls. D. Have the offending code removed.
Cisco Certifications 
