Interested to Buy Any Domain ? << Click Here >> for more details...
Without compensating controls, which of the following
functions would represent a risk if combined with that of a
system analyst?
A. Application programming
B. Data entry
C. Quality assurance
D. Database administrator
- 1 Answers
- 6070 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
A system analyst should not perform quality assurance (QA)
duties as independence would be impaired, since the systems
analyst is part of the team developing/designing the
software. A system analyst can perform the other functions.
The best example is a citizen programmer. A citizen (name
related to citizen, since they have the right to do all or
anything) programmer who has access to development tools can
do all aspects while developing software (design,
development, testing, implementation). Only good
compensatory controls would be able to monitor/control these
activities. Compensating controls will ensure these
functions have been effectively performed. If an analyst
compromises on functions in these roles, it can be detected
immediately with the help of compensating controls. However,
a system analyst should be discouraged from performing the
role of QA, since quality assurance levels could be
compromised if it does not meet the agreed standards.
| Is This Answer Correct ? | 8 Yes | 0 No |
An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.
The use of residual biometric information to gain unauthorized access is an example of which of the following attacks? A. Replay B. Brute force C. Cryptographic D. Mimic
A data warehouse is: A. object orientated. B. subject orientated. C. departmental specific. D. a volatile databases.
When reviewing a system development project at the project initiation stage, an IS auditor finds that the project team is following the organization's quality manual. To meet critical deadlines the project team proposes to fast track the validation and verification processes, commencing some elements before the previous deliverable is signed off. Under these circumstances, the IS auditor would MOST likely: A. report this as a critical finding to senior management. B. accept that different quality processes can be adopted for each project. C. report to IS management the team's failure to follow quality procedures. D. report the risks associated with fast tracking to the project steering committee.
The FIRST task an IS auditor should complete when performing an audit in an unfamiliar area is to: A. design the audit programs for each system or function involved. B. develop a set of compliance tests and substantive tests. C. gather background information pertinent to the new audit. D. assign human and economical resources.
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules
In a small organization, where segregation of duties is not practical, an employee performs the function of computer operator and application programmer. Which of the following controls should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide segregation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. Policies that result in instant dismissal if violated
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
The impact of EDI on internal controls will be: A. that fewer opportunities for review and authorization will exist. B. an inherent authentication. C. a proper distribution of EDI transactions while in the possession of third parties. D. that IPF management will have increased responsibilities over data center controls.
As a result of a business process reengineering (BPR) project: A. an IS auditor would be concerned with the key controls that existed in the prior business process and not those in the new process. B. system processes are automated in such a way that there are more manual interventions and manual controls. C. the newly designed business processes usually do not involve changes in the way(s) of doing business. D. advantages usually are realized when the reengineering process appropriately suits the business and risk.
Which of the following is the MOST important function to be performed by IT management within an outsourced environment? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance
Cisco Certifications 
