The use of coding standards is encouraged by IS auditors
because they:
A. define access control tables.
B. detail program documentation.
C. standardize dataflow diagram methodology.
D. ensure compliance with field naming conventions.
Answer / guest
Answer: D
Compliance with field-naming conventions ensures that
ongoing program maintenance can be carried out by different
programmers, and that quality controls are facilitated.
Access control tables, program documentation and data flow
diagram techniques normally would not be included in coding
standards. An IS auditor has to be aware of such standards
and their components so that they know where to look for
information and why such standards are important.
Is This Answer Correct ? | 3 Yes | 0 No |
The FIRST step in data classification is to: A. establish ownership. B. perform a criticality analysis. C. define access rules. D. create a data dictionary.
The role of IT auditor in complying with the Management Assessment of Internal Controls (Section 404 of the Sarbanes-Oxley Act) is: A. planning internal controls B. documenting internal controls C. designing internal controls D. implementing internal controls
An IS auditor performing an access controls review should be LEAST concerned if: A. audit trails were not enabled. B. programmers have access to the live environment. C. group logons are being used for critical functions. D. the same user can initiate transactions and also change related parameters.
The general ledger setup function in an enterprise resource package (ERP) allows for setting accounting periods. Access to this function has been permitted to users in finance, the warehouse and order entry. The MOST likely reason for such broad access is the: A. need to change accounting periods on a regular basis.. B. requirement to post entries for a closed accounting period. C. lack of policies and procedures for the proper segregation of duties. D. need to create/modify the chart of accounts and its allocations.
Which of the following is the MOST important criterion for the selection of a location for an offsite storage facility for IS backup files? The offsite facility must be: A. physically separated from the data center and not subject to the same risks. B. given the same level of protection as that of the computer data center. C. outsourced to a reliable third party. D. equipped with surveillance capabilities.
To meet pre-defined criteria, which of the following continuous audit techniques would BEST identify transactions to audit? A. Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM) B. Continuous and Intermittent Simulation (CIS) C. Integrated Test Facilities (ITF) D. Audit hooks
Which of the following is MOST directly affected by network performance monitoring tools? A. Integrity B. Availability C. Completeness D. Confidentiality
In an audit of a business continuity plan, which of the following findings is of MOST concern? A. There is no insurance for the addition of assets during the year. B. BCP manual is not updated on a regular basis. C. Testing of the backup of data has not been done regularly. D. Records for maintenance of access system have not been maintained.
A hacker could obtain passwords without the use of computer tools or programs through the technique of: A. social engineering. B. sniffers. C. backdoors. D. trojan horses.
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program? A. A system downtime log B. Vendors' reliability figures C. Regularly scheduled maintenance log D. A written preventive maintenance schedule
The corporate office of a company having branches worldwide, developed a control self-assessment program (CSA) for all its offices. Which of the following is the MOST important requirement for a successful CSA? A. Skills of the workshop facilitator B. Simplicity of the questionnaire C. Support from the audit department D. Involvement of line managers