The responsibility for designing, implementing and
maintaining a system of internal control lies with:
A. the IS auditor.
B. management.
C. the external auditor.
D. the programming staff.
- 2 Answers
- 6462 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
Designing, implementing and maintaining a system of internal
controls, including the prevention and detection of fraud is
the responsibility of management. The IS auditor assesses
the risks, and performs tests to detect irregularities
created by weaknesses in the structure of internal controls.
| Is This Answer Correct ? | 11 Yes | 0 No |
Which of the following is the MOST important reason for an IS auditor to be involved in a system development project? A. Evaluate the efficiency of resource utilization. B. Develop audit programs for subsequent audits of the system. C. Evaluate the selection of hardware to be used by the system. D. Ensure that adequate controls are built into the system during development.
1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation
Digital signatures require the: A. signer to have a public key and the receiver to have a private key. B. signer to have a private key and the receiver to have a public key. C. signer and receiver to have a public key. D. signer and receiver to have a private key.
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
Assumptions while planning an IS project involve a high degree of risk because they are: A. based on known constraints. B. based on objective past data. C. a result of lack of information. D. often made by unqualified people.
Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups
In an audit of a business continuity plan, which of the following findings is of MOST concern? A. There is no insurance for the addition of assets during the year. B. BCP manual is not updated on a regular basis. C. Testing of the backup of data has not been done regularly. D. Records for maintenance of access system have not been maintained.
Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing C. Encapsulation D. Polymorphism
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
Which of the following Internet security threats could compromise integrity? A. Theft of data from the client B. Exposure of network configuration information C. A trojan horse browser D. Eavesdropping on the net
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when: A. a firewall exists. B. a secure web connection is used. C. the source of the executable is certain. D. the host website is part of your organization.
A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.
Cisco Certifications 
