Which of the following forms of evidence for the auditor
would be considered the MOST reliable?
A. An oral statement from the auditee
B. The results of a test performed by an IS auditor
C. An internally generated computer accounting report
D. A confirmation letter received from an outside source
- 2 Answers
- 10992 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / rajesh
B.An Independent test performed by an IS auditor should always be considered a more reliable source of evidence than conformation letter from outside source.
| Is This Answer Correct ? | 9 Yes | 1 No |
Answer / guest
Answer: D
Evidence obtained from outside sources is usually more
reliable than that obtained from within the organization.
Confirmation letters received from outside parties, such as
those used to verify accounts receivable balances, are
usually highly reliable. Testing performed by an auditor may
not be reliable if the auditor did not have a good
understanding of the technical area under review.
| Is This Answer Correct ? | 3 Yes | 10 No |
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:
Which of the following is the MOST important objective of data protection? A. Identifying persons who need access to information B. Ensuring the integrity of information C. Denying or authorizing access to the IS system D. Monitoring logical accesses
Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.
After a full operational contingency test, the IS auditor performs a review of the recovery steps and concludes that the elapsed time until the technological environment and systems were actually functioning, exceeded the required critical recovery time. Which of the following should the auditor recommend? A. Perform an integral review of the recovery tasks. B. Broaden the processing capacity to gain recovery time. C. Make improvements in the facility's circulation structure. D. Increase the amount of human resources involved in the recovery.
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
A distinction that can be made between compliance testing and substantive testing is that compliance testing tests: A. details, while substantive testing tests procedures. B. controls, while substantive testing tests details. C. plans, while substantive testing tests procedures. D. for regulatory requirements, while substantive testing tests validations.
Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility? A. Security awareness B. Reading the security policy C. Security committee D. Logical access controls
Which of the following would be considered a business risk? A. Former employees B. Part-time and temporary personnel C. Loss of competitive edge D. Hackers
Which of the following audit procedures would MOST likely be used in an audit of a systems development project? A. Develop test transactions B. Use code comparison utilities C. Develop audit software programs D. Review functional requirements documentation
Which of the following would an IS auditor place LEAST reliance on when determining management's effectiveness in communicating information systems policies to appropriate personnel? A. Interviews with user and IS personnel B. Minutes of IS steering committee meetings C. User department systems and procedures manuals D.Information processing facilities operations and procedures manuals
Cisco Certifications 
