An IS auditor performing a review of the IS department
discovers that formal project approval procedures do not
exist. In the absence of these procedures the IS manager has
been arbitrarily approving projects that can be completed in
a short duration and referring other more complicated
projects to higher levels of management for approval. The IS
auditor should recommend as a FIRST course of action that:
A. users participate in the review and approval process.
B. formal approval procedures be adopted and documented.
C. projects be referred to appropriate levels of management
for approval.
D. the IS manager's job description be changed to include
approval authority.
- 2 Answers
- 4383 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
It is imperative that formal written approval procedures be
established to set accountability. This is true of both the
IS manager and higher levels of management. Choices A, C and
D would be subsequent recommendations once authority has
been established.
| Is This Answer Correct ? | 7 Yes | 0 No |
Answer / guest
B. formal approval procedures be adopted and documented.
| Is This Answer Correct ? | 0 Yes | 0 No |
Which of the following would be of MOST concern to an IS auditor reviewing a VPN implementation? Computers on the network that are located: A. on the enterprise's facilities. B. at the backup site. C. in employees' homes. D. at the enterprise's remote offices.
Which of the following should be the FIRST step of an IS audit? A. Create a flowchart of the decision branches. B. Gain an understanding of the environment under review. C. Perform a risk assessment. D. Develop the audit plan.
An IS auditor needs to link his/her microcomputer to a mainframe system that uses binary synchronous data communications with block data transmission. However, the IS auditor's microcomputer, as presently configured, is capable of only asynchronous ASCII character data communications. Which of the following must be added to the IS auditor's computer to enable it to communicate with the mainframe system? A. Buffer capacity and parallel port B. Network controller and buffer capacity C. Parallel port and protocol conversion D. Protocol conversion and buffer capability
A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to: A. maintain data integrity in the applications. B. restore application processing after a disruption. C. prevent unauthorized changes to programs and data. D. ensure recovery of data processing in case of a disaster.
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
Data flow diagrams are used by IS auditors to: A. order data hierarchically. B. highlight high-level data definitions. C. graphically summarize data paths and storage. D. portray step-by-step details of data generation.
An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as: A. critical. B. vital. C. sensitive. D. noncritical.
purchase orders issued to vendors have been authorized as per the authorization matrix
While planning an audit, an assessment of risk should be made to provide: A. reasonable assurance that the audit will cover material items. B. definite assurance that material items will be covered during the audit work. C. reasonable assurance that all items will be covered by the audit. D. sufficient assurance that all items will be covered during the audit work.
Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions? A. Response B. Correction C. Detection D. Monitoring
Which of the following controls is LEAST likely to detect changes made online to master records? A. Update access to master file is restricted to a supervisor independent of data entry. B. Clerks enter updates online and are finalized by an independent supervisor. C. An edit listing of all updates is produced daily and reviewed by an independent supervisor. D. An update authorization form must be approved by an independent supervisor before entry.
Capacity monitoring software is used to ensure: A. maximum use of available capacity. B. that future acquisitions meet user needs. C. concurrent use by a large number of users. D. continuity of efficient operations.
Cisco Certifications 
