During which phase of a system development process should an
IS auditor first raise the issue of application controls?
A. Construction
B. System design
C. Acceptance testing
D. Functional specification
Answer / guest
Answer: D
It is important that IS auditors raise control concerns as
early as possible. Frequently, the requirement for controls
is not clearly specific when developing the functional
specifications. The IS auditor should ensure that the
business areas specify their requirement for control at that
stage. The construction phase of the project is often too
late for the identification of the controls, since this may
require that changes be made in the design. Controls should
be designed in at the system design stage, but the types of
controls should have been identified as part of the
functional specification. The acceptance testing stage is
too late to identify controls, since this can require major
changes to the system.
| Is This Answer Correct ? | 5 Yes | 0 No |
Information for detecting unauthorized input from a terminal would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.
Information requirement definitions, feasibility studies and user requirements are significant considerations when: A. defining and managing service levels. B. identifying IT solutions. C. managing changes. D. assessing internal IT control.
Of the following, the MAIN purpose for periodically testing offsite backup facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.
An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.
A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a: A. digest signature. B. electronic signature. C. digital signature. D. hash signature.
According to the Committee of Sponsoring Organizations (COSO), the internal control framework consists of which of the following? A. Processes, people, objectives. B. Profits, products, processes. C. Costs, revenues, margins. D. Return on investment, earnings per share, market share.
An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture? A. A secure socket layer (SSL) has been implemented for user authentication and remote administration of the firewall. B. On the basis of changing requirements, firewall policies are updated. C. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted. D. The firewall is placed on top of the commercial operating system with all installation options.
The risk that an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when, in fact, they do, is an example of: A. inherent risk. B.control risk. C. detection risk. D. audit risk.
A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.
A proposed transaction processing application will have many data capture sources and outputs in both paper and electronic form. To ensure that transactions are not lost during processing, the IS auditor should recommend the inclusion of: A. validation controls. B. internal credibility checks. C. clerical control procedures. D. automated systems balancing.
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.