The FIRST task an IS auditor should complete when performing
an audit in an unfamiliar area is to:
A. design the audit programs for each system or function
involved.
B. develop a set of compliance tests and substantive tests.
C. gather background information pertinent to the new audit.
D. assign human and economical resources.
- 1 Answers
- 4301 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Proper planning is the necessary first step in performing
effective audits. The IS auditor's first task should be to
gather background information, such as business sector,
applied benchmarks, specific trends and regulatory and legal
requirements. This will allow the auditor to better
understand what to audit. After gathering initial
information, the auditor would then identify the audit
subject and audit objectives, define the scope, establish
the information systems and functions involved, and identify
the needed resources.
| Is This Answer Correct ? | 3 Yes | 0 No |
During an audit of a telecommunications system the IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is: A. encryption. B. callback modems. C. message authentication. D. dedicated leased lines.
Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer
When auditing the requirements phase of a software acquisition, the IS auditor should: A. assess the feasibility of the project timetable. B. assess the vendor?s proposed quality processes. C. ensure that the best software package is acquired. D. review the completeness of the specifications.
Which of the following is widely accepted as one of the critical components in networking management? A. Configuration management B. Topological mappings C. Application of monitoring tools D. Proxy server trouble shooting
Which of the following would be included in an IS strategic plan? A. Specifications for planned hardware purchases B. Analysis of future business objectives C. Target dates for development projects D. Annual budgetary targets for the IS department
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check
The objective of IT governance is to ensure that the IT strategy is aligned with the objectives of (the): A. enterprise. B. IT. C. audit. D. finance.
An IS auditor reviews an organization chart PRIMARILY for: A. an understanding of workflows. B. investigating various communication channels. C. understanding the responsibilities and authority of individuals. D. investigating the network connected to different employees.
An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error
An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely: A. evaluate the record retention plans for off-premises storage. B. interview programmers about the procedures currently being followed. C. compare utilization records to operations schedules. D. review data file access records to test the librarian function.
A single digitally signed instruction was given to a financial institution to credit a customer's account. The financial institution received the instruction three times and credited the account three times. Which of the following would be the MOST appropriate control against such multiple credits? A. Encrypting the hash of the payment instruction with the public key of the financial institution. B. Affixing a time stamp to the instruction and using it to check for duplicate payments. C. Encrypting the hash of the payment instruction with the private key of the instructor. D. Affixing a time stamp to the hash of the instruction before being digitally signed by the instructor.
When assessing the portability of a database application, the IS auditor should verify that: A. a structured query language (SQL) is used. B. information import and export procedures with other systems exist. C. indexes are used. D. all entities have a significant name and identified primary and foreign keys.
Cisco Certifications 
