Once an organization has finished the business process
reengineering (BPR) of all its critical operations, the IS
auditor would MOST likely focus on a review of:
A. pre-BPR process flowcharts.
B. post-BPR process flowcharts.
C. BPR project plans.
D. continuous improvement and monitoring plans.
- 2 Answers
- 5025 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
The IS auditor's task is to identify and ensure that key
controls have been incorporated into the reengineered
process. Choice A is incorrect because an IS auditor must
review the process as it is today, not as it was in the
past. Choices C and D are incorrect because they are steps
within a BPR project.
| Is This Answer Correct ? | 6 Yes | 0 No |
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious? A. Sensitive data can be read by operators. B. Data can be amended without authorization. C. Unauthorized report copies can be printed. D. Output can be lost in the event of system failure.
Which of the following functions, if combined, would be the GREATEST risk to an organization? A. Systems analyst and database administrator B. Quality assurance and computer operator C. Tape librarian and data entry clerk D. Application programmer and tape librarian
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis
During an IT audit of a large bank, an IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk that the bank is exposed to is that the: A. business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. B. business continuity plan may not include all relevant applications and therefore may lack completeness in terms of its coverage. C. business impact of a disaster may not have been accurately understood by the management. D. business continuity plan may lack an effective ownership by the business owners of such applications.
The MOST effective method of preventing unauthorized use of data files is: A. automated file entry. B. tape librarian. C. access control software. D. locked library.
Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing
During a review of the controls over the process of defining IT service levels, an IS auditor would MOST likely interview the: A. systems programmer. B. legal staff. C. business unit manager. D. application programmer.
An Internet-based attack using password sniffing can: A. enable one party to act as if they are another party. B. cause modification to the contents of certain transactions. C. be used to gain access to systems containing proprietary information. D. result in major problems with billing systems and transaction processing agreements.
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.
Which of the following techniques would provide the BEST assurance that the estimate of program development effort is reliable? A. Function point analysis B. Estimates by business area C. A computer-based project schedule D. An estimate by experienced programmer
Cisco Certifications 
