Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is an objective of a control
self-assessment (CSA) program?
A. Concentration on areas of high risk
B. Replacement of audit responsibilities
C. Completion of control questionnaires
D. Collaborative facilitative workshops
- 1 Answers
- 8576 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The objectives of CSA programs include education for line
management in control responsibility and monitoring and
concentration by all on areas of high risk. The objectives
of CSA programs include the enhancement of audit
responsibilities, not replacement of audit responsibilities.
Choices C and D are tools of CSA, not objectives.
| Is This Answer Correct ? | 13 Yes | 0 No |
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same? A. A substantive test of program library controls B. A compliance test of program library controls C. A compliance test of the program compiler controls D. A substantive test of the program compiler controls
Without compensating controls, which of the following functions would represent a risk if combined with that of a system analyst? A. Application programming B. Data entry C. Quality assurance D. Database administrator
Which of the following is the MOST critical for the successful implementation and maintenance of a security policy? A. Assimilation of the framework and intent of a written security policy by all appropriate parties B. Management support and approval for the implementation and maintenance of a security policy C. Enforcement of security rules by providing punitive actions for any violation of security rules D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
Which of the following is the MOST important function to be performed by IS management when a service has been outsource? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance
When two or more systems are integrated, input/output controls must be reviewed by the IS auditor in the: A. systems receiving the output of other systems. B. systems sending output to other systems. C. systems sending and receiving data. D. interfaces between the two systems.
Which of the following is a function of an IS steering committee? A. Monitoring vendor controlled change control and testing B. Ensuring a separation of duties within the information's processing environment C. Approving and monitoring major projects, the status of IS plans and budgets D. Responsible for liaison between the IS department and the end users
Which of the following is a feature of an intrusion detection system (IDS)? A. Gathering evidence on attack attempts B. Identifying weakness in the policy definition C. Blocking access to particular sites on the Internet D. Preventing certain users from accessing specific servers
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
With regard to sampling it can be said that: A. sampling is generally applicable when the population relates to an intangible or undocumented control. B. if an auditor knows internal controls are strong, the confidence coefficient may be lowered. C. attribute sampling would help prevent excessive sampling of an attribute by stopping an audit test at the earliest possible moment. D. variable sampling is a technique to estimate the rate of occurrence of a given control or set of related controls.
The PRIMARY reason for replacing checks (cheques) with EFT systems in the accounts payable area is to: A. make the payment process more efficient. B. comply with international EFT banking standards. C. decrease the number of paper-based payment forms. D. reduce the risk of unauthorized changes to payment transactions.
Which of the following types of firewalls provide the GREATEST degree and granularity of control? A. Screening router B. Packet filter C. Application gateway D. Circuit gateway
Cisco Certifications 
