Interested to Buy Any Domain ? << Click Here >> for more details...
In a small organization, an employee performs computer
operations and, when the situation demands, program
modifications. Which of the following should the IS auditor
recommend?
A. Automated logging of changes to development libraries
B. Additional staff to provide separation of duties
C. Procedures that verify that only approved program changes
are implemented
D. Access controls to prevent the operator from making
program modifications
- 1 Answers
- 9054 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
While it would be preferred that strict separation of duties
be adhered to and that additional staff is recruited, as
suggested in choice B, this practice is not always possible
in small organizations. The IS auditor must look at
recommended alternative processes. Of the choices, C is the
only practical one that has an impact. The IS auditor should
recommend processes that detect changes to production source
and object code, such as code comparisons, so the changes
can be reviewed by a third party on a regular basis. This
would be a compensating control process. Choice A, involving
logging of changes to development libraries, would not
detect changes to production libraries. Choice D is in
effect requiring a third party to do the changes, which may
not be practical in a small organization.
| Is This Answer Correct ? | 2 Yes | 1 No |
Which of the following types of controls is designed to provide the ability to verify data and record values through the stages of application processing? A. Range checks B. Run-to-run totals C. Limit checks on calculated amounts D. Exception reports
When reviewing a service level agreement for an outsourced computer center an IS auditor should FIRST determine that: A. the cost proposed for the services is reasonable. B. security mechanisms are specified in the agreement. C. the services in the agreement are based on an analysis of business needs. D. audit access to the computer center is allowed under the agreement.
Which of the following would be included in an IS strategic plan?
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
Utilizing audit software to compare the object code of two programs is an audit technique used to test program: A. logic. B. changes. C. efficiency. D. computations.
Which of the following group/individuals should assume overall direction and responsibility for costs and timetables of system development projects? A. User management B. Project steering committee C. Senior management D. Systems development management
While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
When selecting software, which of the following business and technical issues is the MOST important to be considered? A. Vendor reputation B. Requirements of the organization C. Cost factors D. Installed base
A primary reason for an IS auditor's involvement in the development of a new application system is to ensure that: A. adequate controls are built into the system. B. user requirements are satisfied by the system. C. sufficient hardware is available to process the system. D. data are being developed for pre-implementation testing of the system.
A PING command is used to measure: A. attenuation. B. throughput. C. delay distortion. D. latency.
The impact of EDI on internal controls will be: A. that fewer opportunities for review and authorization will exist. B. an inherent authentication. C. a proper distribution of EDI transactions while in the possession of third parties. D. that IPF management will have increased responsibilities over data center controls.
Cisco Certifications 
