An organization acquiring other businesses continues using
its legacy EDI systems, and uses three separate value added
network (VAN) providers. No written VAN agreements exist.
The IS auditor should recommend that management:
A. obtain independent assurance of the third party service
providers.
B. set up a process for monitoring the service delivery of
the third party.
C. ensure that formal contracts are in place.
D. consider agreements with third party service providers in
the development of continuity plans.
Answer / guest
Answer: C
Written agreements would assist management in ensuring
compliance with external requirements. While management
should obtain independent assurance of compliance, this can
not be achieved until there is a contract in place. One
aspect of managing third party services is to provide
monitoring, however, this can not be achieved until there is
a contract. Ensuring that VAN agreements are available for
review may assist in the development of continuity plans if
they are deemed critical IT resources, however, this can not
be achieved until there is a contract in place.
Is This Answer Correct ? | 2 Yes | 0 No |
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
The PRIMARY objective of a logical access controls review is to: A. review access controls provided through software. B. ensure access is granted per the organization's authorities. C. walkthrough and assess access provided in the IT environment. D. provide assurance that computer hardware is protected adequately against abuse.
Which of the following is a function of an IS steering committee? A. Monitoring vendor controlled change control and testing B. Ensuring a separation of duties within the information's processing environment C. Approving and monitoring major projects, the status of IS plans and budgets D. Responsible for liaison between the IS department and the end users
A network diagnostic tool that monitors and records network information is a/an: A. online monitor. B. downtime report. C. help desk report. D. protocol analyzer.
Utilizing audit software to compare the object code of two programs is an audit technique used to test program: A. logic. B. changes. C. efficiency. D. computations.
For an online transaction processing system, transactions per second is a measure of: A. throughput. B. response time. C. turnaround time. D. uptime.
When auditing the requirements phase of a software acquisition, the IS auditor should: A. assess the feasibility of the project timetable. B. assess the vendor?s proposed quality processes. C. ensure that the best software package is acquired. D. review the completeness of the specifications.
Which of the following are data file controls? A. Internal and external labeling B. Limit check and logical relationship checks C. Total items and hash totals D. Report distribution procedures
Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called: A. feedback error control. B. block sum check. C. forward error control. D. cyclic redundancy check.
While copying files from a floppy disk a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus? A: A. scan of all floppy disks before use B. virus monitor on the network file server C. scheduled daily scan of all network drives D. virus monitor on the user's personal computer
Security administration procedures require read-only access to: A. access control tables. B. security log files. C. logging options. D. user profiles.
Controls designed to ensure that unauthorized changes are not made to information residing in a computer file are known as: A. data security controls. B. implementation controls. C. program security controls. D. computer operations controls.