The role of IT auditor in complying with the Management
Assessment of Internal Controls (Section 404 of the
Sarbanes-Oxley Act) is:
A. planning internal controls
B. documenting internal controls
C. designing internal controls
D. implementing internal controls
- 1 Answers
- 4348 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Choice (B) is the correct answer. The role of the IT auditor
is to document, understand, and test the internal controls
in computer systems. Planning, designing, and implementing
internal controls is part of operating management's
responsibility. This responsibility does not change whether
complying with Sarbanes-Oxley Act or not. Compliance efforts
are ongoing and include documenting internal controls on a
quarterly basis. Organizations need to identify and document
all electronic and manual processes related to the financial
reporting process.
| Is This Answer Correct ? | 7 Yes | 0 No |
Data edits are an example of: A. preventive controls. B. detective controls. C. corrective controls. D. compensating controls.
Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization? A. Built-in alternative routing B. Full system backup taken daily C. A repair contract with a service provider D. A duplicate machine alongside each server
A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a: A. digest signature. B. electronic signature. C. digital signature. D. hash signature.
Congestion control is BEST handled by which OSI layer? A. Data link B. Session layer C. Transport layer D. Network layer
There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is: A. alternative routing. B. diverse routing. C. long-haul network diversity. D. last mile circuit protection.
Functional acknowledgements are used: A. as an audit trail for EDI transactions. B. to functionally describe the IS department. C. to document user roles and responsibilities. D. as a functional description of application software.
Which of the following alternative business recovery strategies would be LEAST appropriate for an organization with a large database and online communications network environment? A. Hot site B. Cold site C. Reciprocal agreement D. Dual information processing facilities
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
A dry-pipe fire extinguisher system is a system that uses: A. water, but in which water does not enter the pipes until a fire has been detected. B. water, but in which the pipes are coated with special watertight sealants. C. carbon dioxide instead of water. D. halon instead of water.
Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)? A. Offsite storage of backup data B. Up-to-date list of key disaster recovery contacts C. Availability of a replacement data center D. Clearly defined recovery time objective (RTO)
Cisco Certifications 
