Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor, performing a review of an application?s
controls, discovers a weakness in system software, which
could materially impact the application. The IS auditor should:
A. Disregard these control weaknesses as a system software
review is beyond the scope of this review.
B. Conduct a detailed system software review and report the
control weaknesses.
C. Include in the report a statement that the audit was
limited to a review of the application?s controls.
D. Review the system software controls as relevant and
recommend a detailed system software review.
- 1 Answers
- 10425 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The IS auditor is not expected to ignore control weaknesses
just because they are outside the scope of a current review.
Further, the conduct of a detailed systems software review
may hamper the audit?s schedule and the IS auditor may not
be technically competent to do such a review at this time.
If there are control weaknesses which have been discovered
by the IS auditor, they should be disclosed. By issuing a
disclaimer, this responsibility would be waived. Hence, the
appropriate option would be to review the systems software
as relevant to the review and recommend a detailed systems
software for which additional resources may be recommended.
| Is This Answer Correct ? | 13 Yes | 1 No |
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
Which is the first software capability maturity model (CMM) level to include a standard software development process? A. Initial (level 1) B. Repeatable (level 2) C. Defined (level 3) D. Optimizing (level 5)
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and inter-user communications D. Performance management, audit and control
Change management procedures are established by IS management to: A. control the movement of applications from the test environment to the production environment. B. control the interruption of business operations from lack of attention to unresolved problems. C. ensure the uninterrupted operation of the business in the event of a disaster. D. verify that system changes are properly documented.
Which of the following is a check (control) for completeness? A. Check digits B. Parity bits C. One-for-one checking D. Prerecorded input
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? A. Review software migration records and verify approvals. B. Identify changes that have occurred and verify approvals. C. Review change control documentation and verify approvals. D. Ensure that only appropriate staff can migrate changes into production.
In a risk-based audit approach, an IS auditor should FIRST complete :
Which of the following is critical to the selection and acquisition of the correct operating system software? A. Competitive bids B. User department approval C. Hardware-configuration analysis D. Purchasing department approval
Which of the following should concern an IS auditor when reviewing security in a client-server environment? A. Data is protected by an encryption technique. B. Diskless workstations prevent unauthorized access. C. Ability of users to access and modify the database directly. D. Disabling floppy drives on the users machines.
An organization has been an Internet user for several years and the business plan now calls for initiating e-commerce via web-based transactions. Which of the following will LEAST impact transactions in e-commerce? A. Encryption is required B. Timed authentication is required C. Firewall architecture hides the internal network D. Traffic is exchanged through the firewall at the application layer only
The development of an IS security policy is ultimately the responsibility of the: A. IS department. B. security committee. C. security administrator. D. board of directors.
Cisco Certifications 
