Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor, performing a review of an application?s
controls, discovers a weakness in system software, which
could materially impact the application. The IS auditor should:
A. Disregard these control weaknesses as a system software
review is beyond the scope of this review.
B. Conduct a detailed system software review and report the
control weaknesses.
C. Include in the report a statement that the audit was
limited to a review of the application?s controls.
D. Review the system software controls as relevant and
recommend a detailed system software review.
- 1 Answers
- 10396 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The IS auditor is not expected to ignore control weaknesses
just because they are outside the scope of a current review.
Further, the conduct of a detailed systems software review
may hamper the audit?s schedule and the IS auditor may not
be technically competent to do such a review at this time.
If there are control weaknesses which have been discovered
by the IS auditor, they should be disclosed. By issuing a
disclaimer, this responsibility would be waived. Hence, the
appropriate option would be to review the systems software
as relevant to the review and recommend a detailed systems
software for which additional resources may be recommended.
| Is This Answer Correct ? | 13 Yes | 1 No |
Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization? A. A program that deposits a virus on a client machine B. Applets recording keystrokes and, therefore, passwords C. Downloaded code that reads files on a client's hard drive D. Applets opening connections from the client machine
The PRIMARY objective of a business continuity and disaster recovery plan should be to: A. safeguard critical IS assets. B. provide for continuity of operations. C. minimize the loss to an organization. D. protect human life.
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
An IS auditor performing a review of the backup processing facilities should be MOST concerned that: A. adequate fire insurance exists. B. regular hardware maintenance is performed. C. offsite storage of transaction and master files exists. D. backup processing facilities are tested fully.
The responsibility for designing, implementing and maintaining a system of internal control lies with: A. the IS auditor. B. management. C. the external auditor. D. the programming staff.
Change management procedures are established by IS management to: A. control the movement of applications from the test environment to the production environment. B. control the interruption of business operations from lack of attention to unresolved problems. C. ensure the uninterrupted operation of the business in the event of a disaster. D. verify that system changes are properly documented.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
Which of the following would MOST likely ensure that a system development project meets business objectives? A. Maintenance of program change logs B. Development of a project plan identifying all development activities C. Release of application changes at specific times of the year D. User involvement in system specification and acceptance
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness? A. Paper test B. Post test C. Preparedness test D. Walk-through
An IS auditor who is participating in a systems development project should: A. recommend appropriate control mechanisms regardless of cost. B. obtain and read project team meeting minutes to determine the status of the project. C. ensure that adequate and complete documentation exists for all project phases. D. not worry about his/her own ability to meet target dates since work will progress regardless.
The database administrator has recently informed you of the decision to disable certain normalization controls in the database management system (DBMS) software to provide users with increased query performance. This will MOST likely increase the risk of: A. loss of audit trails. B. redundancy of data. C. loss of data integrity. D. unauthorized access to data.
The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures: A. information assets are over protected. B. a basic level of protection is applied regardless of asset value. C. appropriate levels of protection are applied to information assets. D. an equal proportion of resources are devoted to protecting all information assets.
Cisco Certifications 
