Interested to Buy Any Domain ? << Click Here >> for more details...
When conducting a review of business process re-engineering,
an IS auditor found that a key preventive control had been
removed. In this case, the IS auditor should:
A. inform management of the finding and determine if
management is willing to accept the potential material risk
of not having that preventing control.
B. determine if a detective control has replaced the
preventive control during the process and if so, not report
the removal of the preventive control.
C. recommend that this and all control procedures that
existed before the process was reengineered be included in
the new process.
D. develop a continuous audit approach to monitor the
effects of the removal of the preventive control.
- 2 Answers
- 11173 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Choice A is the best answer. Management should be informed
immediately to determine if they are willing to accept the
potential material risk of not having that preventive
control in place. The existence of a detective control
instead of a preventive control usually increases the risks
that a material problem may occur. Often during a BPR many
non-value-added controls will be eliminated. This is good,
unless they increase the business and financial risks. The
IS auditor may wish to monitor or recommend that management
monitor the new process, but this should be done only after
management has been informed and accepts the risk of not
having the preventive control in place.
| Is This Answer Correct ? | 12 Yes | 0 No |
Answer / antoine
A. inform management of the finding and determine if
management is willing to accept the potential material risk
of not having that preventing control.
| Is This Answer Correct ? | 4 Yes | 0 No |
An IS auditor reviewing an organization's IT strategic plan should FIRST review: A. the existing IT environment. B. the business plan. C. the present IT budget. D. current technology trends.
During an audit of the tape management system at a data center, an IS auditor discovered that parameters are set to bypass or ignore the labels written on tape header records. The IS auditor also determined that effective staging and job setup procedures were in place. In this situation, the IS auditor should conclude that the: A. tape headers should be manually logged and checked by the operators. B. staging and job setup procedures are not appropriate compensating controls. C. staging and job setup procedures compensate for the tape label control weakness. D. tape management system parameters must be set to check all labels.
An IS auditor is reviewing a project that is using an agile software development approach. Which of the following should the IS auditor expect to find? A. Use of a capability maturity model (CMM) B. Regular monitoring of task-level progress against schedule C. Extensive use of software development tools to maximize team productivity D. Postiteration reviews that identify lessons learned for future use in the project
Which of the following is a network architecture configuration that links each station directly to a main hub? A. Bus B. Ring C. Star D. Completed connected
Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and inter-user communications D. Performance management, audit and control
The purpose of debugging programs is to: A. generate random data that can be used to test programs before implementing them. B. protect, during the programming phase, valid changes from being overwritten by other changes. C. define the program development and maintenance costs to be include in the feasibility study. D. ensure that program abnormal terminations and program coding flaws are detected and corrected.
In a system that records all receivables for a company, the receivables are posted on a daily basis. Which of the following would ensure that receivables balances are unaltered between postings? A. Range checks B. Record counts C. Sequence checking D. Run-to-run control totals
The quality assurance group is typically responsible for: A. ensuring that the output received from system processing is complete. B. monitoring the execution of computer processing tasks. C. ensuring that programs and program changes and documentation adhere to established standards. D. designing procedures to protect data against accidental disclosure, modification or destruction.
An IS auditor auditing hardware monitoring procedures should review A. system availability reports. B. cost-benefit reports. C. response time reports. D. database utilization reports.
The PKI element that manages the certificate life cycle, including certificate directory maintenance and certificate revocation list (CRL) maintenance and publication is the: A. certificate authority. B. digital certificate. C. certification practice statement. D. registration authority.
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.
Cisco Certifications 
