Which of the following is the MOST important issue to the IS
auditor in a business process re-engineering (BPR) project
would be?
A. The loss of middle management, which often is a result of
a BPR project
B. That controls are usually given low priority in a BPR project
C. The considerable negative impact that information
protection could have on BPR
D. The risk of failure due to the large size of the task
usually undertaken in a BPR project
- 2 Answers
- 4058 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
Controls should be given high priority during a BPR project,
therefore this would be a concern for the IS auditor if they
are not adequately considered by management. The fact that
middle management is lost, as stated in choice A, is not
necessarily a concern as long as controls are in place.
Choices C and D do not have any relevance to a BPR project.
| Is This Answer Correct ? | 8 Yes | 0 No |
Answer / antoine
B. That controls are usually given low priority in a BPR
project
| Is This Answer Correct ? | 0 Yes | 0 No |
An organization is proposing to install a single sign-on facility giving access to all systems. The organization should be aware that: A. Maximum unauthorized access would be possible if a password is disclosed. B. User access rights would be restricted by the additional security parameters. C. The security administrator?s workload would increase. D. User access rights would be increased.
Which of the following techniques or tools would assist an IS auditor when performing a statistical sampling of financial transactions maintained in a financial management information system? A. Spreadsheets B. Parallel simulation C. Generalized audit software D. Regression testing
An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely: A. check to ensure the type of transaction is valid for that card type. B. verify the format of the number entered then locate it on the database. C. ensure that the transaction entered is within the cardholder's credit limit. D. confirm that the card is not shown as lost or stolen on the master file.
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? A. Check digit B. Existence check C. Completeness check D. Reasonableness check
Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions? A. Response B. Correction C. Detection D. Monitoring
An IS auditor doing penetration testing during an audit of Internet connections would: A. evaluate configurations. B. examine security settings. C. ensure virus-scanning software is in use. D. use tools and techniques that are available to a hacker.
Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.
With regard to sampling it can be said that: A. sampling is generally applicable when the population relates to an intangible or undocumented control. B. if an auditor knows internal controls are strong, the confidence coefficient may be lowered. C. attribute sampling would help prevent excessive sampling of an attribute by stopping an audit test at the earliest possible moment. D. variable sampling is a technique to estimate the rate of occurrence of a given control or set of related controls.
To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features that can be implemented in this environment, which of the following makes implementation and maintenance difficult? A. User isolation B. Controlled remote access C. Transparent remote access D. The network environments
Which of the following would be the LEAST helpful in restoring service from an incident currently underway? A. Developing a database repository of past incidents and actions to facilitate future corrective actions B. Declaring the incident, which not only helps to carry out corrective measures, but also improves the awareness level C. Developing a detailed operations plan that outlines specific actions to be taken to recover from an incident D. Establishing multidisciplinary teams consisting of executive management, security staff, information systems staff, legal counsel, public relations, etc., to carry out the response.
An IS auditor is conducting substantive audit tests of a new accounts receivable module. The IS auditor has a tight schedule and limited computer expertise. Which would be the BEST audit technique to use in this situation? A. Test data B. Parallel simulation C. Integrated test facility D. Embedded audit module
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
Cisco Certifications 
