The PRIMARY advantage of a continuous audit approach is that it:
A. does not require an IS auditor to collect evidence on
system reliability while processing is taking place.
B. requires the IS auditor to review and follow up
immediately on all information collected.
C. can improve system security when used in time-sharing
environments that process a large number of transactions.
D. does not depend on the complexity of an organization's
computer systems.
- 3 Answers
- 11085 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: C
The use of continuous auditing techniques can actually
improve system security when used in time-sharing
environments that process a large number of transactions,
but leave a scarce paper trail. Choice A is incorrect since
the continuous audit approach often does require an IS
auditor to collect evidence on system reliability while
processing is taking place. Choice B is incorrect since an
IS auditor normally would review and follow up only on
material deficiencies or errors detected. Choice D is
incorrect since the use of continuous audit techniques does
depend on the complexity of an organization's computer systems.
| Is This Answer Correct ? | 12 Yes | 0 No |
Answer / antoine
C. can improve system security when used in time-sharing
environments that process a large number of transactions
| Is This Answer Correct ? | 7 Yes | 0 No |
Answer / lorie
The correct answer is B per ISACA database: B. Continuous audit allows audit and response to audit issues in a timely manner because audit findings are gathered in near real time
| Is This Answer Correct ? | 0 Yes | 0 No |
In a small organization, where segregation of duties is not practical, an employee performs the function of computer operator and application programmer. Which of the following controls should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide segregation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? A. Review the parameter settings B. Interview the firewall administrator C. Review the actual procedures D. Review the device's log file for recent attacks
Which of the following development methods uses a prototype that can be updated continually to meet changing user or business requirements? A. Data-oriented development (DOD) B. Object-oriented development (OOD) C. Business process reengineering (BPR) D. Rapid application development (RAD)
The implementation of cost-effective controls in an automated system is ultimately the responsibility of the: A. system administrator. B. quality assurance function. C. business unit management. D. chief of internal audit.
An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.
Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power? A. Power line conditioners B. A surge protective device C. An alternative power supply D. An interruptible power supply
Which of the following is a control over component communication failure/errors? A. Restricting operator access and maintaining audit trails B. Monitoring and reviewing system engineering activity C. Providing network redundancy D. Establishing physical barriers to the data transmitted over the network
An IS auditor, performing a review of an application?s controls, discovers a weakness in system software, which could materially impact the application. The IS auditor should: A. Disregard these control weaknesses as a system software review is beyond the scope of this review. B. Conduct a detailed system software review and report the control weaknesses. C. Include in the report a statement that the audit was limited to a review of the application?s controls. D. Review the system software controls as relevant and recommend a detailed system software review.
When a PC that has been used for the storage of confidential data is sold on the open market the: A. hard disk should be demagnetized. B. hard disk should be mid-level formatted.s C. data on the hard disk should be deleted. D. data on the hard disk should be defragmented.
During an audit of a telecommunications system the IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is: A. encryption. B. callback modems. C. message authentication. D. dedicated leased lines.
Cisco Certifications 
