Chapter 3 Self Assessment Flashcards
To assist in testing an essential banking system being acquired, an organization has provided the vendor with sensitive data from its existing production system. An IS auditor’s PRIMARY concern is that the data should be:
A. sanitized.
B. complete.
C. representative.
D. current.
A. sanitized.
Which of the following is the PRIMARY purpose for conducting parallel testing?
A. To determine whether the system is cost-effective
B. To enable comprehensive unit and system testing
C. To highlight errors in the program interfaces with files
D. To ensure the new system meets user requirements
D. To ensure the new system meets user requirements
When conducting a review of business process reengineering, an IS auditor found that an important preventive control had been removed. In this case, the IS auditor should:
A. inform management of the finding and determine whether management is willing to accept the potential material risk of not having that preventive control.
B. determine if a detective control has replaced the preventive control during the process, and if it has not, report the removal of the preventive control.
C. recommend that this and all control procedures that existed before the process was reengineered be included in the new process.
D. develop a continuous audit approach to monitor the effects of the removal of the preventive control.
A. inform management of the finding and determine whether management is willing to accept the potential material risk of not having that preventive control.
Which of the following data validation edits is effective in detecting transposition and transcription errors?
A. Range check
B. Check digit
C. Validity check
D. Duplicate check
B. Check digit
Which of the following weaknesses would be considered the MOST serious in enterprise resource planning software used by a financial organization?
A. Access controls have not been reviewed.
B. Limited documentation is available.
C. Two-year-old backup tapes have not been replaced.
D. Database backups are performed once a day.
A. Access controls have not been reviewed.
When auditing the requirements phase of a software acquisition, an IS auditor should:
A. assess the reasonability of the project timetable.
B. assess the vendor’s proposed quality processes.
C. ensure that the best software package is acquired.
D. review the completeness of the specifications.
D. review the completeness of the specifications.
An organization decides to purchase a software package instead of developing it. In such a case, the design and development phases of a traditional system development life cycle would be replaced with:
A. selection and configuration phases
B. feasibility and requirements phases
C. implementation and testing phases
D. nothing, as replacement is not required.
A. selection and configuration phases
User specifications for a software development project using the traditional (waterfall) system development life cycle methodology have not been met. An IS auditor looking for a cause should look in which of the following areas?
A. Quality assurance
B. Requirements
C. Development
D. User training
C. Development
When introducing thin client architecture, which of the following types of risk regarding servers is significantly increased?
A. Integrity
B. Concurrency
C. Confidentiality
D. Availability
D. Availability
Which of the following procedures should be implemented to help ensure the completeness of inbound transactions via electronic data interchange (EDI)?
A. Segment counts built into the transaction set trailer
B. A log of the number of messages received, periodically verified with the transaction originator
C. An electronic audit trail for accountability and tracking
D. Matching acknowledgment transactions received to the log of EDI messages sent
A. Segment counts built into the transaction set trailer
