Domain 3: Information Systems Acquisition, Development, and Implementation - PART 3A Flashcards

Question 1

Q

Assignment of process ownership is essential in system development projects because it:

Answer

A

ensures that system design is based on business needs.

Question 2

Q

Before implementing controls in a newly developed system, management should PRIMARILY ensure that the controls:

Answer

A

satisfy a requirement in addressing a risk.

Question 3

Q

The BEST time for an IS auditor to assess the control specifications of a new application software package which is being considered for acquisition is during:

Answer

A

during the requirements gathering process.

Question 4

Q

A company has implemented a new client- server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are processed accurately, and the corresponding products are produced?

Answer

A

Verifying production of customer orders

Question 5

Q

A company’s development team does not follow generally accepted system development life cycle practices. Which of the following is MOST likely to cause problems for software development projects?

Answer

A

Project responsibilities are not formally defined at the beginning of a project.

Question 6

Q

A company undertakes a business process reengineering project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor’s main concern about the new process?

Answer

A

Whether key controls are in place to protect assets and information resources

Question 7

Q

The development of an application has been outsourced to an offshore vendor. Which of the following should be of GREATEST concern to an IS auditor?

Answer

A

The business case was not established.

Question 8

Q

Documentation of a business case used in an IT development project should be retained until:

Answer

A

the end of the system’s life cycle.

Question 9

Q

Due to a reorganization, a business application system will be extended to other departments. Which of the following should be of the GREATEST concern for an IS auditor?

Answer

A

Process owners have not been identified.

Question 10

Q

During a system development life cycle audit of a human resources and payroll application, the IS auditor notes that the data used for user acceptance testing have been masked. The purpose of masking the data is to ensure the:

Answer

A

confidentiality of the data.

Question 11

Q

During the audit of an acquired software package, an IS auditor finds that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal. The IS auditor should FIRST:

Answer

A

ensure that the procedure had been approved.

Question 12

Q

During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced, and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:

Answer

A

buffer overflow.

Question 13

Q

The editing/validation of data entered at a remote site is performed MOST effectively at the:

Answer

A

remote processing site PRIOR to transmission of the data to the central processing site.

Question 14

Q

An enterprise is developing a strategy to upgrade to a newer version of its database software. Which of the following tasks can an IS auditor perform without compromising the objectivity of the IS audit function?

Answer

A

Review the acceptance test case documentation BEFORE the tests are carried out.

Question 15

Q

Following good practices, formal plans for implementation of new information systems are developed during the:

Answer

A

Design Phase.

Question 16

Q

Information for detecting unauthorized input from a user workstation would be BEST provided by the:

Answer

A

transaction journal.

Question 17

Q

An IS auditor assesses the project management process for an internal software development project. In respect to the software functionality, the IS auditor should look for sign-off by:

Answer

A

business unit management.

Question 18

Q

An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor’s MAIN concern should be that the:

Answer

A

complexity and risk associated with the project have been analyzed.

Question 19

Q

An IS auditor has found time constraints and expanded needs to be the root causes for recent violations of corporate data definition standards in a new business intelligence project. Which of the following is the MOST appropriate suggestion for an auditor to make?

Answer

A

Achieve standards alignment through an increase of resources devoted to the project.

Question 20

Q

An IS auditor invited to a project development meeting notes that no project risk has been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risk and that, if risk starts impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to:

Answer

A

Stress the importance of spending time at this point in the project to consider and DOCUMENT risk and to develop contingency plans.

Question 21

Q

An IS auditor is assigned to audit a software development project, which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?

Answer

A

Review the business case and project management.

Question 22

Q

An IS auditor is performing a post- implementation review of an organization’s system and identifies output errors within an accounting application. The IS auditor determined this was caused by input errors. Which of the following controls should the IS auditor recommend to management?

Answer

A

Limit checks

Question 23

Q

An IS auditor is reviewing IT projects for a large company and wants to determine whether the IT projects undertaken in a given year are those which have been assigned the highest priority by the business and which will generate the greatest business value. Which of the following is MOST relevant?

Answer

A

Portfolio management

Question 24

Q

An IS auditor is reviewing the software development capabilities of an organization that has adopted the agile methodology. The IS auditor would be the MOST concerned if:

Answer

A

certain project iterations produce proof-of- concept deliverables and unfinished code.

Question 25

Q

An IS auditor performing a review of a major software development project finds that it is on schedule and under budget even though the software developers have worked considerable amounts of unplanned overtime. The IS auditor should:

Answer

A

investigate further to determine whether the project plan may not be accurate.

Question 26

Q

An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:

Answer

A

verify the format of the number entered, then locate it on the database.

Question 27

Q

An IS auditor reviewing a proposed application software acquisition should ensure that the:

Answer

A

product is compatible with the current or planned OS.

Question 28

Q

An IS auditor reviewing a series of completed projects finds that the implemented functionality often exceeded requirements and most of the projects ran significantly over budget. Which of these areas of the organization’s project management process is the MOST likely cause of this issue?

Answer

A

Project scope management

Question 29

Q

An IS auditor reviewing the IT project management process is reviewing a feasibility study for a critical project to build a new data center. The IS auditor is MOST concerned about the fact that:

Answer

A

the organizational impact of the project has not been assessed.

Question 30

Q

An IS auditor who is auditing the software acquisition process will ensure that the:

Answer

A

contract is reviewed and approved by the legal counsel before it is signed.

Question 31

Q

A large industrial organization is replacing an obsolete legacy system and evaluating whether to buy a custom solution or develop a system in-house. Which of the following will MOST likely influence the decision?

Answer

A

Technical skills and knowledge within the organization related to sourcing and software development

Question 32

Q

The MAIN purpose of a transaction audit trail is to:

Answer

A

determine accountability and responsibility for processed transactions.

Question 33

Q

The MAJOR advantage of a component- based development approach is the:

Answer

A

support of multiple development environments.

Question 34

Q

The MAJOR consideration for an IS auditor reviewing an organization’s IT project portfolio is the:

Answer

A

business plan.

Question 35

Q

Management observed that the initial phase of a multiphase implementation was behind schedule and over budget. Prior to commencing with the next phase, an IS auditor’s PRIMARY suggestion for a postimplementation focus should be to:

Answer

A

review the impact of program changes made during the first phase on the remainder of the project.

Question 36

Q

Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques provides the GREATEST assistance in developing an estimate of project duration?

Answer

A

Program evaluation review technique chart

Question 37

Q

The most common reason for the failure of information systems to meet the needs of users is that:

Answer

A

user participation in defining the system’s requirements was inadequate.

Question 38

Q

Normally, it would be essential to involve which of the following stakeholders in the initiation stage of a project?

Answer

A

System owners

Question 39

Q

Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:

Answer

A

post-BPR process flowcharts.

Question 40

Q

An organization implemented a distributed accounting system, and the IS auditor is conducting a postimplementation review to provide assurance of the data integrity controls. Which of the following choices should the auditor perform FIRST?

Answer

A

Review the data flow diagram.

Question 41

Q

An organization is implementing an enterprise resource planning application. Of the following, who is PRIMARILY responsible for overseeing the project to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results?

Answer

A

Project steering committee

Question 42

Q

An organization sells books and music online at its secure web site. Transactions are transferred to the accounting and delivery systems every hour to be processed. Which of the following controls BEST ensures that sales processed on the secure web site are transferred to both the delivery and accounting systems?

Answer

A

Transactions are automatically numerically sequenced. Sequences are checked and gaps in continuity are accounted for.

Question 43

Q

The phases and deliverables of a system development life cycle project should be determined:

Answer

A

during the initial planning stages of the project.

Question 44

Q

A project manager for a project that is scheduled to take 18 months to complete announces that the project is in a healthy financial position because, after six months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine:

Answer

A

the amount of progress achieved compared to the project schedule.

Question 45

Q

The project steering committee is ultimately responsible for:

Answer

A

project deliverables, costs and timetables

Question 46

Q

A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of:

Answer

A

automated systems balancing.

Question 47

Q

A rapid application development methodology has been selected to implement a new enterprise resource planning system. All of the project activities have been assigned to the contracted consulting company because internal employees are not available. What is the IS auditor’s FIRST step to compensate for the lack of resources?

Answer

A

Review the project plan and approach.

Question 48

Q

The reason for establishing a stop or freezing point on the design of a new system is to:

Answer

A

require that changes after that point be evaluated for cost- effectiveness.

Question 49

Q

To minimize the cost of a software project, quality management techniques should be applied:

Answer

A

continuously throughout the project with an emphasis on finding and fixing defects primarily through testing to maximize the defect detection rate.

Question 50

Q

wo months after a major application implementation, management, who assume that the project went well, requests that an IS auditor perform a review of the completed project. The IS auditor’s PRIMARY focus should be to:

Answer

A

review controls built into the system to assure that they are operating as designed.

Question 51

Q

The use of object-oriented design and development techniques would MOST likely:

Answer

A

facilitate the ability to reuse modules.

Question 52

Q

The waterfall life cycle model of software development is most appropriately used when:

Answer

A

requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate.

Question 53

Q

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST ensure that:

Answer

A

a clear business case has been approved by management.

Question 54

Q

When identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those:

Answer

A

that have zero slack time.

Question 55

Q

When implementing an application software package, which of the following presents the GREATEST risk?

Answer

A

Incorrectly set parameters

Question 56

Q

When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST?

Answer

A

The critical path for the project

Question 57

Q

When preparing a business case to support the need of an electronic data warehouse solution, which of the following choices is the MOST important to assist management in the decision-making process?

Answer

A

Demonstrate feasibility.

Question 58

Q

When reviewing an active project, an IS auditor observed that the business case was no longer valid because of a reduction in anticipated benefits and increased costs. The IS auditor should recommend that the:

Answer

A

business case be updated and possible corrective actions be identified.

Question 59

Q

When reviewing a project where quality is a major concern, an IS auditor should use the project management triangle to explain that:

Answer

A

increases in quality can be achieved, if resource allocation is decreased.

Question 60

Q

Which of the following BEST helps an IS auditor evaluate the quality of programming activities related to future maintenance capabilities?

Answer

A

Program coding standards

Question 61

Q

Which of the following BEST helps ensure that deviations from the project plan are identified?

Answer

A

Project performance criteria

Question 62

Q

Which of the following BEST helps to prioritize project activities and determine the time line for a project?

Answer

A

Program evaluation review technique

Question 63

Q

Which of the following considerations is the MOST important while evaluating a business case for the acquisition of a new accounting application?

Answer

A

Return on investment to the company

Question 64

Q

Which of the following controls helps prevent duplication of vouchers during data entry?

Answer

A

A sequence check

Answer 65

A

Check digit

Answer 66

A

Prevents cost overruns and delivery delays

Answer 67

A

Prototype systems can provide significant time and cost savings.

Answer 68

A

Gantt charts

Answer 69

A

Establishing a software baseline

Answer 70

A

Collusion between employees

Answer 71

A

Quality of the metadata

Answer 72

A

Improved cost- effectiveness of IT service delivery and operational support

Answer 73

A

Project portfolio database

Answer 74

A

Earned value analysis

Answer 75

A

The time and cost implications caused by the change

Answer 76

A

User acceptance test specifications

Answer 77

A

The necessary communication protocols

Answer 78

A

Extrapolation of the overall end date based on completed work packages and current resources

Answer 79

A

Scope creep

Answer 80

A

Performance issues due to Internet delivery method

Answer 81

A

Detailed and correctly applied specifications

Answer 82

A

Implement formal software inspections.

Answer 83

A

effectively describes project boundaries.

Answer 84

A

is behind schedule.

Answer 85

A

User Management

Brainscape's Knowledge GenomeTM

Domain 3: Information Systems Acquisition, Development, and Implementation - PART 3A Flashcards

Brainscape's Knowledge Genome^TM