Assignment of process ownership is essential in system development projects because it:
ensures that system design is based on business needs.
How well did you know this? Not at allBefore implementing controls in a newly developed system, management should PRIMARILY ensure that the controls:
satisfy a requirement in addressing a risk.
How well did you know this? Not at allThe BEST time for an IS auditor to assess the control specifications of a new application software package which is being considered for acquisition is during:
during the requirements gathering process.
How well did you know this? Not at allA company has implemented a new client- server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are processed accurately, and the corresponding products are produced?
Verifying production of customer orders
How well did you know this? Not at allA company’s development team does not follow generally accepted system development life cycle practices. Which of the following is MOST likely to cause problems for software development projects?
Project responsibilities are not formally defined at the beginning of a project.
How well did you know this? Not at allA company undertakes a business process reengineering project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor’s main concern about the new process?
Whether key controls are in place to protect assets and information resources
How well did you know this? Not at allThe development of an application has been outsourced to an offshore vendor. Which of the following should be of GREATEST concern to an IS auditor?
The business case was not established.
How well did you know this? Not at allDocumentation of a business case used in an IT development project should be retained until:
the end of the system’s life cycle.
How well did you know this? Not at allDue to a reorganization, a business application system will be extended to other departments. Which of the following should be of the GREATEST concern for an IS auditor?
Process owners have not been identified.
How well did you know this? Not at allDuring a system development life cycle audit of a human resources and payroll application, the IS auditor notes that the data used for user acceptance testing have been masked. The purpose of masking the data is to ensure the:
confidentiality of the data.
How well did you know this? Not at allDuring the audit of an acquired software package, an IS auditor finds that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal. The IS auditor should FIRST:
ensure that the procedure had been approved.
How well did you know this? Not at allDuring the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced, and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
How well did you know this? Not at allThe editing/validation of data entered at a remote site is performed MOST effectively at the:
remote processing site PRIOR to transmission of the data to the central processing site.
How well did you know this? Not at allAn enterprise is developing a strategy to upgrade to a newer version of its database software. Which of the following tasks can an IS auditor perform without compromising the objectivity of the IS audit function?
Review the acceptance test case documentation BEFORE the tests are carried out.
How well did you know this? Not at allFollowing good practices, formal plans for implementation of new information systems are developed during the:
How well did you know this? Not at allInformation for detecting unauthorized input from a user workstation would be BEST provided by the:
How well did you know this? Not at allAn IS auditor assesses the project management process for an internal software development project. In respect to the software functionality, the IS auditor should look for sign-off by:
business unit management.
How well did you know this? Not at allAn IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor’s MAIN concern should be that the:
complexity and risk associated with the project have been analyzed.
How well did you know this? Not at allAn IS auditor has found time constraints and expanded needs to be the root causes for recent violations of corporate data definition standards in a new business intelligence project. Which of the following is the MOST appropriate suggestion for an auditor to make?
Achieve standards alignment through an increase of resources devoted to the project.
How well did you know this? Not at allAn IS auditor invited to a project development meeting notes that no project risk has been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risk and that, if risk starts impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to:
Stress the importance of spending time at this point in the project to consider and DOCUMENT risk and to develop contingency plans.