DOMAIN 3 (CISA REVIEW QUESTIONS,
ANSWERS & EXPLANATIONS MANUAL,
12TH EDITION | PRINT | ENGLISH)
QUESTIONS AND ANSWERS WITH
SOLUTIONS 2024
147 The project steering committee is ultimately responsible for:
A. day-to-day management and leadership of the project.
B. allocating the funding for the project.
C. project deliverables, costs and timetables.
D. ensuring that system controls are in place. - ANSWER C is the correct answer. Justification:
A. Day-to-day management and leadership of the project is the function of the project manager.
B. Providing the funding for the project is the function of the project sponsor.
C. The project steering committee provides overall direction; ensures appropriate representation of the
major stakeholders in the project's outcome; and takes ultimate responsibility for the deliverables, costs
and timetables.
D. Ensuring that system controls are in place is the function of the project security officer.
46 Assignment of process ownership is essential in system development projects because it:
A. enables the tracking of the development completion percentage.
B. optimizes the design cost of user acceptance test cases.
C. minimizes the gaps between requirements and functionalities.
D. ensures that system design is based on business needs. - ANSWER D is the correct answer.
Justification:
A. Process ownershipassignmentdoes not have a featureto track the completionpercentageof
de1iverables.
B. Whether the design cost of test cases will be optimized is not determined from the assignment of
process ownership. It may help to some extent; however, there are many other factors involved in the
design of test cases.
,C. For gap minimization, a specific requirements analysis framework should be in place and then applied;
however, a gap may be found between the design and the as-built system that could lead to system
functionality not meeting requirements. This will be identified during user acceptance testing. Process
ownership alone does not have the capability to minimize requirement gaps.
D. The involvement of process owners will ensure that the system will be designed according to the
needs of the business processes that depend on system functiouality. A sign-off on the design by the
process owners is crucial before development begins.
A legacy payroll application is migrated to a new application. Which of the following stakeholders should
be PRIMARILY responsible for reviewing and signing-off on the accuracy and completeness of the data
before going live?
A. IS auditor
B. Database administrator
C. Project manager
D. Data owner - ANSWER Justification:
A. An IS auditor should ensure that there is a review and sign-off by the data owner during the data
conversion stage of the project.
B. A databaseadministrator'sprimary responsibilityis to maintainthe integrityof the databaseand make
the databaseavailableto users.A databaseadministratoris not responsiblefor reviewingmigrateddata.
C. A project manager provides day-to-day management and leadership of the project but is not
responsible for the accuracy and integrity of the data.
D. During the data conversion stage of a project, the data owner is primarily responsible for reviewing
and signing-offthat the data are migrated completely and accurately and are valid. An IS auditor is not
responsible for reviewing and signing-offon the accuracy of the converted data.
A rapid application development methodology has been selected to implement a new enterprise
resource planning system. All of the project activities have been assigned to the contracted consulting
company because internal employees are not available. What is the IS auditor's FIRST step to
compensate for the lack of resources?
A. Review the project plan and approach
B. Ask the vendor to provide additional external staff
,C. Recommend that the company hire more people
D. Stop the project until all human resources are available - ANSWER A is the correct answer.
Justification:
A. Rapid methodologies require available resources with good expertise and a fast decision-making
process because the plan duration is usually short. Reviewingthe project plan and approach is the best
recommendation to make the appropriate changes to compensate for the missing end users.
B. Adding external people to the project will not resolve the problem because they will not be able to
decide on behalf of the internal employees who are usually end users from the business side.
C. Hiring new people will take time and does not guarantee the readiness of new hires to make
appropriate decisions in this project.
D. Stopping the project could be a good option but reviewing the project and considering all of the
aspects should be done first.
A3-1 Who should review and approve system deliverables as they are defined and accomplished, to
ensure the successful completion and implementation of a new business system application?
A. User management
B. Project steering committee
C. Senior management
D. Quality assurance staff - ANSWER A is the correct answer. Justification:
A. User management assumes ownership of the project and resulting system, allocates qualified
representatives to the team and actively participates in system requirements definition, acceptance
testing and user training. User management should review and approve system deliverables as they are
defined and accomplished, or implemented.
B. . A project steering committee provides overall direction, ensures appropriate representation of the
major stakeholders in the project's outcome, reviews project progress regularly and holds emergency
meetings when required. A project steering committee is ultimately responsible for all deliverables,
project costs and schedules.
C. Senior management demonstrates commitment to the project and approves the necessary resources
to complete the project. This commitment from senior management helps ensure involvement by those
who are needed to complete the project.
D. Quality assurance staff review results and deliverables within each phase, and at the end of each
phase confirm compliance with standards and requirements. The timing of reviews depends on the
, system development life cycle, the impact of potential deviation methodology used, the structure and
magnitude of the system and the impact of potential deviation.
A3-10 An organization is replacing a payroll program that it developed in-house, with the relevant
subsystem
of a commercial enterprise resource planning (ERP) system. Which of the following would represent the
HIGHEST potential risk?
A. Undocumented approval of some project changes
B. Faulty migration of historical data from the old system to the new system
C. Incomplete testing of the standard functionality of the ERP subsystem
D. Duplication of existing payroll permissions on the new.ERP subsystem - ANSWER B is the correct
answer. Justification:
A. Undocumented changes (leading to scope creep) are a risk, but the greatest risk is the loss of data
integrity when migrating data from the old system to the new system.
B. The most significant risk after a payroll system conversion is loss of data integrity and not being able to
pay employees in a timely and accurate manner or have records of past payments. As a result,
maintaining data integrity and accuracy during migration is paramount.
C. A lack of testing is always a risk; however, in this case, the new payroll system is a subsystem of an
existing commercially available (and therefore probably well-tested) system.
D. Settingup the new system, including access permissions and payrolldata, alwayspresents some level of
risk;
however,the greatestrisk is related to the migration of data from the old system to the new system
A3-100 Which of the following should be developed during the requirements definition phase of a
software development project to address aspects of software testing?
A. Test data covering critical applications
B. Detailed test plans
C. Quality assurance test specifications
D. User acceptance test specifications - ANSWER D is the correct answer. Justification:
A. Test data will usually be created during the system testing phase.
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur Performance. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour $15.49. Vous n'êtes lié à rien après votre achat.