DOMAIN 3 (CISA REVIEW QUESTIONS,
ANSWERS & EXPLANATIONS MANUAL,
12TH EDITION | PRINT | ENGLISH)
QUESTIONS AND ANSWERS WITH
SOLUTIONS 2024
147 The project steering committee is ultimately responsible for:
A. day-to-day management and leadership of the project.
B. allocating the funding for the project.
C. project deliverables, costs and timetables.
D. ensuring that system controls are in place. - ANSWER C is the correct answer. Justification:
A. Day-to-day management and leadership of the project is the function of the project manager.
B. Providing the funding for the project is the function of the project sponsor.
C. The project steering committee provides overall direction; ensures appropriate representation of the
major stakeholders in the project's outcome; and takes ultimate responsibility for the deliverables, costs
and timetables.
D. Ensuring that system controls are in place is the function of the project security officer.
46 Assignment of process ownership is essential in system development projects because it:
A. enables the tracking of the development completion percentage.
B. optimizes the design cost of user acceptance test cases.
C. minimizes the gaps between requirements and functionalities.
D. ensures that system design is based on business needs. - ANSWER D is the correct answer.
Justification:
A. Process ownershipassignmentdoes not have a featureto track the completionpercentageof
de1iverables.
B. Whether the design cost of test cases will be optimized is not determined from the assignment of
process ownership. It may help to some extent; however, there are many other factors involved in the
design of test cases.
,C. For gap minimization, a specific requirements analysis framework should be in place and then applied;
however, a gap may be found between the design and the as-built system that could lead to system
functionality not meeting requirements. This will be identified during user acceptance testing. Process
ownership alone does not have the capability to minimize requirement gaps.
D. The involvement of process owners will ensure that the system will be designed according to the
needs of the business processes that depend on system functiouality. A sign-off on the design by the
process owners is crucial before development begins.
A legacy payroll application is migrated to a new application. Which of the following stakeholders should
be PRIMARILY responsible for reviewing and signing-off on the accuracy and completeness of the data
before going live?
A. IS auditor
B. Database administrator
C. Project manager
D. Data owner - ANSWER Justification:
A. An IS auditor should ensure that there is a review and sign-off by the data owner during the data
conversion stage of the project.
B. A databaseadministrator'sprimary responsibilityis to maintainthe integrityof the databaseand make
the databaseavailableto users.A databaseadministratoris not responsiblefor reviewingmigrateddata.
C. A project manager provides day-to-day management and leadership of the project but is not
responsible for the accuracy and integrity of the data.
D. During the data conversion stage of a project, the data owner is primarily responsible for reviewing
and signing-offthat the data are migrated completely and accurately and are valid. An IS auditor is not
responsible for reviewing and signing-offon the accuracy of the converted data.
A rapid application development methodology has been selected to implement a new enterprise
resource planning system. All of the project activities have been assigned to the contracted consulting
company because internal employees are not available. What is the IS auditor's FIRST step to
compensate for the lack of resources?
A. Review the project plan and approach
B. Ask the vendor to provide additional external staff
,C. Recommend that the company hire more people
D. Stop the project until all human resources are available - ANSWER A is the correct answer.
Justification:
A. Rapid methodologies require available resources with good expertise and a fast decision-making
process because the plan duration is usually short. Reviewingthe project plan and approach is the best
recommendation to make the appropriate changes to compensate for the missing end users.
B. Adding external people to the project will not resolve the problem because they will not be able to
decide on behalf of the internal employees who are usually end users from the business side.
C. Hiring new people will take time and does not guarantee the readiness of new hires to make
appropriate decisions in this project.
D. Stopping the project could be a good option but reviewing the project and considering all of the
aspects should be done first.
A3-1 Who should review and approve system deliverables as they are defined and accomplished, to
ensure the successful completion and implementation of a new business system application?
A. User management
B. Project steering committee
C. Senior management
D. Quality assurance staff - ANSWER A is the correct answer. Justification:
A. User management assumes ownership of the project and resulting system, allocates qualified
representatives to the team and actively participates in system requirements definition, acceptance
testing and user training. User management should review and approve system deliverables as they are
defined and accomplished, or implemented.
B. . A project steering committee provides overall direction, ensures appropriate representation of the
major stakeholders in the project's outcome, reviews project progress regularly and holds emergency
meetings when required. A project steering committee is ultimately responsible for all deliverables,
project costs and schedules.
C. Senior management demonstrates commitment to the project and approves the necessary resources
to complete the project. This commitment from senior management helps ensure involvement by those
who are needed to complete the project.
D. Quality assurance staff review results and deliverables within each phase, and at the end of each
phase confirm compliance with standards and requirements. The timing of reviews depends on the
, system development life cycle, the impact of potential deviation methodology used, the structure and
magnitude of the system and the impact of potential deviation.
A3-10 An organization is replacing a payroll program that it developed in-house, with the relevant
subsystem
of a commercial enterprise resource planning (ERP) system. Which of the following would represent the
HIGHEST potential risk?
A. Undocumented approval of some project changes
B. Faulty migration of historical data from the old system to the new system
C. Incomplete testing of the standard functionality of the ERP subsystem
D. Duplication of existing payroll permissions on the new.ERP subsystem - ANSWER B is the correct
answer. Justification:
A. Undocumented changes (leading to scope creep) are a risk, but the greatest risk is the loss of data
integrity when migrating data from the old system to the new system.
B. The most significant risk after a payroll system conversion is loss of data integrity and not being able to
pay employees in a timely and accurate manner or have records of past payments. As a result,
maintaining data integrity and accuracy during migration is paramount.
C. A lack of testing is always a risk; however, in this case, the new payroll system is a subsystem of an
existing commercially available (and therefore probably well-tested) system.
D. Settingup the new system, including access permissions and payrolldata, alwayspresents some level of
risk;
however,the greatestrisk is related to the migration of data from the old system to the new system
A3-100 Which of the following should be developed during the requirements definition phase of a
software development project to address aspects of software testing?
A. Test data covering critical applications
B. Detailed test plans
C. Quality assurance test specifications
D. User acceptance test specifications - ANSWER D is the correct answer. Justification:
A. Test data will usually be created during the system testing phase.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Performance. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
