Papersbyjol

1. An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when IS is procuring services from an independent service provider (ISP)? A References from other customers B Service level agreement (SLA) template C Maintenance agreement D Conversion plan - ANSWERThe answer is A An IS auditor should look for an independent verification that the ISP can perform the tasks being contracted for. References from other customers would pr...

Most important step in risk analysis is to identify a. Competitors b. controls c. vulnerabilities d. liabilities - ANSWERc. vulnerabilities In a risk based audit planning, an IS auditor's first step is to identify: a. responsibilities of stakeholders b. high-risk areas within the organization c. cost centre d. profit centre - ANSWERb. high-risk areas within the organization When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure ...

Completing a Risk Analysis. - ANSWERWhat is the most important consideration before implementing a new technology? Indemnity Clause - ANSWERWhat is a clause that holds providers financially liable for violations? Agreed upon performance metrics in the SLA - ANSWERWhat is the best reference for vendor's ability to meet its SLA? Integrated Test Facility (ITF) - ANSWERWhat creates a fictitious entity in the database to process test transactions simultaneously with live input Its adva...

IT governance is most concerned with A. Security policy B. IT policy C. IT strategy D. IT executive compensation - ANSWERIT Strategy IT governance is the mechanism through which IT strategy is established, controlled, and monitored through the balanced scorecard. Long-term and other strategic decisions are made in the context of IT governance. One of the advantages of outsourcing is A. It permits the organization to focus on core competencies. B. It results in reduced costs. C. It pr...

When evaluating the collective effect of preventive, detective and corrective controls within a process, an IS auditor should be aware of which of the following? A. The point at which controls are exercised as data flow through the system B. Only preventive and detective controls are relevant C. Corrective controls are regarded as compensating D. Classification allows an IS auditor to determine which controls are missing - ANSWERA. An IS auditor who has discovered unauthorized transaction...

Al-l The internal audit department wrote some scripts that are used for continuous auditing of some information systems. The IT department asked for copies of the scripts so that they can use them for setting up a continuous monitoring process on key systems. Does sharing these scripts with IT affect the ability of the IS auditors to independently and objectively audit the IT function? A. Sharing the scripts is not permitted because it gives IT the ability to pre-audit systems and avoid an ac...

01. An audit charter should: a) be dynamic and change to coincide with the changing nature of technology and the audit profession. b) clearly state audit objectives for, and the delegation of, authority to the maintenance and review of internal controls. c) document the audit procedures designed to achieve the planned audit objectives. d) outline the overall authority, scope and responsibilities of the audit function. - ANSWERAnswer: d) outline the overall authority, scope and responsib...

Planning, fieldwork/documentation, and reporting/follow-up - ANSWERMajor phases of the typical audit process Audit Charter - ANSWERAn overarching document that covers the entire scope of audit activities in an entire entity. Engagement Letter - ANSWERMore focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind. Short-Term Planning - ANSWERConsiders audit issues that will be covered during the year. Long-Term Planning ...

Chapter 1 - ANSWER Source code - ANSWERuncompiled, archive code Object code - ANSWERcompiled code that is distributed and put into production; not able to be read by humans Inherent risk - ANSWERthe risk that an error could occur assuming no compensating control exist Control risk - ANSWERthe risk that an error exists that would not be prevented by internal controls Detection risk - ANSWERthe risk that an error exists, but is not detected. The risk that an IS auditor may use an in...

In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer? Correct A. Nonrepudiation B. Encryption C. Authentication D. Integrity . - ANSWERYou are correct, the answer is A. A. Nonrepudiation, achieved through the use of digital signatures, prevents the senders from later denying that they generated and sent the message. B. Encryption may protect the data transmitted ove...