A3-1 - 154 Flashcards
Who should review and approve system deliverables as they are defined and accomplished, to ensure the successful completion and implementation of a new business system application?
A. User management
B. Project steering committee
C. Senior Management
D. Quality assurance staff
A. User management
Which of the following BEST helps to prioritize activities and determine the time line for a project?
A. a Gantt chart
B. Earned value analysis
C. Program evaluation review technique (PERT)
D. Function point analysis
C. Program evaluation review technique (PERT)
An IS auditor reviewing a series of completed projects finds that the implemented functionality often exceeds requirements and most of the projects ran significantly over budget. Which of these areas of the organization’s project management process is the MOST likely cause of this issue?
A. Project scope management
B. Project time management
C. Project risk management
D. Project procurement management
A. Project scope management
An IS auditor is reviewing the software development process for an organization. Which of the following functions are appropriate for the end users to perform?
A. Program output testing
B. System configuration
C. Program logic specification
D. Performance tuning
A. Program output testing
An IS auditor is reviewing system development for a health care organization with two application environments - production and test. During an interview, the auditor notes that production data are used in the test environment to test program changes. What is the MOST significant potential risk from this situation?
A. The test environment may not have adequate controls to ensure data accuracy.
B. The test environment may produce inaccurate results due to use of production data.
C. Hardware in the test environment may not be identical to the production environment.
D. The test environment may not have adequate access controls implemented to ensure data confidentiality.
D. The test environment may not have adequate access controls implemented to ensure data confidentiality.
The IS auditor is reviewing a recently completed conversion to a new enterprise resource planning system. In the final stage of the conversion process, the organization ran the old and the new systems in parallel for 30 days before allowing the new system to run on its own. What is the MOST significant advantage to the organization by using this strategy?
A. Significant cost savings over other testing approaches
B. Assurance that new, faster hardware is compatible with the new system.
C. Assurance that the new system meets functional requirements.
D. Increased resiliency during the parallel processing time.
C. Assurance that the new system meets functional requirements.
What kind of software application testing is considered the final stage of testing and typically includes users outside of the development learn?
A. Alpha testing
B. White box testing
C. Regression testing
D. Beta testing
D. Beta testing
During which phase of software application testing should an organization perform the testing of architectural design?
A. Acceptance testing
B. System testing
C. Integration testing
D. Unit testing
C. Integration testing
Which of the following is an advantage of an integrated test facility?
A. It uses actual master files or dummies, and the IS auditor does not have to review the source of the transaction.
B. Periodic testing does not require separate test processes.
C. It validates application systems and ensures the correct operation of the system.
D. The need to prepare test data is eliminated.
B. Periodic testing does not require separate test processes.
An organization is replacing a payroll program that is developed in-house, with the relevant subsystem of a commercial enterprise resource planning (ERP) system. Which of the following would reprint the HIGHEST potential risk?
A. Undocumented approval of some project changes
B. Faulty migration of historical data from the old system to the new system
C. Incomplete testing of the standard functionality of the ERP subsystem
D. Duplication of existing payroll permissions on the new ERP subsystem.
B. Faulty migration of historical data from the old system to the new system
An enterprise is developing a strategy to upgrade to a newer version of its database software. Which of the following tasks can an IS auditor perform without compromising the objectivity of the IS audit function?
A. Advise on the adoption of application controls to the new database software.
B. Provide future estimates of the licensing expenses to the project team.
C. Recommend to the project manager how to improve the efficiency of the migration.
D. Review the acceptance test case documentation before the tests are carried out.
D. Review the acceptance test case documentation before the tests are carried out.
During a post implementation review, which of the following activities should be performed?
A. User acceptance testing
B. Return on investment analysis
C. Activation of audit trails
D. Updates of the state of enterprise architecture diagrams.
B. Return on investment analysis
Which of the following is the BEST approach to ensure that sufficient test coverage will be achieved for a project with a strict end date and a fixed time to perform testing?
A. Requirements should be tested in terms of importance and frequency of use.
B. Test coverage should be restricted to functional requirements.
C. Automated tests should be performed through the use of scripting.
D. The number of required test runs should be reduced by retesting only defect fixes.
A. Requirements should be tested in terms of importance and frequency of use.
By evaluating application development projects against the capacity maturity model, an IS auditor should be able to verify that:
A. Reliable products are guaranteed.
B. Programmer’ efficiency is improved.
C. Security requirements are designed.
D. Predictable software processes are followed.
D. Predictable software processes are followed.
An IS auditor is performing a post-implementation review of an organization’s system and identifies output errors within an accounting application. The IS auditor determined this was caused by input errors. Which of the following controls should the IS auditor recommend to management?
A. Recalculations
B. Limit checks
C. Run-to-run totals
D. Reconciliations
B. Limit checks