A3-1 - 154 Flashcards

1
Q

Who should review and approve system deliverables as they are defined and accomplished, to ensure the successful completion and implementation of a new business system application?

A. User management
B. Project steering committee
C. Senior Management
D. Quality assurance staff

A

A. User management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following BEST helps to prioritize activities and determine the time line for a project?

A. a Gantt chart
B. Earned value analysis
C. Program evaluation review technique (PERT)
D. Function point analysis

A

C. Program evaluation review technique (PERT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An IS auditor reviewing a series of completed projects finds that the implemented functionality often exceeds requirements and most of the projects ran significantly over budget. Which of these areas of the organization’s project management process is the MOST likely cause of this issue?

A. Project scope management
B. Project time management
C. Project risk management
D. Project procurement management

A

A. Project scope management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An IS auditor is reviewing the software development process for an organization. Which of the following functions are appropriate for the end users to perform?

A. Program output testing
B. System configuration
C. Program logic specification
D. Performance tuning

A

A. Program output testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An IS auditor is reviewing system development for a health care organization with two application environments - production and test. During an interview, the auditor notes that production data are used in the test environment to test program changes. What is the MOST significant potential risk from this situation?

A. The test environment may not have adequate controls to ensure data accuracy.
B. The test environment may produce inaccurate results due to use of production data.
C. Hardware in the test environment may not be identical to the production environment.
D. The test environment may not have adequate access controls implemented to ensure data confidentiality.

A

D. The test environment may not have adequate access controls implemented to ensure data confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The IS auditor is reviewing a recently completed conversion to a new enterprise resource planning system. In the final stage of the conversion process, the organization ran the old and the new systems in parallel for 30 days before allowing the new system to run on its own. What is the MOST significant advantage to the organization by using this strategy?

A. Significant cost savings over other testing approaches
B. Assurance that new, faster hardware is compatible with the new system.
C. Assurance that the new system meets functional requirements.
D. Increased resiliency during the parallel processing time.

A

C. Assurance that the new system meets functional requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What kind of software application testing is considered the final stage of testing and typically includes users outside of the development learn?

A. Alpha testing
B. White box testing
C. Regression testing
D. Beta testing

A

D. Beta testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

During which phase of software application testing should an organization perform the testing of architectural design?

A. Acceptance testing
B. System testing
C. Integration testing
D. Unit testing

A

C. Integration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is an advantage of an integrated test facility?

A. It uses actual master files or dummies, and the IS auditor does not have to review the source of the transaction.
B. Periodic testing does not require separate test processes.
C. It validates application systems and ensures the correct operation of the system.
D. The need to prepare test data is eliminated.

A

B. Periodic testing does not require separate test processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An organization is replacing a payroll program that is developed in-house, with the relevant subsystem of a commercial enterprise resource planning (ERP) system. Which of the following would reprint the HIGHEST potential risk?

A. Undocumented approval of some project changes
B. Faulty migration of historical data from the old system to the new system
C. Incomplete testing of the standard functionality of the ERP subsystem
D. Duplication of existing payroll permissions on the new ERP subsystem.

A

B. Faulty migration of historical data from the old system to the new system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An enterprise is developing a strategy to upgrade to a newer version of its database software. Which of the following tasks can an IS auditor perform without compromising the objectivity of the IS audit function?

A. Advise on the adoption of application controls to the new database software.
B. Provide future estimates of the licensing expenses to the project team.
C. Recommend to the project manager how to improve the efficiency of the migration.
D. Review the acceptance test case documentation before the tests are carried out.

A

D. Review the acceptance test case documentation before the tests are carried out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

During a post implementation review, which of the following activities should be performed?

A. User acceptance testing
B. Return on investment analysis
C. Activation of audit trails
D. Updates of the state of enterprise architecture diagrams.

A

B. Return on investment analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is the BEST approach to ensure that sufficient test coverage will be achieved for a project with a strict end date and a fixed time to perform testing?

A. Requirements should be tested in terms of importance and frequency of use.
B. Test coverage should be restricted to functional requirements.
C. Automated tests should be performed through the use of scripting.
D. The number of required test runs should be reduced by retesting only defect fixes.

A

A. Requirements should be tested in terms of importance and frequency of use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

By evaluating application development projects against the capacity maturity model, an IS auditor should be able to verify that:

A. Reliable products are guaranteed.
B. Programmer’ efficiency is improved.
C. Security requirements are designed.
D. Predictable software processes are followed.

A

D. Predictable software processes are followed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An IS auditor is performing a post-implementation review of an organization’s system and identifies output errors within an accounting application. The IS auditor determined this was caused by input errors. Which of the following controls should the IS auditor recommend to management?

A. Recalculations
B. Limit checks
C. Run-to-run totals
D. Reconciliations

A

B. Limit checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Due to reorganization, a business application system will ing be extended to other departments. Which of the following should be of the GREATEST concern for an IS auditor?

A. Process owners have not been identified.
B. The billing cost allocation method has not been determined.
C. Multiple application owners exist.
D. A training program does not exist.

A

A. Process owners have not been identified.

17
Q

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST ensure that:

A. A clear business case has been approved by management.
B. Corporate security standards will be met.
C. Users will be involved in the implementation plan.
D. The system will meet all the required user functionality.

A

A. A clear business case has been approved by management.

18
Q

Which of the following types of risk is MOST likely encountered in a software as a service (SaaS) environment?

A. Noncompliance with software license agreements.
B. Performance issues due to Internet delivery method.
C. Higher costs due to software licensing requirements.
D. Higher costs due to the need to update to compatible hardware.

A

B. Performance issues due to Internet delivery method.

19
Q

The MOST common reason for the failure of information systems to meed the needs of users is that:

A. user needs are constantly changing.
B. the growth of system requirements was forecast inaccurately.
C. the hardware system limits the number of concurrent users.
D. user participation in defining the system’s requirements was inadequate.

A

D. user participation in defining the system’s requirements was inadequate.

20
Q

Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques provides the GREATEST assistance in developing an estimate of project duration?

A. Function point analysis (FPA)
B. Program evaluation review technique chart (PERT)
C. Rapid application development (RAD)
D. Object-oriented system development (OOSD)

A

B. Program evaluation review technique chart (PERT)

21
Q

An IS auditor is reviewing IT projects for a large company and wants to determine whether the IT projects undertaken in a given year are those which have been assigned the highest priority by the business and will generate the greatest business value. Which of the following is MOST relevant?

A. A capability maturity model (CMM)
B. Portfolio management
C. Configuration management
D. Project management body of knowledge

A

B. Portfolio management

22
Q

The reason to establish a stop or freezing point on the design of a new system is to:

A. prevent further changes to a project in process.
B. indicate the point at which the design is to be completed.
C. require that changes after that point be evaluated for cost-effectiveness.
D. provide the project management team with more control over the project design.

A

C. require that changes after that point be evaluated for cost-effectiveness.

23
Q

Change control for business application systems being developed using prototyping could be complicated by the:

A. iterative nature of prototyping.
B. rapid pace of modifications in requirements and design.
C. emphasis on reports and screens.
D. lack of integrated tools.

A

B. rapid pace of modifications in requirements and design.

24
Q

An IS auditor performing a review of a major software project finds that it is on schedule and under budget even though the software developers have worked considerable amounts of unplanned overtime. The IS auditor should:

A. conclude that the project is progressing as planned because dates are being met.
B. question the project manager further to identify whether overtime costs are being tracked accurately.
C. conclude that the programmers are intentionally working slowly to earn extra overtime pay.
D. investigate further to determine whether the project plan may not be accurate.

A

D. investigate further to determine whether the project plan may not be accurate.

25
Q

A project development team is considering using production data for its test deck. The team removed sensitive data elements before loading it into the test environment. Which of the following additional concerns should an IS auditor have with this practice?

A. Not all functionality will be tested.
B. Production data are introduced into the test environment
C. Specialized training is required.
D. The project may run over budget.

A

A. Not all functionality will be tested.