CISA 301 - 400 Flashcards
An advantage in using a bottom-up vs. a top-down approach to software testing is that:
A. interface errors are detected earlier.
B. confidence in the system is achieved earlier.
C. errors in critical modules are detected earlier.
D. major functions and processing are tested earlier.
C. errors in critical modules are detected earlier.
An advantage of using sanitized live transactions in test data is that:
A. all transaction types will be included.
B. every error condition is likely to be tested.
C. no special routines are required to assess the results.
D. test transactions are representative of live processing.
D. test transactions are representative of live processing.
At the completion of a system development project, a post-project review should include which of the following?
A. Assessing risk that may lead to downtime after the production release
B. Identifying lessons learned that may be applicable to future projects
C. Verifying that the controls in the delivered system are working
D. Ensuring that test data are deleted
B. Identifying lessons learned that may be applicable to future projects
Before implementing controls in a newly developed system, management should PRIMARILY ensure that the controls:
A. satisfy a requirement in addressing a risk.
B. do not reduce productivity.
C. are based on a minimized cost analysis.
D. are detective or corrective.
A. satisfy a requirement in addressing a risk.
The BEST time for an IS auditor to assess the control specifications of a new application software package which is being considered for acquisition is during:
A. the internal lab testing phase.
B. testing and prior to user acceptance.
C. the requirements gathering process.
D. the implementation phase.
C. the requirements gathering process.
A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the change was authorized?
A. The system will not process the change until the clerk’s manager confirms the change by entering an approval code.
B. The system generates a weekly report listing all rate exceptions and the report is reviewed by the clerk’s manager.
C. The system requires the clerk to enter an approval code.
D. The system displays a warning message to the clerk.
A. The system will not process the change until the clerk’s manager confirms the change by entering an approval code.
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing system developed in-house. In reviewing the proposed development approach, which of the following would be of GREATEST concern?
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on initial implementation.
D. Prototyping is being used to confirm that the system meets business requirements.
B. A quality plan is not part of the contracted deliverables.
A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are processed accurately and the corresponding products are produced?
A. Verifying production to customer orders
B. Logging all customer orders in the ERP system
C. Using hash totals in the order transmitting process
D. Approving (production supervisor) orders prior to production
A. Verifying production to customer orders
A company has recently upgraded its purchase system to incorporate electronic data interchange (EDI) transmissions. Which of the following controls should be implemented in the EDI interface to provide for efficient data mapping?
A. Key verification
B. One-for-one checking
C. Manual recalculations
D. Functional acknowledgements
D. Functional acknowledgements
A company’s development team does not follow generally accepted system development life cycle (SDLC) practices. Which of the following is MOST likely to cause problems for software development projects?
A. Functional verification of the prototypes is assigned to end users.
B. The project is implemented while minor issues are open from user acceptance testing (UAT).
C. Project responsibilities are not formally defined at the beginning of a project.
D. Program documentation is inadequate.
C. Project responsibilities are not formally defined at the beginning of a project.
A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor’s main concern about the new process?
A. Whether key controls are in place to protect assets and information resources
B. Whether the system addresses corporate customer requirements
C. Whether the system can meet the performance goals (time and resources)
D. Whether the new system will support separation of duties
A. Whether key controls are in place to protect assets and information resources
A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:
A. payroll reports should be compared to input forms.
B. gross payroll should be recalculated manually.
C. checks (cheques) should be compared to input forms.
D. checks (cheques) should be reconciled with output reports.
A. payroll reports should be compared to input forms.
A decision support system (DSS) is used to help high-level management:
A. solve highly structured problems.
B. combine the use of decision models with predetermined criteria.
C. make decisions based on data analysis and interactive models.
D. support only structured decision-making tasks.
C. make decisions based on data analysis and interactive models.
During a system development life cycle (SDLC) audit of a human resources (HR) and payroll application, the IS auditor notes that the data used for user acceptance testing (UAT) have been masked. The purpose of masking the data is to ensure the:
A. confidentiality of the data.
B. accuracy of the data.
C. completeness of the data.
D. reliability of the data.
A. confidentiality of the data.
During the audit of an acquired software package, an IS auditor finds that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:
A. test the software for compatibility with existing hardware.
B. perform a gap analysis.
C. review the licensing policy.
D. ensure that the procedure had been approved.
D. ensure that the procedure had been approved.
