Domain 3: Information Systems Acquisition, Development, and Implementation - PART 3A

Question 1

Assignment of process ownership is essential in system development projects because it:

Answer 1

ensures that system design is based on business needs.

Question 2

Before implementing controls in a newly developed system, management should PRIMARILY ensure that the controls:

Answer 2

satisfy a requirement in addressing a risk.

Question 3

The BEST time for an IS auditor to assess the control specifications of a new application software package which is being considered for acquisition is during:

Answer 3

during the requirements gathering process.

Question 4

A company has implemented a new client- server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are processed accurately, and the corresponding products are produced?

Answer 4

Verifying production of customer orders

Question 5

A company’s development team does not follow generally accepted system development life cycle practices. Which of the following is MOST likely to cause problems for software development projects?

Answer 5

Project responsibilities are not formally defined at the beginning of a project.

Question 6

A company undertakes a business process reengineering project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor’s main concern about the new process?

Answer 6

Whether key controls are in place to protect assets and information resources

Question 7

The development of an application has been outsourced to an offshore vendor. Which of the following should be of GREATEST concern to an IS auditor?

Answer 7

The business case was not established.

Question 8

Documentation of a business case used in an IT development project should be retained until:

Answer 8

the end of the system’s life cycle.

Question 9

Due to a reorganization, a business application system will be extended to other departments. Which of the following should be of the GREATEST concern for an IS auditor?

Answer 9

Process owners have not been identified.

Question 10

During a system development life cycle audit of a human resources and payroll application, the IS auditor notes that the data used for user acceptance testing have been masked. The purpose of masking the data is to ensure the:

Answer 10

confidentiality of the data.

Question 11

During the audit of an acquired software package, an IS auditor finds that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal. The IS auditor should FIRST:

Answer 11

ensure that the procedure had been approved.

Question 12

During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced, and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:

Answer 12

buffer overflow.

Question 13

The editing/validation of data entered at a remote site is performed MOST effectively at the:

Answer 13

remote processing site PRIOR to transmission of the data to the central processing site.

Question 14

An enterprise is developing a strategy to upgrade to a newer version of its database software. Which of the following tasks can an IS auditor perform without compromising the objectivity of the IS audit function?

Answer 14

Review the acceptance test case documentation BEFORE the tests are carried out.

Question 15

Following good practices, formal plans for implementation of new information systems are developed during the:

Answer 15

Design Phase.

Question 16

Information for detecting unauthorized input from a user workstation would be BEST provided by the:

Answer 16

transaction journal.

Question 17

An IS auditor assesses the project management process for an internal software development project. In respect to the software functionality, the IS auditor should look for sign-off by:

Answer 17

business unit management.

Question 18

An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor’s MAIN concern should be that the:

Answer 18

complexity and risk associated with the project have been analyzed.

Question 19

An IS auditor has found time constraints and expanded needs to be the root causes for recent violations of corporate data definition standards in a new business intelligence project. Which of the following is the MOST appropriate suggestion for an auditor to make?

Answer 19

Achieve standards alignment through an increase of resources devoted to the project.

Question 20

An IS auditor invited to a project development meeting notes that no project risk has been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risk and that, if risk starts impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to:

Answer 20

Stress the importance of spending time at this point in the project to consider and DOCUMENT risk and to develop contingency plans.

Question 21

An IS auditor is assigned to audit a software development project, which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?

Answer 21

Review the business case and project management.

Question 22

An IS auditor is performing a post- implementation review of an organization’s system and identifies output errors within an accounting application. The IS auditor determined this was caused by input errors. Which of the following controls should the IS auditor recommend to management?

Answer 22

Limit checks

Question 23

An IS auditor is reviewing IT projects for a large company and wants to determine whether the IT projects undertaken in a given year are those which have been assigned the highest priority by the business and which will generate the greatest business value. Which of the following is MOST relevant?

Answer 23

Portfolio management

Question 24

An IS auditor is reviewing the software development capabilities of an organization that has adopted the agile methodology. The IS auditor would be the MOST concerned if:

Answer 24

certain project iterations produce proof-of- concept deliverables and unfinished code.

Question 25

An IS auditor performing a review of a major software development project finds that it is on schedule and under budget even though the software developers have worked considerable amounts of unplanned overtime. The IS auditor should:

Answer 25

investigate further to determine whether the project plan may not be accurate.

Question 26

An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:

Answer 26

verify the format of the number entered, then locate it on the database.

Question 27

An IS auditor reviewing a proposed application software acquisition should ensure that the:

Answer 27

product is compatible with the current or planned OS.

Question 28

An IS auditor reviewing a series of completed projects finds that the implemented functionality often exceeded requirements and most of the projects ran significantly over budget. Which of these areas of the organization’s project management process is the MOST likely cause of this issue?

Answer 28

Project scope management

Question 29

An IS auditor reviewing the IT project management process is reviewing a feasibility study for a critical project to build a new data center. The IS auditor is MOST concerned about the fact that:

Answer 29

the organizational impact of the project has not been assessed.

Question 30

An IS auditor who is auditing the software acquisition process will ensure that the:

Answer 30

contract is reviewed and approved by the legal counsel before it is signed.

Question 31

A large industrial organization is replacing an obsolete legacy system and evaluating whether to buy a custom solution or develop a system in-house. Which of the following will MOST likely influence the decision?

Answer 31

Technical skills and knowledge within the organization related to sourcing and software development

Question 32

The MAIN purpose of a transaction audit trail is to:

Answer 32

determine accountability and responsibility for processed transactions.

Question 33

The MAJOR advantage of a component- based development approach is the:

Answer 33

support of multiple development environments.

Question 34

The MAJOR consideration for an IS auditor reviewing an organization’s IT project portfolio is the:

Answer 34

business plan.

Question 35

Management observed that the initial phase of a multiphase implementation was behind schedule and over budget. Prior to commencing with the next phase, an IS auditor’s PRIMARY suggestion for a postimplementation focus should be to:

Answer 35

review the impact of program changes made during the first phase on the remainder of the project.

Question 36

Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques provides the GREATEST assistance in developing an estimate of project duration?

Answer 36

Program evaluation review technique chart

Question 37

The most common reason for the failure of information systems to meet the needs of users is that:

Answer 37

user participation in defining the system’s requirements was inadequate.

Question 38

Normally, it would be essential to involve which of the following stakeholders in the initiation stage of a project?

Answer 38

System owners

Question 39

Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:

Answer 39

post-BPR process flowcharts.

Question 40

An organization implemented a distributed accounting system, and the IS auditor is conducting a postimplementation review to provide assurance of the data integrity controls. Which of the following choices should the auditor perform FIRST?

Answer 40

Review the data flow diagram.

Question 41

An organization is implementing an enterprise resource planning application. Of the following, who is PRIMARILY responsible for overseeing the project to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results?

Answer 41

Project steering committee

Question 42

An organization sells books and music online at its secure web site. Transactions are transferred to the accounting and delivery systems every hour to be processed. Which of the following controls BEST ensures that sales processed on the secure web site are transferred to both the delivery and accounting systems?

Answer 42

Transactions are automatically numerically sequenced. Sequences are checked and gaps in continuity are accounted for.

Question 43

The phases and deliverables of a system development life cycle project should be determined:

Answer 43

during the initial planning stages of the project.

Question 44

A project manager for a project that is scheduled to take 18 months to complete announces that the project is in a healthy financial position because, after six months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine:

Answer 44

the amount of progress achieved compared to the project schedule.

Question 45

The project steering committee is ultimately responsible for:

Answer 45

project deliverables, costs and timetables

Question 46

A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of:

Answer 46

automated systems balancing.

Question 47

A rapid application development methodology has been selected to implement a new enterprise resource planning system. All of the project activities have been assigned to the contracted consulting company because internal employees are not available. What is the IS auditor’s FIRST step to compensate for the lack of resources?

Answer 47

Review the project plan and approach.

Question 48

The reason for establishing a stop or freezing point on the design of a new system is to:

Answer 48

require that changes after that point be evaluated for cost- effectiveness.

Question 49

To minimize the cost of a software project, quality management techniques should be applied:

Answer 49

continuously throughout the project with an emphasis on finding and fixing defects primarily through testing to maximize the defect detection rate.

Question 50

wo months after a major application implementation, management, who assume that the project went well, requests that an IS auditor perform a review of the completed project. The IS auditor’s PRIMARY focus should be to:

Answer 50

review controls built into the system to assure that they are operating as designed.

Question 51

The use of object-oriented design and development techniques would MOST likely:

Answer 51

facilitate the ability to reuse modules.

Question 52

The waterfall life cycle model of software development is most appropriately used when:

Answer 52

requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate.

Question 53

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST ensure that:

Answer 53

a clear business case has been approved by management.

Question 54

When identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those:

Answer 54

that have zero slack time.

Question 55

When implementing an application software package, which of the following presents the GREATEST risk?

Answer 55

Incorrectly set parameters

Question 56

When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST?

Answer 56

The critical path for the project

Question 57

When preparing a business case to support the need of an electronic data warehouse solution, which of the following choices is the MOST important to assist management in the decision-making process?

Answer 57

Demonstrate feasibility.

Question 58

When reviewing an active project, an IS auditor observed that the business case was no longer valid because of a reduction in anticipated benefits and increased costs. The IS auditor should recommend that the:

Answer 58

business case be updated and possible corrective actions be identified.

Question 59

When reviewing a project where quality is a major concern, an IS auditor should use the project management triangle to explain that:

Answer 59

increases in quality can be achieved, if resource allocation is decreased.

Question 60

Which of the following BEST helps an IS auditor evaluate the quality of programming activities related to future maintenance capabilities?

Answer 60

Program coding standards

Question 61

Which of the following BEST helps ensure that deviations from the project plan are identified?

Answer 61

Project performance criteria

Question 62

Which of the following BEST helps to prioritize project activities and determine the time line for a project?

Answer 62

Program evaluation review technique

Question 63

Which of the following considerations is the MOST important while evaluating a business case for the acquisition of a new accounting application?

Answer 63

Return on investment to the company

Question 64

Which of the following controls helps prevent duplication of vouchers during data entry?

Answer 64

A sequence check

Question 65

Which of the following data validation edits is effective in detecting transposition and transcription errors?

Answer 65

Check digit

Question 66

Which of the following is a characteristic of timebox management?

Answer 66

Prevents cost overruns and delivery delays

Question 67

Which of the following is an advantage of prototyping?

Answer 67

Prototype systems can provide significant time and cost savings.

Question 68

Which of the following is MOST relevant to an IS auditor evaluating how the project manager has monitored the progress of the project?

Answer 68

Gantt charts

Question 69

Which of the following is the BEST method of controlling scope creep in a system development project?

Answer 69

Establishing a software baseline

Question 70

Which of the following is the GREATEST risk to the effectiveness of application system controls?

Answer 70

Collusion between employees

Question 71

Which of the following is the most important element in the design of a data warehouse?

Answer 71

Quality of the metadata

Question 72

Which of the following is the MOST likely benefit of implementing a standardized infrastructure?

Answer 72

Improved cost- effectiveness of IT service delivery and operational support

Question 73

Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects?

Answer 73

Project portfolio database

Question 74

Which of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion?

Answer 74

Earned value analysis

Question 75

Which of the following should be an IS auditor’s PRIMARY concern after discovering that the scope of an IS project has changed, and an impact study has not been performed?

Answer 75

The time and cost implications caused by the change

Question 76

Which of the following should be developed during the requirements definition phase of a software development project to address aspects of software testing?

Answer 76

User acceptance test specifications

Question 77

Which of the following should be included in a feasibility study for a project to implement an electronic data interchange process?

Answer 77

The necessary communication protocols

Question 78

Which of the following techniques would BEST help an IS auditor gain reasonable assurance that a project can meet its target date?

Answer 78

Extrapolation of the overall end date based on completed work packages and current resources

Question 79

Which of the following types of risk could result from inadequate software baselining?

Answer 79

Scope creep

Question 80

Which of the following types of risk is MOST likely encountered in a software as a service environment?

Answer 80

Performance issues due to Internet delivery method

Question 81

Which of the following will BEST ensure the successful offshore development of business applications?

Answer 81

Detailed and correctly applied specifications

Question 82

Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?

Answer 82

Implement formal software inspections.

Question 83

While evaluating the “out of scope” section specified in a project plan, an IS auditor should ascertain whether the section:

Answer 83

effectively describes project boundaries.

Question 84

While reviewing an ongoing project, the IS auditor notes that the development team has spent eight hours of activity on the first day against a budget of 24 hours (over three days). The projected time to complete the remainder of the activity is 20 hours. The IS auditor should report that the project:

Answer 84

is behind schedule.

Question 85

Who should review and approve system deliverables as they are defined and accomplished to ensure the successful completion and implementation of a new business system application?

Answer 85

User Management