Information System Implementation Card 2 Flashcards
WHAT should an IS auditor expect to find while reviewing a project that is using an agile software development approach?
Post iteration reviews that identify lessons learned for future use in the project
WHAT would be considered the MOST significant risk after a payroll system conversion to a Enterprise Resource Planning (ERP) system?
The loss of data integrity and not being able to pay employees in a timely and accurate manner
WHAT is an advantage of white box testing?
IT helps determines procedural accuracy or conditions of a program’s specific logic paths
WHY? - Because it helps assess the effectiveness of software program logic
WHAT is the “best” approach when implementing a large and complex IT infrastructure?
A deployment plan based on sequenced phases
i.e. A good practice is to use a phased approach to fit the entire system together
WHAT activity should be performed during a post-implementation review?
Return on investment analysis
i.e. This helps to verify that the original business case benefits are delivered
During which phase (of software application testing) should an organization perform the testing of architectural design?
Integration testing
WHY? - Because this evaluates the connection of two or more components that pass information from one area to another
WHAT system and data conversion strategy provides the largest amount of redundancies?
“Parallel Run”
i.e. This is considered one of the the safest—and most expensive—approaches because both the old and new systems are run
WHAT should an IS auditor be able to verify by comparing the application development projects against the capability maturity model (CMM)?
THAT predictable software processes are followed
i.e. This helps the IS auditor determine whether a stable, predictable software development process is followed
WHAT is a major concern of an IS auditor when reviewing the migrating from a legacy system to an enterprise resource planning system?
The correlation of semantic characteristics of the data migrated between the two systems
i.e. whether the data (structure) is the same in the new as it was in the old system
WHAT is the primary reason that Regression testing is executed?
To ensure that applied changes have not introduced new errors
WHAT test techniques would an IS auditor use to identify specific program logic that has not been tested?
Mapping
i.e. This technique helps identify specific program logic that has not been tested and analyzes programs during execution to indicate whether program statements have been executed
WHAT is a key indicator that a newly developed system will be used after it is in production?
User acceptance testing
i.e. This provides confidence that a system or system component operates as intended, to provide a basis for evaluating the implementation of the requirements
WHAT approach would be most appropriate to ensure that sufficient test coverage will be achieved for a project with a strict end date?
Requirements should be tested in terms of importance and frequency of use
i.e. This helps maximize the usefulness of testing by concentrating on the most important aspects of the system and on the areas where defects represent the greatest risk to user acceptance
WHAT type of control can be implemented to reduce risk of internal fraud if application programmers are allowed to move programs into the production environment?
Registration and review of changes
i.e. An independent review of the changes to the program in production could identify potential unauthorized changes
WHAT is the main purpose of a post-implementation review?
To determine whether project objectives have been met
Note: An IS auditor should FIRST review access control configuration during this post-implementation review of an Enterprise Resource Management system
