Information Systems Acquisition, Development and Implementation Flashcards
What should be revalidated first when planning to add personnel to tasks imposing time constraints?
The critical path for the project
WHY? - Because adding resources may change the route of the critical path
What should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns?
Earned value analysis
Why? - Because it compares the planned amount of work with what has actually been completed to determine if the cost, schedule and work accomplished are progressing in accordance with the plan.
Note: EVA works most effectively if a well-formed work breakdown structure exists.
What is the reason for establishing a stop or freezing point on the design of a new system?
To require that changes after that point be evaluated for cost-effectiveness
What activities should be selected when identifying an early project completion time?
Those that have a zero slack time
WHY? - Because activities on the critical path have zero slack time and conversely, activities with zero slack time are on a critical path.
What will likely increase if the IS auditor realizes that coding standards are not enforced, and code reviews are rarely carried out?
Buffer overflow
Why? - Because poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques
What type of environment would the waterfall life cycle model be used under for software development?
Requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate
How long should documentation of a business case used in an IT development be retained?
Until the end of the system’s life cycle
i.e. A business case can and should be used throughout the life cycle of the product
HOW should an IS auditor use the project management triangle when reviewing a project where quality is a major concern?
To explain that an increase in quality can be achieved, if resource allocation is decreased
Note: The area of the triangle always remains constant.
What is the most common reason for the failure of information systems to meet the needs of users?
User participation in defining the system’s requirements was inadequate
When should phases and deliverables of a system development life cycle project be determined?
During the initial planning stages of the project
This enables project tracking and resource management.
What is a benefit of using object-oriented design and development techniques?
They facilitate the ability to reuse modules
What is the IS auditor’s main focus, once an organization has finished the business process reengineering (BPR) of all its critical operations?
Post-BPR process flowcharts
WHY? - Because this helps the IS auditor identify and ensure that key controls have been incorporated into the reengineered process
WHAT technique provides the best assistance in developing an estimate of project duration?
A Program evaluation review technique chart
WHY? - Because this will help determine project duration once all the activities and the work involved with those activities are known.
What method would ensure that orders made in an enterprise resource planning (ERP) system are processed accurately, and the corresponding products are produced?
Verifying production of customer orders
Why? - Because this will ensure that the produced products match the orders in the order system.
What form of reported information would be best for detecting unauthorized input from a user workstations?
A transaction journal
WHY? - Because the transaction journal records all transaction activity, which then can be compared to the authorized source documents to identify any unauthorized input
