Information Systems Implementation 3 Flashcards
What should an IS auditor recommend as a control to remediate post-implementation system errors (i.e. errors in output) cause by system inputs?
Limit checks
Why? - Because Limit checks are an input validation check that provides a preventive control which ensures that invalid data cannot be entered because values must fall within a predetermined limit.
What testing method would an IS auditor recommend if the auditee project sponsor requests the linking of different modules in a proposed ERP system?
Integration testing
Why? - because this testing method evaluates the connection of two or more components that pass information from one area to another
What should the IS auditor recommend for a future project after discovering significant over-budget expenses and scope creep during the current project implementation?
A software baseline
WHY? - Because this provides a cutoff point for the design of the system and allows the project to proceed as scheduled without being delayed by scope creep
What would be an affective approach to ensure that sufficient test coverage will be achieved for a project with a strict end date and a fixed time to perform testing?
That requirements should be tested in terms of importance and frequency of use.
What would best help an IS auditor evaluate the quality of new software that is developed and implemented?
The first report of the mean time between failures
i.e. The mean time between failures that are first reported represents flaws in the software that are reported by users in the production environment.
What should be an IS auditor’s recommendation if an audit tool kit is not permitted to go live due to performance issues?
Review the results of stress tests during user acceptance testing
i.e. The MOST appropriate approach is to review the results of stress tests during user acceptance testing that demonstrated the performance issues
WHAT software testing method provides the best feedback of how software will perform in a live environment?
Beta Testing
i.e. this method involves real-world exposure with external user involvement
Note: Beta testing is the last stage of testing and involves sending the beta version of the product to independent beta test sites
What is the “Best” way to ensure that tested code is moved into production without any manual intervention?
Release management software
i.e. Automated release management software can prevent unauthorized changes by moving code into production without any manual intervention
What technique could an IS auditor use to estimate the size of the development effort (for a system that handles millions of transactions per year)?
Function point analysis
i.e. This is a technique used to determine the size of a development task based on the number of function points. Function points are factors such as inputs, outputs, inquiries and logical internal sites.
What testing method could Best discover an identified weakness of an application (unable to login all system users into the application concurrently)?
Load testing
i.e. Because this application is not supporting normal numbers of concurrent users, the load testing must not have been adequate.
Note: If the number of users were “abnormal” or for “simultaneous operations” the best testing method would be Stress Testing