CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 220
1. A manager of a project was not able to implement all audit recommendations by the target date. The IS auditor should:
A) recommend that the project be halted until the issues are resolved.
B) recommend that compensating controls be implemented.
C) evaluate risks associated with the unresolved issues.
D) recommend that the project manager reallocate test resources to resolve the issues.
2. Which of the following techniques would BEST help an IS auditor gain reasonable assurance that a project can meet its target date?
A) Estimation of the actual end date based on the completion percentages and estimated time to complete, taken from status reports
B) Confirmation of the target date based on interviews with experienced managers and staff involved in the completion of the project deliverables.
C) Extrapolation of the overall end date based on completed work packages and current resources
D) Calculation of the expected end date based on current resources and remaining available project budget
3. Which of the following situations would increase the likelihood of fraud?
A) Application programmers are implementing changes to production programs.
B) Application programmers are implementing changes to test programs.
C) Operations support staff are implementing changes to batch schedules.
D) Database administrators are implementing changes to data structures.
4. The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure:
A) integrity.
B) authenticity.
C) authorization.
D) nonrepudiation.
5. Before implementing controls, management should FIRST ensure that the controls:
A) satisfy a requirement in addressing a risk issue.
B) do not reduce productivity.
C) are based on a cost-benefit analysis.
D) are detective or corrective.
A) recommend that the project be halted until the issues are resolved.
B) recommend that compensating controls be implemented.
C) evaluate risks associated with the unresolved issues.
D) recommend that the project manager reallocate test resources to resolve the issues.
2. Which of the following techniques would BEST help an IS auditor gain reasonable assurance that a project can meet its target date?
A) Estimation of the actual end date based on the completion percentages and estimated time to complete, taken from status reports
B) Confirmation of the target date based on interviews with experienced managers and staff involved in the completion of the project deliverables.
C) Extrapolation of the overall end date based on completed work packages and current resources
D) Calculation of the expected end date based on current resources and remaining available project budget
3. Which of the following situations would increase the likelihood of fraud?
A) Application programmers are implementing changes to production programs.
B) Application programmers are implementing changes to test programs.
C) Operations support staff are implementing changes to batch schedules.
D) Database administrators are implementing changes to data structures.
4. The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure:
A) integrity.
B) authenticity.
C) authorization.
D) nonrepudiation.
5. Before implementing controls, management should FIRST ensure that the controls:
A) satisfy a requirement in addressing a risk issue.
B) do not reduce productivity.
C) are based on a cost-benefit analysis.
D) are detective or corrective.
1. Right Answer: C
Explanation: It is important to evaluate what the exposure would be when audit recommendations have not been completed by the target date. Based on the evaluation, management can accordingly consider compensating controls, risk acceptance, etc. All other choices might be appropriate only after the risks have been assessed.
2. Right Answer: C
Explanation: Direct observation of results is better than estimations and qualitative information gained from interviews or status reports. Project managers and involved staff tend to underestimate the time needed for completion and the necessary time buffers for dependencies between tasks, while overestimating the completion percentage for tasks underway (80:20 rule). The calculation based on remaining budget does not take into account the speed at which the project has been progressing.
3. Right Answer: A
Explanation: Production programs are used for processing an enterprise's data. It is imperative that controls on changes to production programs are stringent. Lack of control in this area could result in application programs being modified to manipulate the data. Application programmers are required to implement changes to test programs. These are used only in development and do not directly impact the live processing of data. The implementation of changes to batch schedules by operations support staff will affect the scheduling of the batches only; it does not impact the live data. Database administrators are required to implement changes to data structures. This is required for reorganization of the database to allow for additions, modifications or deletions of fields or tables in the database.
4. Right Answer: A
Explanation: A checksum calculated on an amount field and included in the EDI communication can be used to identify unauthorized modifications. Authenticity and authorization cannot be established by a checksum alone and need other controls. Nonrepudiation can be ensured by using digital signatures.
5. Right Answer: A
Explanation: When designing controls, it is necessary to consider all the above aspects. In an ideal situation, controls that address all these aspects would be the best controls.Realistically, it may not be possible to design them all and cost may be prohibitive; therefore, it is necessary to first consider the preventive controls that attack the cause of a threat.
Explanation: It is important to evaluate what the exposure would be when audit recommendations have not been completed by the target date. Based on the evaluation, management can accordingly consider compensating controls, risk acceptance, etc. All other choices might be appropriate only after the risks have been assessed.
2. Right Answer: C
Explanation: Direct observation of results is better than estimations and qualitative information gained from interviews or status reports. Project managers and involved staff tend to underestimate the time needed for completion and the necessary time buffers for dependencies between tasks, while overestimating the completion percentage for tasks underway (80:20 rule). The calculation based on remaining budget does not take into account the speed at which the project has been progressing.
3. Right Answer: A
Explanation: Production programs are used for processing an enterprise's data. It is imperative that controls on changes to production programs are stringent. Lack of control in this area could result in application programs being modified to manipulate the data. Application programmers are required to implement changes to test programs. These are used only in development and do not directly impact the live processing of data. The implementation of changes to batch schedules by operations support staff will affect the scheduling of the batches only; it does not impact the live data. Database administrators are required to implement changes to data structures. This is required for reorganization of the database to allow for additions, modifications or deletions of fields or tables in the database.
4. Right Answer: A
Explanation: A checksum calculated on an amount field and included in the EDI communication can be used to identify unauthorized modifications. Authenticity and authorization cannot be established by a checksum alone and need other controls. Nonrepudiation can be ensured by using digital signatures.
5. Right Answer: A
Explanation: When designing controls, it is necessary to consider all the above aspects. In an ideal situation, controls that address all these aspects would be the best controls.Realistically, it may not be possible to design them all and cost may be prohibitive; therefore, it is necessary to first consider the preventive controls that attack the cause of a threat.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment