CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 237
1. Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:
A) pre-BPR process flowcharts.
B) post-BPR process flowcharts.
C) BPR project plans.
D) continuous improvement and monitoring plans.
2. A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:
A) payroll reports should be compared to input forms.
B) gross payroll should be recalculated manually.
C) checks (cheques) should be compared to input forms.
D) checks (cheques) should be reconciled with output reports.
3. Which of the following represents the GREATEST potential risk in an EDI environment?
A) Transaction authorization
B) Loss or duplication of EDI transmissions
C) Transmission delay
D) Deletion or manipulation of transactions prior to or after establishment of application controls
4. Which of the following is the MOST critical and contributes the greatest to the quality of data in a data warehouse?
A) Accuracy of the source data
B) Credibility of the data source
C) Accuracy of the extraction process
D) Accuracy of the data transformation
5. When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated?
A) Use of a cryptographic hashing algorithm
B) Enciphering the message digest
C) Deciphering the message digest
D) A sequence number and time stamp
A) pre-BPR process flowcharts.
B) post-BPR process flowcharts.
C) BPR project plans.
D) continuous improvement and monitoring plans.
2. A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:
A) payroll reports should be compared to input forms.
B) gross payroll should be recalculated manually.
C) checks (cheques) should be compared to input forms.
D) checks (cheques) should be reconciled with output reports.
3. Which of the following represents the GREATEST potential risk in an EDI environment?
A) Transaction authorization
B) Loss or duplication of EDI transmissions
C) Transmission delay
D) Deletion or manipulation of transactions prior to or after establishment of application controls
4. Which of the following is the MOST critical and contributes the greatest to the quality of data in a data warehouse?
A) Accuracy of the source data
B) Credibility of the data source
C) Accuracy of the extraction process
D) Accuracy of the data transformation
5. When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated?
A) Use of a cryptographic hashing algorithm
B) Enciphering the message digest
C) Deciphering the message digest
D) A sequence number and time stamp
1. Right Answer: B
Explanation: An IS auditor's task is to identify and ensure that key controls have been incorporated into the reengineered process. Choice A is incorrect because an IS auditor must review the process as it is today, not as it was in the past. Choices C and D are incorrect because they are steps within a BPR project.
2. Right Answer: A
Explanation: The best way to confirm data accuracy, when input is provided by the company and output is generated by the bank, is to verify the data input (input forms) with the results of the payroll reports. Hence, comparing payroll reports with input forms is the best mechanism of verifying data accuracy. Recalculating gross payroll manually would only verify whether the processing is correct and not the data accuracy of inputs. Comparing checks (cheques) to input forms is not feasible as checks (cheques)have the processed information and input forms have the input data. Reconciling checks (cheques) with output reports only confirms that checks(cheques) have been issued as per output reports.
3. Right Answer: A
Explanation: Since the interaction between parties is electronic, there is no inherent authentication occurring; therefore, transaction authorization is the greatest risk. Choices B and D are examples of risks, but the impact is not as great as that of unauthorized transactions. Transmission delays may terminate the process or hold the line until the normal time for processing has elapsed; however, there will be no loss of data.
4. Right Answer: A
Explanation: Accuracy of source data is a prerequisite for the quality of the data in a data warehouse. Credibility of the data source, accurate extraction processes and accurate transformation routines are all important, but would not change inaccurate data into quality (accurate) data.
5. Right Answer: D
Explanation: When transmitting data, a sequence number and/or time stamp built into the message to make it unique can be checked by the recipient to ensure that the message was not intercepted and replayed. This is known as replay protection, and could be used to verify that a payment instruction was not duplicated. Use of a cryptographic hashing algorithm against the entire message helps achieve data integrity. Enciphering the message digest using the sender's private key, which signs the sender's digital signature to the document, helps in authenticating the transaction. When the message is deciphered by the receiver using the sender's public key, it ensures that the message could only have come from the sender. This process of sender authentication achieves nonrepudiation.
Explanation: An IS auditor's task is to identify and ensure that key controls have been incorporated into the reengineered process. Choice A is incorrect because an IS auditor must review the process as it is today, not as it was in the past. Choices C and D are incorrect because they are steps within a BPR project.
2. Right Answer: A
Explanation: The best way to confirm data accuracy, when input is provided by the company and output is generated by the bank, is to verify the data input (input forms) with the results of the payroll reports. Hence, comparing payroll reports with input forms is the best mechanism of verifying data accuracy. Recalculating gross payroll manually would only verify whether the processing is correct and not the data accuracy of inputs. Comparing checks (cheques) to input forms is not feasible as checks (cheques)have the processed information and input forms have the input data. Reconciling checks (cheques) with output reports only confirms that checks(cheques) have been issued as per output reports.
3. Right Answer: A
Explanation: Since the interaction between parties is electronic, there is no inherent authentication occurring; therefore, transaction authorization is the greatest risk. Choices B and D are examples of risks, but the impact is not as great as that of unauthorized transactions. Transmission delays may terminate the process or hold the line until the normal time for processing has elapsed; however, there will be no loss of data.
4. Right Answer: A
Explanation: Accuracy of source data is a prerequisite for the quality of the data in a data warehouse. Credibility of the data source, accurate extraction processes and accurate transformation routines are all important, but would not change inaccurate data into quality (accurate) data.
5. Right Answer: D
Explanation: When transmitting data, a sequence number and/or time stamp built into the message to make it unique can be checked by the recipient to ensure that the message was not intercepted and replayed. This is known as replay protection, and could be used to verify that a payment instruction was not duplicated. Use of a cryptographic hashing algorithm against the entire message helps achieve data integrity. Enciphering the message digest using the sender's private key, which signs the sender's digital signature to the document, helps in authenticating the transaction. When the message is deciphered by the receiver using the sender's public key, it ensures that the message could only have come from the sender. This process of sender authentication achieves nonrepudiation.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment