IS Auditing, Controls and Assurance

Quiz

Question 1

To understand whether an information system control, such as the ability to assign different level of system access to different users of the financial trading system is designed efficiently , which document from the System Development Life Cycle (SDLC) should the IS auditor review to obtain the best relevant understanding?

Solution

Technical design document of the system

Question 2

Some companies prefer to outsource system development work to third-party development vendors. Which of the following is the best for the company to ensure the system development work will be done successfully by the third-party development vendor?

Solution

Provide detail requirements / specifications to the vendor and assign experience users to work with the development vendor on regular basis

Question 3

Which of the following is the most important phase of the System Development Life Cycle (SDLC) in the perspective of having the system to support the business operations effectively?

Solution

Requirement Phase

Question 4

When an IS Auditor audits the SDLC of a decision support system, of which the development work is outsourced to the third-party, which of the following activity in relation to the system would most concern the IS Auditor?

Solution

The on-going maintenance support of the system

Question 5

Which of the following control activity is required before a newly built system can be launched to support business operations?

Solution

Signing-off the final acceptance test which is done by user

Question 6

An airline company would like to configure the membership system, such that members who spent $10000-20000 in the past year can enjoy a free one-time upgrade to the Premium Economy class in their next flight, while members who spend more than $20000 can enjoy a one-time free upgrade to the Business Class. Which control is the most appropriate to implement in the membership system?

Solution

Audit procedure to collect evidence and evaluate the integrity of detail data, programming code and/or change requests

Question 7

There are various types of system changeover approach. Which of the following is the major advantage for performing Parallel Changeover approach?

Solution

To minimize the impact to the business due to risk of system change over failure

Question 8

Why do IS auditors perform the “Post-implementation Review” of an information system 3-6 months after its implementation, but not right after the system launches?

Solution

To allow system bugs are fixed and sufficient business transactions are being performed in the system to support the review

Question 9

Which of the following can be considered as risk in relation to system development?

  1. The misunderstanding of user requirements

  2. The change of relevant regulatory requirements

  3. The change of its project scope after requirement is signed-off

  4. The market competition among the outsource system development vendors

Solution

1, 2 e 3

Question 10

What is the primary advantage for a company to engage an independent IS auditor to review their in-house system development?

Solution

IS auditors are independent from the system development, senior management can obtain true and fair review result from them

Question 11

Which of the following check(s) is/are a type of data validation?

  1. Range check

  2. Sense check

  3. Sequence check

  4. Limit check

Solution

1, 3 e 4

Question 12

Your client is a stock trading company. The company is planning to launch a new stock trading system to replace the one that have been used for 20 years. The Management emphasized that they cannot bear any risk of having system failure as stock trading is the major business. As an IS auditor, which of the following system changeover would you recommend?

Solution

Parallel changeover

PreviousRole of IS Auditor in SDLCNextIS Maintenance Practices

Last updated