# Quiz

## Question 1

To understand whether an information system control, such as the ability to assign different level of system access to different users of the financial trading system is designed efficiently , which document from the System Development Life Cycle (SDLC) should the IS auditor review to obtain the best relevant understanding?

<details>

<summary>Solution</summary>

Technical design document of the system

</details>

## Question 2

Some companies prefer to outsource system development work to third-party development vendors. Which of the following is the best for the company to ensure the system development work will be done successfully by the third-party development vendor?

<details>

<summary>Solution</summary>

Provide detail requirements / specifications to the vendor and assign experience users to work with the development vendor on regular basis

</details>

## Question 3

Which of the following is the most important phase of the System Development Life Cycle (SDLC) in the perspective of having the system to support the business operations effectively?

<details>

<summary>Solution</summary>

Requirement Phase

</details>

## Question 4

When an IS Auditor audits the SDLC of a decision support system, of which the development work is outsourced to the third-party, which of the following activity in relation to the system would most concern the IS Auditor?

<details>

<summary>Solution</summary>

The on-going maintenance support of the system

</details>

## Question 5

Which of the following control activity is required before a newly built system can be launched to support business operations?

<details>

<summary>Solution</summary>

Signing-off the final acceptance test which is done by user

</details>

## Question 6

An airline company would like to configure the membership system, such that members who spent $10000-20000 in the past year can enjoy a free one-time upgrade to the Premium Economy class in their next flight, while members who spend more than $20000 can enjoy a one-time free upgrade to the Business Class. Which control is the most appropriate to implement in the membership system?

<details>

<summary>Solution</summary>

Audit procedure to collect evidence and evaluate the integrity of detail data, programming code and/or change requests

</details>

## Question 7

There are various types of system changeover approach. Which of the following is the major advantage for performing Parallel Changeover approach?

<details>

<summary>Solution</summary>

To minimize the impact to the business due to risk of system change over failure

</details>

## Question 8

Why do IS auditors perform the “Post-implementation Review” of an information system 3-6 months after its implementation, but not right after the system launches?

<details>

<summary>Solution</summary>

To allow system bugs are fixed and sufficient business transactions are being performed in the system to support the review

</details>

## Question 9

Which of the following can be considered as risk in relation to system development?

1. The misunderstanding of user requirements
2. The change of relevant regulatory requirements
3. The change of its project scope after requirement is signed-off
4. The market competition among the outsource system development vendors

<details>

<summary>Solution</summary>

1, 2 e 3

</details>

## Question 10

What is the **primary** advantage for a company to engage an independent IS auditor to review their in-house system development?

<details>

<summary>Solution</summary>

IS auditors are independent from the system development, senior management can obtain true and fair review result from them

</details>

## Question 11

Which of the following check(s) is/are a type of data validation?

1. Range check
2. Sense check
3. Sequence check
4. Limit check

<details>

<summary>Solution</summary>

1, 3 e 4

</details>

## Question 12

Your client is a stock trading company. The company is planning to launch a new stock trading system to replace the one that have been used for 20 years. The Management emphasized that they cannot bear any risk of having system failure as stock trading is the major business. As an IS auditor, which of the following system changeover would you recommend?

<details>

<summary>Solution</summary>

Parallel changeover

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://davidjosearaujo.gitbook.io/online-courses/is-auditing-controls-and-assurance/business-application-development-and-the-roles-of-is-auditors/quiz.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.