During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:
Correct Answer: D
Question 232
Which of the following testing procedure is used by the auditor during accounting audit to check errors in balance sheet and other financial documentation?
Correct Answer: D
Section: The process of Auditing Information System Explanation: A procedure used during accounting audits to check for errors in balance sheets and other financial documentation. A substantive test might involve checking a random sample of transactions for errors, comparing account balances to find discrepancies, or analysis and review of procedures used to execute and record transactions. Substantive testing is the stage of an audit when the auditor gathers evidence as to the extent of misstatements in client's accounting records or other information. This evidence is referred to as substantive evidence and is an important factor in determining the auditor's opinion on the financial statements as a whole. The audit procedures used to gather this evidence are referred to as substantive procedures, or substantive tests. Substantive procedures (or substantive tests) are those activities performed by the auditor during the substantive testing stage of the audit that gather evidence as to the completeness, validity and/or accuracy of account balances and underlying classes of transactions. Account balances and underlying classes of transaction must not contain any material misstatements. They must be materially complete, valid and accurate. Auditors gather evidence about these assertions by undertaking substantive procedures, which may include: Physically examining inventory on balance date as evidence that inventory shown in the accounting records actually exists (validity assertion); Arranging for suppliers to confirm in writing the details of the amount owing at balance date as evidence that accounts payable is complete (completeness assertion); and Making inquiries of management about the collectability of customers' accounts as evidence that trade debtors is accurate as to its valuation. Evidence that an account balance or class of transaction is not complete, valid or accurate is evidence of a substantive misstatement. The following answers are incorrect: Compliance Testing - Compliance testing is basically an audit of a system carried out against a known criterion. Sanity testing - Testing to determine if a new software version is performing well enough to accept it for a major testing effort. If application is crashing for initial use, then system is not stable enough for further testing and build or application is assigned to fix. Recovery testing - Testing how well a system recovers from crashes, hardware failures, or other catastrophic problems. Reference: CISA review manual 2014 page number 52 and 53 http://www.businessdictionary.com/definition/compliance-test.html
Question 233
Which of the following potentially blocks hacking attempts?
Correct Answer: C
Explanation/Reference: Explanation: An intrusion prevention system (IPS) is deployed as an in-line device that can detect and block hacking attempts. An intrusion detection system (IDS) normally is deployed in sniffing mode and can detect intrusion attempts, but cannot effectively stop them. A honeypot solution traps the intruders to explore a simulated target. A network security scanner scans for the vulnerabilities, but it will not stop the intrusion.
Question 234
Which of the following Is the MOST effective way for an organization to ensure that Its use of software Is property licensed?
Correct Answer: B
Question 235
An IS auditor performing a review of the backup processing facilities should be MOST concerned that:
Correct Answer: C
Explanation/Reference: Explanation: Adequate fire insurance and fully tested backup processing facilities are important elements for recovery, but without the offsite storage of transaction and master files, it is generally impossible to recover. Regular hardware maintenance does not relate to recovery.
