Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should:

• A.include the statement of management in the audit report.
• B.identify whether such software is, indeed, being used by the organization.
• C.reconfirm with management the usage of the software.
• D.discuss the issue with senior management since reporting this could have a negative impact on the organization.

Comment: *

Name: *

Email: *

Verification: *

.Who is accountable for maintaining appropriate security measures over information assets?

• A.Data and systems owners
• B.Data and systems users
• C.Data and systems custodians
• D.Data and systems auditors

Comment: *

Name: *

Email: *

Verification: *

Which of the following must be in place before an IS auditor initiates audi Mow-up activities?

• A.date A heal map within the gaps and recommendations displayed In terms of risk
• B.A management response in the final report with a committed implementation date
• C.Available resources for the activities Included in the action plan
• D.Supporting evidence for the flaps and recommendations mentioned in the audit report

Comment: *

Name: *

Email: *

Verification: *

After the merger of two organizations, multiple self-developed legacy applications from both companies are to be replaced by a new common platform. Which of the following would be the GREATEST risk?

• A.Project management and progress reporting is combined in a project management office which is driven by external consultants.
• B.The replacement effort consists of several independent projects without integrating the resource allocation in a portfolio management approach.
• C.The resources of each of the organizations are inefficiently allocated while they are being familiarized with the other company's legacy systems.
• D.The new platform will force the business areas of both organizations to change their work processes, which will result in extensive training needs.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is reviewing the performance outcomes of controls in an agile development project. Which of
the following would provide the MOST relevant evidence for the auditor to consider?

• A.Progress report of outstanding work
• B.Product backlog
• C.Number of failed builds
• D.Composition of the scrum team

Comment: *

Name: *

Email: *

Verification: *