Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organizations information security policy?

• A.Business objectives
• B.IT steering committee minutes
• C.Alignment with the IT tactical plan
• D.Compliance with industry best practice

Comment: *

Name: *

Email: *

Verification: *

An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:

• A.refuse the assignment to avoid conflict of interest.
• B.modify the scope of the audit.
• C.use the knowledge of the application to carry out the audit.
• D.inform audit management of the earlier involvement.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?

• A.Judgmental sampling
• B.Discovery sampling
• C.Stratified sampling
• D.Variable sampling

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST risk associated with storing customer data on a web server?

• A.Data integrity
• B.Data confidentiality
• C.Data redundancy
• D.Data availability

Comment: *

Name: *

Email: *

Verification: *

During the discussion of a draft audit report IT management provided suitable evidence that a process has been implemented for a control that had been concluded by the IS auditor as ineffective Which of the following is the auditor's BEST action?

• A.Re-perform the audit before changing the conclusion
• B.Change the conclusion based on evidence provided by IT management
• C.Add comments about the action taken by IT management in the report
• D.Explain to IT management that the new control will be evaluated during follow-up

Comment: *

Name: *

Email: *

Verification: *