During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

• A.include the noncompliance in the audit report.
• B.issue an audit memorandum identifying the noncompliance.
• C.note the noncompliance in the audit working papers.
• D.determine why the procedures were not followed.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor finds that while an organization's IT strategy is heavily focused on research and development, the majority of protects n the IT portfolio focus on operations and maintenance. Which of the Mowing is the BEST recommendation?

• A.Align the IT portfolio with the IT strategy.
• B.Align the IT strategy will business objectives
• C.Review priorities in the IT portfolio
• D.Change the IT strategy to focus on operational excellence.

Comment: *

Name: *

Email: *

Verification: *

Management has learned the implementation of a new IT system will not be completed on time and has requested an audit. Which of the following audit findings should be of GREATEST concern?

• A.Milestones have not been defined for all project products.
• B.The project manager lacks formal certification.
• C.The actual start times of some activities were later than originally scheduled.
• D.Tasks defined on the critical path do not have resources allocated.

Comment: *

Name: *

Email: *

Verification: *

In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire.' Which of the following recommendations would BEST address the risk with minimal disruption to the business?

• A.Introduce database access monitoring into the environment
• B.Schedule downtime to implement password changes
• C.Modify the access management policy to make allowances for application accounts
• D.Modify applications to no longer require direct access to the database.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is reviewing security controls related to collaboration tools for a business unit responsible for intellectual property and patents. Which of the following observations should be of MOST concern to the auditor?

• A.Logging and monitoring for content filtering is not enabled.
• B.Training was not provided to the department that handles intellectual property and patents
• C.Employees can share files with users outside the company through collaboration tools.
• D.The collaboration tool is hosted and can only be accessed via an Internet browser

Comment: *

Name: *

Email: *

Verification: *