An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?

• A.Outdated system documentation
• B.Loss of application support
• C.Lack of system integrity
• D.Developer access to production

Comment: *

Name: *

Email: *

Verification: *

Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?

• A.Proper authentication
• B.Proper identification AND authentication
• C.Proper identification
• D.Proper identification, authentication, AND authorization

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to consider when scheduling follow-up audits?

• A.The efforts required for independent verification with new auditors
• B.The impact if corrective actions are not taken
• C.The amount of time the auditee has agreed to spend with auditors
• D.Controls and detection risks related to the observations

Comment: *

Name: *

Email: *

Verification: *

A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?

• A.Data migration is not part of the contracted activities.
• B.The replacement is occurring near year-end reporting
• C.The user department will manage access rights.
• D.Testing was performed by the third-party consultant

Comment: *

Name: *

Email: *

Verification: *

The purpose of a mainframe audit is to provide assurance that (choose all that apply):

• A.processes are being implemented as required
• B.the mainframe is operating as it should
• C.security is strong
• D.procedures in place are working
• E.procedures in place are updated as needed
• F.the OS applications are secured
• G.None of the choices.

Comment: *

Name: *

Email: *

Verification: *