Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?

• A.Review software migration records and verify approvals.
• B.identify changes that have occurred and verify approvals.
• C.Review change control documentation and verify approvals.
• D.Ensure that only appropriate staff can migrate changes into production.

Comment: *

Name: *

Email: *

Verification: *

A financial services organization is developing and documenting business continuity measures. In which of
the following cases would an IS auditor MOST likely raise an issue?

• A.The organization uses good practice guidelines instead of industry standards and relies on external
  advisors to ensure the adequacy of the methodology.
• B.The business continuity capabilities are planned around a carefully selected set of scenarios which
  describe events that might happen with a reasonable probability.
• C.The recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as
  personnel or system dependencies during the recovery phase.
• D.The organization plans to rent a shared alternate site with emergency workplaces which has only
  enough room for half of the normal staff.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an IS auditor's BEST course of action upon learning that preventive controls have been replaced with detective and corrective controls?

• A.Report the issue to management as the risk level has increased.
• B.Recommend the implementation of preventive controls in addition to the other controls.
• C.Verify the revised controls enhance the efficiency of related business processes.
• D.Evaluate whether new controls manage the risk at an acceptable level.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST helpful when assessing how applications exchange data with other applications?

• A.List of servers and their applications
• B.Entity relationship diagram
• C.Results of a risk assessment on the applications
• D.Configuration management database

Comment: *

Name: *

Email: *

Verification: *

The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:

• A.comply with regulatory requirements.
• B.provide a basis for drawing reasonable conclusions.
• C.ensure complete audit coverage.
• D.perform the audit according to the defined scope.

Comment: *

Name: *

Email: *

Verification: *