Which of the following projects would be MOST important to review in an audit of an organizations financial statements?

• A.Resource optimization of the enterprise resource planning (ERP) system
• B.Automation of operational risk management processes
• C.Outsourcing of the payroll system to an external service provider
• D.Security enhancements to the customer relationship database

Comment: *

Name: *

Email: *

Verification: *

Following a discussion on the results of a recent audit engagement, the process owner of the audited area has provided an action plan addressing the gaps and recommendations. The auditor disagrees with some of the responses where the process owner is accepting a level of residual risk that is not within the organization's risk appetite. What is the auditor's BEST course of action?

• A.Include the issue in the next report to the audit committee.
• B.Escalate the situation to audit management.
• C.Accept the action plan proposed by the process owner.
• D.Inform executive management of the residual risk.

Comment: *

Name: *

Email: *

Verification: *

During a pre-implementation system review, an IS auditor notes that several identified defects will not be fixed prior to go-live. Which of the following is the auditor's BEST course of action?

• A.Recommend staff augmentation after implementation.
• B.Determine which developer's code is responsible for each defect
• C.Recommend the system does not go live.
• D.Evaluate the workarounds in place.

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the BEST evidence that a third-party service provider's information security controls are effective?

• A.A review of the service provider's policies and procedures
• B.Documentation of the service provider's security configuration controls
• C.An interview with the service provider's information security officer
• D.An audit report of the controls by the service provider's external auditor

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be of GREATEST concern to an IS auditor reviewing a network printer disposal process?

• A.Business units are allowed to dispose printers directly to authorized vendors.
• B.Inoperable printers are stored in an unsecured area.
• C.Evidence is not available to verify printer hard drives have been sanitized prior to disposal.
• D.Disposal policies and procedures are not consistently implemented.

Comment: *

Name: *

Email: *

Verification: *