A vendor service level agreement (SLA) requires backup to be physically secured. An IS audit of the backup system revealed a number of the backup media were missing. Which of the following should be the auditor's NEXT step?

• A.Recommend identification of the data stored on the missing media
• B.Include the missing backup media finding in the audit report
• C.Notify executive management
• D.Recommend a review of the vendor's contract

Comment: *

Name: *

Email: *

Verification: *

An auditor notes the administrator user ID is shared among three financial managers to perform month-end updates. Which of the following is the BEST recommendation to ensure the administrator ID in the financial system is controlled effectively?

• A.Implement use of individual software tokens
• B.Conduct employee awareness training
• C.Institute user ID logging and monitoring
• D.Ensure data in the financial systems has been classified

Comment: *

Name: *

Email: *

Verification: *

Due to advancements in technology and electronic records, an IS auditor has completed an engagement by email only. Which of the following did the IS auditor potentially compromise?

• A.Proficiency
• B.Due professional care
• C.Sufficient evidence
• D.Reporting

Comment: *

Name: *

Email: *

Verification: *

The MOST important reason why an IT risk assessment should be updated on a regular basis is to:

• A.utilize IT resources in a cost-effective manner.
• B.react to changes in the IT environment.
• C.comply with risk management policies
• D.comply with data classification changes.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be of GREATEST concern for an IS auditor reviewing an organization's bring your own device (BYOD) policy?

• A.The policy is not updated annually.
• B.A mobile device management (MDM) solution is not implemented.
• C.Not all devices are approved for BYOD.
• D.The policy does not include the right to audit BYOD devices.

Comment: *

Name: *

Email: *

Verification: *