.When should application controls be considered within the system-development process?
Correct Answer: D
Application controls should be considered as early as possible in the system-development process, even in the development of the project's functional specifications.
Question 907
Which of the following is an example of a preventative control in an accounts payable system?
Correct Answer: A
The system only allows payments to vendors who are included in the system's master vendor list is an example of a preventative control in an accounts payable system. A preventative control is a control that aims to prevent errors or irregularities from occurring in the first place. By restricting payments to vendors who are authorized and verified in the master vendor list, the system prevents unauthorized or fraudulent payments from being made. The other options are examples of other types of controls, such as backup (recovery), reconciliation (detective), and communication (directive) controls. References: CISA Review Manual, 27th Edition, page 223
Question 908
The PRIMARY reason for using digital signatures is to ensure data:
Correct Answer: B
Digital signatures provide integrity because the digital signature of a signed message (file, mail, document, etc.) changes every time a single bit of the document changes; thus, a signed document cannot be altered. Depending on the mechanism chosen to implement a digital signature, the mechanism might be able to ensure data confidentiality or even timeliness, but this is not assured. Availability is not related to digital signatures.
Question 909
When an organization outsources a payroll system to a cloud service provider, the IS auditor's PRIMARY concern should be the:
Correct Answer: B
Question 910
Which of the following testing procedure is used by the auditor during accounting audit to check errors in balance sheet and other financial documentation?
Correct Answer: D
Section: The process of Auditing Information System Explanation/Reference: A procedure used during accounting audits to check for errors in balance sheets and other financial documentation. A substantive test might involve checking a random sample of transactions for errors, comparing account balances to find discrepancies, or analysis and review of procedures used to execute and record transactions. Substantive testing is the stage of an audit when the auditor gathers evidence as to the extent of misstatements in client's accounting records or other information. This evidence is referred to as substantive evidence and is an important factor in determining the auditor's opinion on the financial statements as a whole. The audit procedures used to gather this evidence are referred to as substantive procedures, or substantive tests. Substantive procedures (or substantive tests) are those activities performed by the auditor during the substantive testing stage of the audit that gather evidence as to the completeness, validity and/or accuracy of account balances and underlying classes of transactions. Account balances and underlying classes of transaction must not contain any material misstatements. They must be materially complete, valid and accurate. Auditors gather evidence about these assertions by undertaking substantive procedures, which may include: Physically examining inventory on balance date as evidence that inventory shown in the accounting records actually exists (validity assertion); Arranging for suppliers to confirm in writing the details of the amount owing at balance date as evidence that accounts payable is complete (completeness assertion); and Making inquiries of management about the collectability of customers' accounts as evidence that trade debtors is accurate as to its valuation. Evidence that an account balance or class of transaction is not complete, valid or accurate is evidence of a substantive misstatement. The following answers are incorrect: Compliance Testing - Compliance testing is basically an audit of a system carried out against a known criterion. Sanity testing - Testing to determine if a new software version is performing well enough to accept it for a major testing effort. If application is crashing for initial use, then system is not stable enough for further testing and build or application is assigned to fix. Recovery testing - Testing how well a system recovers from crashes, hardware failures, or other catastrophic problems. The following reference(s) were/was used to create this question: CISA review manual 2014 page number 52 and 53 http://www.businessdictionary.com/definition/compliance-test.html
