Professional Documents
Culture Documents
2. In auditing outsourcing, which of the following is the IS auditor most likely to consider for
formulating scope and objectives
a. Benefit of Outsourcing
b. Technical skills of service providers
c. Service Level Agreements
d. Quality of services provided
The most appropriate answer is C Service Level Agreements as it the document which defines the scope of work
as well the intended quality and objectives of outsourcing.
The most appropriate answer is C Organization Structure as it defines the position of an individual in the
organization and duties should be assigned on the basis of authority given to him
4. Which of the following is most likely to be the result of inadequate IT policies and standards?
a. Absence of Guidelines and Benchmarks
b. Security and control may be compromised
c. Audit opinion on quality of control and security will be open to question.
d. Time required for audit will be higher.
5. Which of the following additional duties performed by the Information Security manager poses the
greatest risk to the organization
a. Maintaining Custody of documents
b. Operating computer hardware
c. Entering data for processing
d. Programming
The Most Appropriate answer is C Entering data for processing because if he enters the Data himself and he will
be the data custodian then management will not be able to determine the security level.
7. The most critical consideration for an IS auditor in reviewing access Authorization is to understand
the :
a. Security Policies
b. IT Resources
c. Functionalities
d. Organisation Structure
The Most Appropriate answer is “C” Establish responsibilities and the accountability of the employee’s function
The most appropriate answer is Lack of Benchmarks for evaluating the operations
10. In addition to defining the policy objective, which of the following is most critical to ensure
implementation of Policy?
a. Provide adequate allocation of resources
b. Establish clear cut responsibilities
c. Commitment from Senior Management
d. Monitors changes required on a regular basis
11. Which of the following is the most critical consideration in providing access to information in an
enterprise?
a. Job description,
b. Technical Skills
c. Work Experience
d. Security Policies
12. For IT Steering Committee to be effective, it’s member must necessarily include:
a. Users
b. IT Head
c. Director
d. Functional Head
The most appropriate answer is IT Head as in Steering committee only higher management is involved and
strategic issues are discussed.
14. Which of the following is the basis of providing authorization and access to the employee in an
enterprises :
a. Style of Management
b. Nature of Business Process
c. Type of technology
d. Organisation Structure
15. The Most critical consideration in IT strategy Planning from perspective of IT governance is
a. Senior Management should formulate and implement long and short range plans
b. IT issues as well as opportunities are adequately assessed and reflected
c. It is aligned with the mission and business strategies of the enterprises
d. Strategic plan must address and help determine priorities to meet business needs.
The Most appropriate answer is “C” It is aligned with the mission and business strategies of the enterprises
The most appropriate answer is C Refers to specific security rules for particulars systems
18. Which of the following is most critical for effective implementation of security?
a. Defining and communicating individual roles, responsibilities and authority
b. Having regular external audit of security implementation
c. User training covering all aspects of security
d. Senior management is well versed with the technical aspects of security
The most appropriate answer is “A” Defining and communicating individual roles, responsibilities and authority
The Most appropriate answer is “A” Refer to implementation aspects for various Information systems and related
activities
20. The most important resource for successful deployment of information technology in an enterprises is:
a. Effective Business processes
b. Trained human resources
c. Well defined organization structure
d. Implementing latest technology.
21. Which among of the following combination of roles results has maximum risks
a. Data entry and operations
b. Librarian and Help desk
c. System Analysis and Quality assurance
d. Data base administration and Data entry
The most appropriate answer is “D” Data base administration and Data entry
22. During the preliminary stage of review of an IT strategic Plan, the most critical audit procedure is to
verify the existence of:
a. Documented long range plan for facilities, hardware and system and application software
b. Short range plans, which has been prepared outlining specific projects
c. Specific assignments for each IT managers that support completion of short range plans.\
d. Methodology for progress reporting and monitoring relating to adequacy of long/short range plans.
The Most Appropriate answer is “A” Documented long range plan for facilities, hardware and system and
application software
The most appropriate answer is “D” Add value to business and balance risk versus return
25. The primary purpose in management implementing IT controls and IS auditor reviewing these control
is to :
a. Maintain Data Integrity
b. Safeguard computers
c. Provide assurance that business objectives are achieved
d. Provide proper segregation of duties
The most appropriate answer is “C” Provide assurance that business objectives are achieved
26. In Reviewing segregation of duties, the IS auditor as a measure of best control would review whether
the security administrator is :
a. Performing functions as defined
b. Well trained in business processes
c. Technically competent
d. Aware of the security policy
27. Which of the following is the most critical consideration in segregation of duties?
a. The possibility for a single individual to subvert a critical process is prevented
b. Senior management ensures Implementation of division of roles and responsibilities
c. Staff is performing only those duties stipulated for their respective job and positions
d. Experience staff review all critical functions performed by the Junior Staff.
The most appropriate answer is ‘A” The possibility for a single individual to subvert a critical process is
prevented
28. In an Organisation providing services of outsourcing, the primary objectives of business continuity
plan is to ensure
a. Safeguard assets from a Disaster
b. Redundancy of IT resources
c. Continuity of critical business processes as per SLA
d. Identify single points of failures relating to technology
The most appropriate answer is “C” Continuity of critical business processes as per SLA