CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 238
1. When reviewing input controls, an IS auditor observes that, in accordance with corporate policy, procedures allow supervisory override of data validation edits.The IS auditor should:
A) not be concerned since there may be other compensating controls to mitigate the risks.
B) ensure that overrides are automatically logged and subject to review.
C) verify whether all such overrides are referred to senior management for approval.
D) recommend that overrides not be permitted.
2. When using an integrated test facility (ITF), an IS auditor should ensure that:
A) production data are used for testing.
B) test data are isolated from production data.
C) a test data generator is used.
D) master files are updated with the test data.
3. A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the change was authorized?
A) The system will not process the change until the clerk's manager confirms the change by entering an approval code.
B) The system generates a weekly report listing all rate exceptions and the report is reviewed by the clerk's manager.
C) The system requires the clerk to enter an approval code.
D) The system displays a warning message to the clerk.
4. The GREATEST advantage of using web services for the exchange of information between two systems is:
A) secure communications.
B) improved performance.
C) efficient interfacing.
D) enhanced documentation.
5. An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to:
A) review the integrity of system access controls.
B) accept management's statement that effective access controls are in place.
C) stress the importance of having a system control framework in place.
D) review the background checks of the accounts payable staff.
A) not be concerned since there may be other compensating controls to mitigate the risks.
B) ensure that overrides are automatically logged and subject to review.
C) verify whether all such overrides are referred to senior management for approval.
D) recommend that overrides not be permitted.
2. When using an integrated test facility (ITF), an IS auditor should ensure that:
A) production data are used for testing.
B) test data are isolated from production data.
C) a test data generator is used.
D) master files are updated with the test data.
3. A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the change was authorized?
A) The system will not process the change until the clerk's manager confirms the change by entering an approval code.
B) The system generates a weekly report listing all rate exceptions and the report is reviewed by the clerk's manager.
C) The system requires the clerk to enter an approval code.
D) The system displays a warning message to the clerk.
4. The GREATEST advantage of using web services for the exchange of information between two systems is:
A) secure communications.
B) improved performance.
C) efficient interfacing.
D) enhanced documentation.
5. An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to:
A) review the integrity of system access controls.
B) accept management's statement that effective access controls are in place.
C) stress the importance of having a system control framework in place.
D) review the background checks of the accounts payable staff.
1. Right Answer: B
Explanation: If input procedures allow overrides of data validation and editing, automatic logging should occur. A management individual who did not initiate the override should review this log. An IS auditor should not assume that compensating controls exist. As long as the overrides are policy- compliant, there is no need for senior management approval or a blanket prohibition.
2. Right Answer: B
Explanation: An integrated test facility (ITF) creates a fictitious file in the database, allowing for test transactions to be processed simultaneously with live data. While this ensures that periodic testing does not require a separate test process, there is a need to isolate test data from production data. An IS auditor is not required to use production data or a test data generator. Production master files should not be updated with test data.
3. Right Answer: A
Explanation: Choice A would prevent or detect the use of an unauthorized interest rate. Choice B informs the manager after the fact that a change was made, thereby making it possible for transactions to use an unauthorized rate prior to management review. Choices C and D do not prevent the clerk from entering an unauthorized rate change.
4. Right Answer: C
Explanation: Web services facilitate the exchange of information between two systems, regardless of the operating system or programming language used. Communication is not necessarily securer or faster, and there is no documentation benefit in using web services.
5. Right Answer: C
Explanation: Experience has demonstrated that reliance purely on preventative controls is dangerous. Preventative controls may not prove to be as strong as anticipated or their effectiveness can deteriorate over time. Evaluating the cost of controls versus the quantum of risk is a valid management concern. However, in a high-risk system a comprehensive control framework is needed, intelligent design should permit additional detective and corrective controls to be established that don't have high ongoing costs, e.g., automated interrogation of logs to highlight suspicious individual transactions or data patterns. Effective access controls are, in themselves, a positive but, for reasons outlined above, may not sufficiently compensate for other control weaknesses. In this situation the IS auditor needs to be proactive. The IS auditor has a fundamental obligation to point out control weaknesses that give rise to unacceptable risks to the organization and work with management to have these corrected. Reviewing background checks on accounts payable staff does not provide evidence that fraud will not occur.
Explanation: If input procedures allow overrides of data validation and editing, automatic logging should occur. A management individual who did not initiate the override should review this log. An IS auditor should not assume that compensating controls exist. As long as the overrides are policy- compliant, there is no need for senior management approval or a blanket prohibition.
2. Right Answer: B
Explanation: An integrated test facility (ITF) creates a fictitious file in the database, allowing for test transactions to be processed simultaneously with live data. While this ensures that periodic testing does not require a separate test process, there is a need to isolate test data from production data. An IS auditor is not required to use production data or a test data generator. Production master files should not be updated with test data.
3. Right Answer: A
Explanation: Choice A would prevent or detect the use of an unauthorized interest rate. Choice B informs the manager after the fact that a change was made, thereby making it possible for transactions to use an unauthorized rate prior to management review. Choices C and D do not prevent the clerk from entering an unauthorized rate change.
4. Right Answer: C
Explanation: Web services facilitate the exchange of information between two systems, regardless of the operating system or programming language used. Communication is not necessarily securer or faster, and there is no documentation benefit in using web services.
5. Right Answer: C
Explanation: Experience has demonstrated that reliance purely on preventative controls is dangerous. Preventative controls may not prove to be as strong as anticipated or their effectiveness can deteriorate over time. Evaluating the cost of controls versus the quantum of risk is a valid management concern. However, in a high-risk system a comprehensive control framework is needed, intelligent design should permit additional detective and corrective controls to be established that don't have high ongoing costs, e.g., automated interrogation of logs to highlight suspicious individual transactions or data patterns. Effective access controls are, in themselves, a positive but, for reasons outlined above, may not sufficiently compensate for other control weaknesses. In this situation the IS auditor needs to be proactive. The IS auditor has a fundamental obligation to point out control weaknesses that give rise to unacceptable risks to the organization and work with management to have these corrected. Reviewing background checks on accounts payable staff does not provide evidence that fraud will not occur.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment