21.
Which of the following indicates why continuity planners can create plans without a
business impact analysis (BIA)?
- A.Management already dictated all the key processes to be used.
- B.They can’t because critical processes may change monthly or annually.
- C.Business impact analysis is not required.
- D.Risk assessment is acceptable.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| It is not possible to create business continuity plans without a current business impact analysis (BIA). The BIA is a step-by-step process map that identifi es critical processes and their dependencies. The critical processes will change as the business changes with new products and customers. |
22.
Which of the following answers contains the steps for business process reengineering (BPR)
in proper sequence?
- A.Diagnose, envision, redesign, reconstruct
- B.Envision, initiate, diagnose, redesign, reconstruct, evaluate
- C.Evaluate, envision, redesign, reconstruct, review
- D.Initiate, evaluate, diagnose, reconstruct, review
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| According to ISACA, the general steps in business process reengineering are envision the need, initiate the project, diagnose the existing process, redesign a process, use change management to reconstruct the organization in transition, and evaluate the results. |
23.
Segregation or separation of duties may not be practical in a small environment. A single
employee may be performing the combined functions of server operator and application
programmer. The IS auditor should recommend controls for which of the following?
- A.Automated logging of changes made to development libraries
- B.Procedures that verify that only approved program changes are implemented
- C.Automated controls to prevent the operator logon ID from making program modifications
- D.Hiring additional technical staff to force segregation of duties
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Procedures should be implemented to ensure that only approved program changes are implemented. The purpose of separation of duties is to prevent intentional or unintentional errors. In the worst case, a logical separation of duties may exist if a single person performs two job roles. The ultimate objective is to ensure that a second person has reviewed and approved a change before it is implemented. |
24.
Which of the following is true concerning reporting by internal auditors?
- A.Results can be used for industry licensing.
- B.The corresponding value of the audit report is high.
- C.Results can be used for external reporting.
- D.The corresponding value of the audit report is low.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Reports by internal auditors have a low corresponding value due to the built-in reporting conflict that may exist. This is why external independent audits are required for regulatory licensing. |
25.
The auditor is permitted to deviate from professional audit standards when they feel it is
necessary because of which of the following?
- A.Standards are designed for discretionary use.
- B.The unique characteristics of each client will require auditor flexibility.
- C.Deviating from standards is almost unheard of and would require significant justification.
- D.Deviation depends on the authority granted in the audit charter.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Standards are mandatory and any deviation would require justification. Exceptions are rarely accepted. |
|
|
||||||||||||||||||||||||||||
