CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 208
1. After the merger of two organizations, multiple self-developed legacy applications from both companies are to be replaced by a new common platform. Which of the following would be the GREATEST risk?
A) Project management and progress reporting is combined in a project management office which is driven by external consultants.
B) The replacement effort consists of several independent projects without integrating the resource allocation in a portfolio management approach.
C) The resources of each of the organizations are inefficiently allocated while they are being familiarized with the other company's legacy systems.
D) The new platform will force the business areas of both organizations to change their work processes, which will result in extensive training needs.
2. Which of the following is the MOST important function to be performed by IS management when a service has been outsourced?
A) Ensuring that invoices are paid to the provider
B) Participating in systems design with the provider
C) Renegotiating the provider's fees
D) Monitoring the outsourcing provider's performance
3. Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan?
A) Yes, because an IS auditor will evaluate the adequacy of the service bureau's plan and assist their company in implementing a complementary plan.
B) Yes, because based on the plan, an IS auditor will evaluate the financial stability of the service bureau and its ability to fulfill the contract.
C) No, because the backup to be provided should be specified adequately in the contract.
D) No, because the service bureau's business continuity plan is proprietary information.
4. An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:
A) hardware configuration.
B) access control software.
C) ownership of intellectual property.
D) application development methodology.
5. When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?
A) There could be a question regarding the legal jurisdiction.
B) Having a provider abroad will cause excessive costs in future audits.
C) The auditing process will be difficult because of the distance.
D) There could be different auditing norms.
A) Project management and progress reporting is combined in a project management office which is driven by external consultants.
B) The replacement effort consists of several independent projects without integrating the resource allocation in a portfolio management approach.
C) The resources of each of the organizations are inefficiently allocated while they are being familiarized with the other company's legacy systems.
D) The new platform will force the business areas of both organizations to change their work processes, which will result in extensive training needs.
2. Which of the following is the MOST important function to be performed by IS management when a service has been outsourced?
A) Ensuring that invoices are paid to the provider
B) Participating in systems design with the provider
C) Renegotiating the provider's fees
D) Monitoring the outsourcing provider's performance
3. Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan?
A) Yes, because an IS auditor will evaluate the adequacy of the service bureau's plan and assist their company in implementing a complementary plan.
B) Yes, because based on the plan, an IS auditor will evaluate the financial stability of the service bureau and its ability to fulfill the contract.
C) No, because the backup to be provided should be specified adequately in the contract.
D) No, because the service bureau's business continuity plan is proprietary information.
4. An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:
A) hardware configuration.
B) access control software.
C) ownership of intellectual property.
D) application development methodology.
5. When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?
A) There could be a question regarding the legal jurisdiction.
B) Having a provider abroad will cause excessive costs in future audits.
C) The auditing process will be difficult because of the distance.
D) There could be different auditing norms.
1. Right Answer: B
Explanation: The efforts should be consolidated to ensure alignment with the overall strategy of the post-merger organization. If resource allocation is not centralized, the separate projects are at risk of overestimating the availability of key knowledge resources for the in-house developed legacy applications. In post-merger integration programs, it is common to form project management offices to ensure standardized and comparable information levels in the planning and reporting structures, and to centralize dependencies of project deliverables or resources. The experience of external consultants can be valuable since project management practices do not require in-depth knowledge of the legacy systems. This can free up resources for functional tasks. Itis a good idea to first get familiar with the old systems, to understand what needs to be done in a migration and to evaluate the implications of technical decisions. In most cases, mergers result in application changes and thus in training needs as organizations and processes change to leverage the intended synergy effects of the merger.
2. Right Answer: D
Explanation: In an outsourcing environment, the company is dependent on the performance of the service provider. Therefore, it is critical the outsourcing provider's performance be monitored to ensure that services are delivered to the company as required. Payment of invoices is a finance function, which would be completed per contractual requirements. Participating in systems design is a byproduct of monitoring the outsourcing provider's performance, while renegotiating fees is usually a one-time activity.
3. Right Answer: A
Explanation: The primary responsibility of an IS auditor is to assure that the company assets are being safeguarded. This is true even if the assets do not reside on the immediate premises. Reputable service bureaus will have a well-designed and tested business continuity plan.
4. Right Answer: C
Explanation: Of the choices, the hardware and access control software is generally irrelevant as long as the functionality, availability and security can be affected, which are specific contractual obligations. Similarly, the development methodology should be of no real concern. The contract must, however, specify who owns the intellectual property (i.e., information being processed, application programs). Ownership of intellectual property will have a significant cost and is a key aspect to be defined in an outsourcing contract.
5. Right Answer: A
Explanation: In the funds transfer process, when the processing scheme is centralized in a different country, there could be legal issues of jurisdiction that might affect the right to perform a review in the other country. The other choices, though possible, are not as relevant as the issue of legal jurisdiction.
Explanation: The efforts should be consolidated to ensure alignment with the overall strategy of the post-merger organization. If resource allocation is not centralized, the separate projects are at risk of overestimating the availability of key knowledge resources for the in-house developed legacy applications. In post-merger integration programs, it is common to form project management offices to ensure standardized and comparable information levels in the planning and reporting structures, and to centralize dependencies of project deliverables or resources. The experience of external consultants can be valuable since project management practices do not require in-depth knowledge of the legacy systems. This can free up resources for functional tasks. Itis a good idea to first get familiar with the old systems, to understand what needs to be done in a migration and to evaluate the implications of technical decisions. In most cases, mergers result in application changes and thus in training needs as organizations and processes change to leverage the intended synergy effects of the merger.
2. Right Answer: D
Explanation: In an outsourcing environment, the company is dependent on the performance of the service provider. Therefore, it is critical the outsourcing provider's performance be monitored to ensure that services are delivered to the company as required. Payment of invoices is a finance function, which would be completed per contractual requirements. Participating in systems design is a byproduct of monitoring the outsourcing provider's performance, while renegotiating fees is usually a one-time activity.
3. Right Answer: A
Explanation: The primary responsibility of an IS auditor is to assure that the company assets are being safeguarded. This is true even if the assets do not reside on the immediate premises. Reputable service bureaus will have a well-designed and tested business continuity plan.
4. Right Answer: C
Explanation: Of the choices, the hardware and access control software is generally irrelevant as long as the functionality, availability and security can be affected, which are specific contractual obligations. Similarly, the development methodology should be of no real concern. The contract must, however, specify who owns the intellectual property (i.e., information being processed, application programs). Ownership of intellectual property will have a significant cost and is a key aspect to be defined in an outsourcing contract.
5. Right Answer: A
Explanation: In the funds transfer process, when the processing scheme is centralized in a different country, there could be legal issues of jurisdiction that might affect the right to perform a review in the other country. The other choices, though possible, are not as relevant as the issue of legal jurisdiction.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment