CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 223
1. The MAIN purpose of a transaction audit trail is to:
A) reduce the use of storage media.
B) determine accountability and responsibility for processed transactions.
C) help an IS auditor trace transactions.
D) provide useful information for capacity planning.
2. An appropriate control for ensuring the authenticity of orders received in an EDI application is to:
A) acknowledge receipt of electronic orders with a confirmation message.
B) perform reasonableness checks on quantities ordered before filling orders.
C) verify the identity of senders and determine if orders correspond to contract terms.
D) encrypt electronic orders.
3. A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives?
A) Establishing an inter-networked system of client servers with suppliers for increased efficiencies
B) Outsourcing the function to a firm specializing in automated payments and accounts receivable/invoice processing
C) Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format
D) Reengineering the existing processing and redesigning the existing system
4. An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is:
A) continuous improvement.
B) quantitative quality goals.
C) a documented process.
D) a process tailored to specific projects.
5. During the audit of an acquired software package, an IS auditor learned that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:
A) test the software for compatibility with existing hardware.
B) perform a gap analysis.
C) review the licensing policy.
D) ensure that the procedure had been approved.
A) reduce the use of storage media.
B) determine accountability and responsibility for processed transactions.
C) help an IS auditor trace transactions.
D) provide useful information for capacity planning.
2. An appropriate control for ensuring the authenticity of orders received in an EDI application is to:
A) acknowledge receipt of electronic orders with a confirmation message.
B) perform reasonableness checks on quantities ordered before filling orders.
C) verify the identity of senders and determine if orders correspond to contract terms.
D) encrypt electronic orders.
3. A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives?
A) Establishing an inter-networked system of client servers with suppliers for increased efficiencies
B) Outsourcing the function to a firm specializing in automated payments and accounts receivable/invoice processing
C) Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format
D) Reengineering the existing processing and redesigning the existing system
4. An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is:
A) continuous improvement.
B) quantitative quality goals.
C) a documented process.
D) a process tailored to specific projects.
5. During the audit of an acquired software package, an IS auditor learned that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:
A) test the software for compatibility with existing hardware.
B) perform a gap analysis.
C) review the licensing policy.
D) ensure that the procedure had been approved.
1. Right Answer: B
Explanation: Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used to trace transactions, but would not aid in determining accountability and responsibility. The objective of capacity planning is the efficient and effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc.
2. Right Answer: C
Explanation: An electronic data interchange (EDI) system is subject not only to the usual risk exposures of computer systems but also to those arising from the potential ineffectiveness of controls on the part of the trading partner and the third-party service provider, making authentication of users and messages a major security concern. Acknowledging the receipt of electronic orders with a confirming message is good practice but will not authenticate orders from customers. Performing reasonableness checks on quantities ordered before placing orders is a control for ensuring the correctness of the company's orders, not the authenticity of its customers' orders. Encrypting sensitive messages is an appropriate step but does not apply to messages received.
3. Right Answer: C
Explanation: EDI is the best answer. Properly implemented (e.g., agreements with trading partner's transaction standards, controls over network security mechanisms in conjunction with application controls), EDI is best suited to identify and follow up on errors more quickly, given reduced opportunities for review and authorization.
4. Right Answer: A
Explanation: An organization would have reached the highest level of the software CMM at level 5, optimizing. Quantitative quality goals can be reached at level 4 and below, a documented process is executed at level 3 and below, and a process tailored to specific projects can be achieved at level 3 or below.
5. Right Answer: D
Explanation: In the case of a deviation from the predefined procedures, an IS auditor should first ensure that the procedure followed for acquiring the software is consistent with the business objectives and has been approved by the appropriate authorities. The other choices are not the first actions an IS auditor should take. They are steps that may or may not be taken after determining that the procedure used to acquire the software had been approved.
Explanation: Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used to trace transactions, but would not aid in determining accountability and responsibility. The objective of capacity planning is the efficient and effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc.
2. Right Answer: C
Explanation: An electronic data interchange (EDI) system is subject not only to the usual risk exposures of computer systems but also to those arising from the potential ineffectiveness of controls on the part of the trading partner and the third-party service provider, making authentication of users and messages a major security concern. Acknowledging the receipt of electronic orders with a confirming message is good practice but will not authenticate orders from customers. Performing reasonableness checks on quantities ordered before placing orders is a control for ensuring the correctness of the company's orders, not the authenticity of its customers' orders. Encrypting sensitive messages is an appropriate step but does not apply to messages received.
3. Right Answer: C
Explanation: EDI is the best answer. Properly implemented (e.g., agreements with trading partner's transaction standards, controls over network security mechanisms in conjunction with application controls), EDI is best suited to identify and follow up on errors more quickly, given reduced opportunities for review and authorization.
4. Right Answer: A
Explanation: An organization would have reached the highest level of the software CMM at level 5, optimizing. Quantitative quality goals can be reached at level 4 and below, a documented process is executed at level 3 and below, and a process tailored to specific projects can be achieved at level 3 or below.
5. Right Answer: D
Explanation: In the case of a deviation from the predefined procedures, an IS auditor should first ensure that the procedure followed for acquiring the software is consistent with the business objectives and has been approved by the appropriate authorities. The other choices are not the first actions an IS auditor should take. They are steps that may or may not be taken after determining that the procedure used to acquire the software had been approved.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment