A. Informing users of the status of changes
B. Establishing priorities on program changes
C. Obtaining user approval of program changes
D. Requiring documented user specifications for changes
A. Function point analysis
B. PERT chart
C. Rapid application development
D. Object-oriented system development
A. satisfy a requirement in addressing a risk issue.
B. do not reduce productivity.
C. are based on a cost-benefit analysis.
D. are detective or corrective.
A. User management
B. Senior management
C. Project steering committee
D. Systems development management
A. emulation techniques.
B. structured walk-throughs.
C. modular program techniques.
D. top-down program construction.
C. Direct cut-over
A. existence of a set of functions and their specified properties.
B. ability of the software to be transferred from one environment to another.
C. capability of software to maintain its level of performance under stated conditions.
D. relationship between the performance of the software and the amount of resources used.
A. Verifying production to customer orders
B. Logging all customer orders in the ERP system
C. Using hash totals in the order transmitting process
D. Approving (production supervisor) orders prior to production
A. during the initial planning stages of the project.
B. after early planning has been completed, but before work has begun.
C. through out the work stages, based on risks and exposures.
D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls.
A. Key verification
B. One-for-one checking
C. Manual recalculations
D. Functional acknowledgements
A. Control total
B. Check digit
C. Check sum
D. Control account
A. To ensure that appropriate staffing is assigned and to provide a method of controlling costs and schedules
B. To provide a method of controlling costs and schedules and to ensure communication among users, IS auditors, management and IS personnel
C. To provide a method of controlling costs and schedules and an effective means of auditing project development
D. To ensure communication among users, IS auditors, management and personnel, and to ensure that appropriate staffing is assigned among users, IS auditors, management and IS personnel
A. increased maintenance.
B. improper documentation of testing.
C. inadequate functional testing.
D. delays in problem resolution.
A. Black box test
B. Desk checking
C. Structured walk-through
D. Design and code
B. Dynamic warehousing
A. complete the audit and report the finding.
B. investigate and recommend appropriate formal standards.
C. document the informal standards and test for compliance.
D. withdraw and recommend a further audit when standards are implemented.
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on initial implementation.
D. Prototyping is being used to confirm that the system meets business requirements.
A. iterative nature of prototyping.
B. rapid pace of modifications in requirements and design.
C. emphasis on reports and screens.
D. lack of integrated tools.
A. result in a correct capture of requirements.
B. ensure that desirable application controls have been implemented.
C. produce ergonomic and user-friendly interfaces.
D. generate efficient code.
A. based on known constraints.
B. based on objective past data.
C. a result of a lack of information.
D. often made by unqualified people.
A. requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate.
B. requirements are well understood and the project is subject to time pressures.
C. the project intends to apply an object-oriented design and programming approach.
D. the project will involve the use of new technology. environment in which the system will operate.
A. Sociability testing
B. Parallel testing
C. White box testing
D. Validation testing
A. the computers were not used to store confidential data.
B. a nondisclosure agreement has been signed.
C. the data storage media are sanitized.
D. all data has been deleted.
A. restrict access to systems under test.
B. segregate user and development staff.
C. control the stability of the test environment.
D. secure access to systems under development.
A. Intrusion detection systems
B. Data mining techniques
D. Packet filtering routers
A. check to ensure that the type of transaction is valid for the card type.
B. verify the format of the number entered then locate it on the database.
C. ensure that the transaction entered is within the cardholder's credit limit.
D. confirm that the card is not shown as lost or stolen on the master file.
A. facilitate the ability to reuse modules.
B. improve system performance.
C. enhance control effectiveness.
D. speed up the system development life cycle.
A. users participate in the review and approval process.
B. formal approval procedures be adopted and documented.
C. projects be referred to appropriate levels of management for approval.
D. the IS manager's job description be changed to include approval authority.
A. Unit tests
B. Stress tests
C. Regression tests
D. Acceptance tests
A. Feasibility study
B. Requirements definition
C. Implementation planning
D. Postimplementation review
A. continuous improvement.
B. quantitative quality goals.
C. a documented process.
D. a process tailored to specific projects.
A. Adequate training
B. Programmers that clearly understand the business processes
C. Documentation of business rules
D. Early engagement of key users
A. Screens and process programs
B. Screens, interactive edits and sample reports
C. Interactive edits, process programs and sample reports
D. Screens, interactive edits, process programs and sample reports
A. Team leader
B. Project sponsor
C. System analyst
D. Steering committee
A. reliable products are guaranteed.
B. programmers' efficiency is improved.
C. security requirements are designed.
D. predictable software processes are followed.
A. integrity of the database.
B. access controls for the applications programmer.
C. complete program, including any interface systems.
D. segment of the program containing the revised code.
A. conclude that the individual modules running as a group will be correct.
B. document the test as positive proof that the system can produce the desired results.
C. inform management and recommend an integrated test.
D. provide additional test data.
A. test environment using test data.
B. production environment using live workloads.
C. test environment using live workloads.
D. production environment using test data.
A. facilitates user involvement.
B. allows early testing of technical features.
C. facilitates conversion to the new system.
D. shortens the development time frame.
A. Implement data backup and recovery procedures.
B. Define standards and closely monitor for compliance.
C. Ensure that only authorized personnel can update the database.
D. Establish controls to handle concurrent access problems.
A. a clear business case has been approved by management.
B. corporate security standards will be met.
C. users will be involved in the implementation plan.
D. the new system will meet all required user functionality.
A. users may prefer to use contrived data for testing.
B. unauthorized access to sensitive data may result.
C. error handling and credibility checks may not be fully proven.
D. the full functionality of the new process may not necessarily be tested.
A. is not suitable for prototyping or rapid application development (RAD).
B. eliminates the need for a quality process.
C. prevents cost overruns and delivery delays.
D. separates system and user acceptance testing.
A. Vendor reputation
B. Requirements of the organization
C. Cost factors
D. An installed base
A. Defining the areas to be reviewed
B. Developing a project plan
C. Understanding the process under review
D. Reengineering and streamlining the process under review
A. the database survives failures (hardware or software).
B. each transaction is separated from other transactions.
C. integrity conditions are maintained.
D. a transaction is completed or a database is updated.
A. can lack the lower-level detail commands necessary to perform data intensive operations.
B. cannot be implemented on both the mainframe processors and microcomputers.
C. generally contain complex language subsets that must be used by skilled users.
D. cannot access database records and produce complex online outputs. operations.
A. Processing controls such as range checks and logic edits
B. Reviewing accounts payable output reports by data entry
C. Reviewing system-produced reports for checks (cheques) over a stated amount
D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
A. Program evaluation review technique (PERT)
B. Counting source lines of code (SLOC)
C. Function point analysis
D. White box testing
A. documentation of requirements.
B. escalation of project issues.
C. design of interface controls.
D. specification of reports.
A. A map of existing controls
B. Eliminated controls
C. Process charts
D. Compensating controls
A. User management
B. Project steering committee
C. Senior management
D. Systems development management
A. Data availability
B. Data completeness
C. Data redundancy
D. Data inaccuracy
A. finish writing user manuals.
B. perform user acceptance testing.
C. add last-minute enhancements to functionalities.
D. ensure that the code has been documented and reviewed.
A. reverse engineering.
C. software reuse.
A. sequence check.
B. key verification.
C. check digit.
D. completeness check.
A. Repeatable (level 2)
B. Defined (level 3)
C. Managed (level 4)
D. Optimizing (level 5)
A. increase in quality can be achieved, even if resource allocation is decreased.
B. increase in quality is only achieved, if resource allocation is increased.
C. decrease in delivery time can be achieved, even if resource allocation is decreased.
D. decrease in delivery time can only be achieved, if quality is decreased.
A. Increased response time on the production systems
B. Access controls that are not adequate to prevent data modification
C. Data duplication
D. Data that is not updated or current
B. decision trees.
C. semantic nets.
D. dataflow diagrams.
A. report this as a critical finding to senior management.
B. accept that different quality processes can be adopted for each project.
C. report to IS management the team's failure to follow quality procedures.
D. report the risks associated with fast tracking to the project steering committee.
A. Quality of the metadata
B. Speed of the transactions
C. Volatility of the data
D. Vulnerability of the system
A. is aimed at solving highly structured problems.
B. combines the use of models with nontraditional data access and retrieval functions.
C. emphasizes flexibility in the decision-making approach of users.
D. supports only structured decision-making tasks.
A. systems receiving the output of other systems.
B. systems sending output to other systems.
C. systems sending and receiving data.
D. interfaces between the two systems.
A. limit check.
B. reasonableness check.
C. range check.
D. validity check.
A. Range checks
B. Run-to-run totals
C. Limit checks on calculated amounts
D. Exception reports
A. The finished system normally has strong internal controls.
B. Prototype systems can provide significant time and cost savings.
C. Change control is often less complicated with prototype systems.
D. It ensures that functions or extras are not added to the intended system.
A. buffer overflow.
B. brute force attack.
C. distributed denial-of-service attack.
D. war dialing attack.
A. determine whether test data covered all scenarios.
B. conduct a certification and accreditation process.
C. assess whether expected project benefits were received.
D. design audit trail reports.
A. Function point analysis
B. Critical path methodology
C. Rapid application development
D. Program evaluation review technique
A. black box.
B. white box.
B. data leakage.
D. a Trojan horse.
A. Application programmers are implementing changes to production programs.
B. Application programmers are implementing changes to test programs.
C. Operations support staff are implementing changes to batch schedules.
D. Database administrators are implementing changes to data structures.
A. Controls the proliferation of multiple versions of programs
B. Expands the programming resources and aids available
C. Increases program and processing integrity
D. Prevents valid changes from being overwritten by other changes
A. Lack of documentation
B. Lack of testing
C. Poor requirements definition
D. Poor project management practices
A. business priorities will remain stable.
B. information technologies will not change.
C. the process will improve product, service and profitability.
D. input from clients and customers will no longer be necessary.
A. Stringent contract management practices
B. Detailed and correctly applied specifications
C. Awareness of cultural and political differences
D. Postimplementation reviews
C. departmental specific.
D. a volatile database
A. Management control
B. Semistructured dimensions
C. Inability to specify purpose and usage patterns
D. Changes in decision processes
A. payroll reports should be compared to input forms.
B. gross payroll should be recalculated manually.
C. checks (cheques) should be compared to input forms.
D. checks (cheques) should be reconciled with output reports.
A. Initial (level 1)
B. Repeatable (level 2)
C. Defined (level 3)
D. Optimizing (level 5)
A. operating system (OS) being used is compatible with the existing hardware platform.
B. planned OS updates have been scheduled to minimize negative impacts on company needs.
C. OS has the latest versions and updates.
D. products are compatible with the current or planned OS.
A. The project initiation document has not been updated to reflect changes in the system scope.
B. A gap analysis comparing the chosen solution to the original specification has revealed a number of significant changes in functionality.
C. The project has been subject to a number of requirement specification changes.
D. The organization has decided that a project steering committee is not required.
A. Inference engine
B. Explanation module
C. Knowledge base
D. Data interface
A. reasonableness check.
B. parity check.
C. redundancy check.
D. check digits.
A. test the software for compatibility with existing hardware.
B. perform a gap analysis.
C. review the licensing policy.
D. ensure that the procedure had been approved.
A. Project slack times
B. The project's critical path
C. Time and resource requirements for individual tasks
D. Relationships that preclude the start of an activity before others are complete
A. it is sent over the network from the server.
B. the server does not run the program and the output is not sent over the network.
C. they improve the performance of the web server and network.
D. it is a JAVA program downloaded through the web browser and executed by the web server of the client machine.
A. that fewer opportunities for review and authorization will exist.
B. an inherent authentication.
C. a proper distribution of EDI transactions while in the possession of third parties.
D. that IPF management will have increased responsibilities over data center controls.
A. Accuracy of the source data
B. Credibility of the data source
C. Accuracy of the extraction process
D. Accuracy of the data transformation
A. Different data than used in the previous test
B. The most current production data
C. The data used in previous tests
D. Data produced by a test data generator
A. verification of database import and export procedures.
B. usage of a structured query language (SQL).
C. analysis of stored procedures/triggers.
D. synchronization of the entity-relation model with the database physical schema.
A. Data-oriented system development (DOD)
B. Object-oriented system development (OOD)
C. Business process reengineering (BPR)
D. Rapid application development (RAD)
A. test the generation of the designed control totals.
B. determine whether the documentation of the system is accurate.
C. evaluate the system functionally.
D. ensure that the system operators become familiar with the new system.
A. prevent further changes to a project in process.
B. indicate the point at which the design is to be completed.
C. require that changes after that point be evaluated for cost-effectiveness.
D. provide the project management team with more control over the project design.
A. ensuring that the output received from system processing is complete.
B. monitoring the execution of computer processing tasks.
C. ensuring that programs and program changes and documentation adhere to established standards.
D. designing procedures to protect data against accidental disclosure, modification or destruction. standards.