Professional Documents
Culture Documents
MT Q. Bank
MT Q. Bank
1
2
3
4
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
QUESTION
Q. Self Service assistance to users provided by help desk such as resetting passwords etc. is considered which level
of assistence?
Q. Which of the following model user need to know URL to access the app?
Q. Who is responsible for classification of data in a Dept?
Q. Expert system is an example of-
Q. Which of the following interface testing approach, a tester may start at top or bottom level and depending on
Situation move downward or upward?
Q.Which of the following tool is considered useful for comparing processing output with independentlycalculated
data?
Q. The practice of limiting permissions to the minimal level that will allow users to perform their jobs. It is known as
Q. Which of the following is an example of external schema in a database mgt system?
Q. Batch total is an example of_
Q. Which of the following is one of the imp operations performance metrics?
Q.Which of the following test is done by the programmer?
Q. Which of the following test checks whether programs do what they are supposed to do?
Q. Which of the following test is concerned with examining the internal processing logic of a software system?
Q. Users have more privileges than they need and may use them to perform actions outside of their job description.
It is known as_
Q. Which of the following relates to the accuracy and completeness of info as well as to its validity in accordance
with business values and expectations?
Q.Which of the following relates to the provision of appropriate info for mgt to operate the entity and exercise its
fiduciary and governance responsibilities?
Default settings are used by vendors to help users get the system up and running. What is the auditor's primary area
of interest regarding default settings?
Which of the following software developing methodology primarily focuses on risk avoidance?
Completeness and Accuracy of Data is assured by ?
Which of the following is the list of OSI Model levels from the top down ?
Performance, Security, user Interface are examples of which of the following testing ?
A user account is terminated by the IT Department , only when the request is approved and sent by the_____
Which type of Control is representative of Exception Reporting ?
Which of the following is the role of IS Auditor in SDLC ?
Which of the following methods is designed to permanently destroy data on hard disk ?
Multinational organisation has decided to implement ERP solution across all geographical locations. The
Organisation shall initiate a
Tools not used by Project managers to control the projects
Arrange the following in the order of activities ?
which of the following protocols is likely to be used for monitoring the health of network ?
why ongoing system monitoring is important ?
which of the following categories of maintenance, changes are made to the program(s), when a defect or errors
arises in working of software?
Which of the following is the best definition of slack space on a hard disk?
Which of the following is not a function of the Operating System?
which of the following methods is used to make a backup copy of all the data files for a forensic investigation
which of the following is a major issue facing incident response
when separation of duties is not possible, what would be the terminology for forcing employees to take vacation,
job rotation, reconciliation and supervision review
performance of a third party should be compared to agreed upon service level metrics and must be
an IS auditor is auditing controls related to an employee termination. which of the following is the most important
aspect to be reviewed
Q.A MN org. has decided to implement an ERP soln across all geolocations. The org shall initiate a-
Q. A user Account is terminated by the IT dept, only when the request is approved and sent by the-
Q. Which of the following categories of maintanance, changes are made to the program(s), when a defect or error
arises in working of softwae?
Q.Completeness and accuracy of accumulated data is ensured by_
The practice of limiting permissions to the minimal level that will alow users to perform their jobs. It is known as ?
Who is responsible for classification of data in a department?
Which of the following is the best definition of stack space on a hard disk ?
Which of the following relates to the provision of appropriate information for management to operate the entity
and exercise its fiduciary and governance responsibilities ?
Batch total is an example of ?
Self Service Assisstance to users provided by help-desk such as resetting passwords etc is considered which level of
assisstance ?
Criticial function is to be frewall is to act a
QIA Personnel
Which of following may help to establish accuracy and completeness of data?
Which of following types of attacks may be prevented by input validation?
Which of following is central storage for all kinds of structured, semi structured or unstructured raw data collected
from multiple sources?
After major earthquake a business decides to shift to location of data center from earthquake zone 5 to earthquake
zone 2 which type of risk respond option it has exercise?
Which of following is not example of ai platform?
Which of following is a cloud deployment model is highly scalable?
Use of license software, patch updates, disabling default users and using anti-malware software are the control
against?
Which of the following types of attacks may be prevented by using anti-malware and application from trusted
source?
At that strives for natural, human like interaction with machine is known as?
Which of the following provides secure connection between two end points?
Which of the block chain principals state that each node stores and forwards information to all other nodes?
Which of the following types of smart card enables card reader to send the card in possession of user in the general
area and allow access?
Which of the following is a type of malware that takes control of administrative rights for execution of malicious
codes?
Which of the following is example of robotic process automation?
Which of the following is a sense of minor attacks those together results in larger attack?
Which of the following enable hackers to exploit system vulnerabilities including human element?
Which of the following cloud deployment model, customer hold the control of operating system?
Which of the following analytics assist in identifying the best option to choose to achieve the desire out come
through optimization techniques and machine learning?
which of the following is primary requirement of granting users access to information asset?
Primary purpose of access control dead man door, turnstile, mantrap is to?
The Most significant level of effort for the BCP is generally required during the -
Which of the following test an IS auditor is most likely to perform if, after evaluation he she consludes that the
control environment is poor ---
While reviewing the BCP plan of an organisation , an IS auditor observed that the orgn data and software files are
backed up on a peridoic ---
While Reviewing the IT security process. IS Auditor observed taht some of the sub poicies were not approved but
employees strictly followed the policies. ---
Which of the following is a benefit of using callback services ---
WHich of the name of the decentralised control method enabling someone to mae the decison based on their own
options ----
Which of the followng funciton is primary responsible to support value creation by reducing the risl of IT to an
acceptable level ----
Which of the folloiwng seciotn of IT act 2000 demands for appropriate documented procedure to complyu with the
CERT-
Which of the following must exist to ensure the viability of a duplicate information processing facility ----
IT BSC priorities and objectives set by
BPR risk in design phase
Auditor identifes weakness which is out of scope
IS Auditor and management disagreement for selecting system
Sequence of BPR
which of the following should be done first when preparing a disaster recovery plan
an offiste information processing facility having electrical wiring air conditioning and flooring but no computer or
communications equipment is a
which of the following must exist to ensure the viability of a duplicate information processing facility
during the course of an application software review, an IS auditor identified minor weaknesses in a relevant
database environment that is out of scope for the audit. The best option is to
which of the following phase starts with damage assessment
which of the following business process reengineering risks are likely to occur during the design phase
which of the following section of IT act 2000 demands the appropriate documented procedure to comply with the
request of CERT-IN regarding cyber security incidents
which of the following is not considered a control failure
which of the following helps to gain clear understanding of the business process while developing a business
continuty plan
which of the following audit's primary purpose is the development of evidence for review by law enforcement and
judicial authorities
what is the best way to ensure that organizational polocies comply with the legal requirements
which of the following disaster recovery/ continuity plan components provides the greatest assurance of recovery
after a disaster
who sets the priorities and objectives of the IT balanced scorecard
which of the following is the primary requirement in reporting results of and IS audit? The report should be
why is change control considered a governanec issue
which of the following function is primarily responsible to support value creation by reducing the risk of IT to
acceptable level
which of the following is the primary reason for periodic review of risk? The change in
which of the following aims to sustain critical business process during an unplanned interruption period
which of the following risk treatment options enables implementation of control to reduce level of risk
which of the following is a benefit of using callback devices
which of the following data validation edits is effective in detecting transposition and transcrption errors
while reviewing the IT security policies, IS auditor observed that some of the sub-plicies were not approved by the
management but employees striclty follows the policies. What should IS auditor to do first
which of the following is the most useful for business decisions making and framing policies based on actual
transactional data
which of the following statements is true concerning the steering committee
which of the following audit tools is most useful to an IS auditor when only select transactions or processes need to
be examined
IT department more than one role
Prioritization of IT initiatives
When an individual in an IT department perform more than one role, which one of the following poses the greatest
risk?
As per IATF, which standard is a standard under "IS Audit and assurance standard"?
Who are responsible for ensuring IT enabled investments provide business value?
Which of the following is known as conditions that affect the risk profile of the organizations_____
which of the following standard on internal auditing (SIA) defines fraud and lays the responsility for prevention and
detection of frauds on the mangement and those charges with governance?
In which of the following types of evidence, the IS Auditor's independent tests of client accounting procedures or
controls that were originally done as part of the entity's accounting and internal control systems.
While planning an audit M/s InfoTech Solutions should have FIRST identified:
M/s InfoTech Solutions has decided to Skip Risk Assessment Process. What is the Primary Risk involved here?
The decisions and actions of Senior Auditor of M/s InfoTech Solutions are MOST likely to affect which of the
following risks?
The primary purpose and existence of an audit charter is to:
Which of the following control classifications identify the cause of a problem and minimize the impact of threat?
To conduct a system audit, the IS auditor should
Which of the following are most commonly used to mitigate risks discovered by organizations?
The rate of change in technology increases the importance of:
What means the rate at which opinion of the IS Auditor would change if he selects a larger sample size?
Which of the following cannot be classified as Audit Risk?
After you enter a purchase order in an on-line system, you get the message, “The request could not be processed
due to lack of funds in your budget”. This is an example of error?
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:
Which of the following forms of evidence would be considered to be the most reliable when assisting an IS Auditor
develop audit conclusion?
During a review of the controls over the process of defining IT service levels, an IS auditor would most likely
interview the:
Which of the following procedures would an IS Auditor not perform during pre-audit planning to gain an
understanding of the overall environment under review?
The first step IS Auditor should take when preparing the annual IS audit plan is to:
The purpose of compliance tests is to provide reasonable assurance that:
IS Auditors being most likely to perform tests of internal controls if, after their evaluation of such controls, they
conclude that:
Which of the following is the least important factor in determining the need for an IS Auditor to be involved in a
new system development project?
Each of the following is a general control concern EXCEPT:
Which of the following types of audits requires the highest degree of data processing expertise?
A manufacturing company has implemented a new client/server system enterprise resource planning (ERP) system.
Local branches transmit customer orders to a central manufacturing facility. Which of the following controls would
BEST ensure that the orders are accurately entered and the corresponding products produced?
What is one of the key tests which can be ideally carried out using Computer Assisted Audit Tools (CAATs)?
Find out the best process carried out using Computer Assisted Audit Tools (CAATs)?
What can be ideally carried out using Computer Assisted Audit Tools (CAATs)?What can be ideally carried out using
Computer Assisted Audit Tools (CAATs)?
What is one of the key tests which can be ideally carried out using Computer Assisted Audit Tools (CAATs)?
What is one of the key tests which can be ideally carried out using Computer Assisted Audit Tools (CAATs)?
What is one of the key tests which can be ideally carried out using Computer Assisted Audit Tools (CAATs)?
Which is one of the most effective tools and techniques to combat fraud?
An IS Auditor, concerned that application controls are not adequate to prevent duplicate payment of invoices,
decided to review the data processing files for possible duplicate payments. Which of the following
techniques/tools would be useful to the IS Auditor?
Many automated tools are designed for testing and evaluating computer systems. Which one of the following such
tools impact the systems performance with a greater load and stress on the system?
The most appropriate type of CAAT tool the auditor should use to test security configuration settings for the entire
application systems of any organization is:
Application controls shall include all except
As per Income Tax Act, 1961 and banking norms, all fixed deposit holders of banks need to submit their PAN or form
60/61(a form as per Income Tax Act/Rules). A bank in its account opening form, has not updated the need for form
60/61 in case PAN is not there. This defines which control lapse as per COBIT.
In a public sector bank while updating master data for advances given, the bank employee does not update
“INSURANCE DATA”. This includes details of Insurance Policy, Amount Insured, Expiry Date of Insurance and other
related information. This defines which control lapse as per COBIT.
An IS Auditor observed that users are occasionally granted the authority to change system data. The elevated
system access is not consistent with company policy yet is required for smooth functioning of business operations.
Which of the following controls would the IS Auditor most likely recommend for long term resolution?
An IS Auditor, processes a dummy transaction to check whether the system is allowing cash payments in excess of
Rs.20,000/-. This check by auditor represents which of the following evidence collection technique?
An IS Auditor is performing a post implementation review of an organisation’s system and identified output errors
within an accounting application. The IS Auditor determined that this was caused by input errors. Which of the
following controls should the IS Auditor recommend to management?
RBI instructed banks to stop cash retraction in all ATMs across India from April 1, 2013. This was result of few ATM
frauds detected. This action by RBI can be best classified as:
A central antivirus system determines whether each personal computer has the latest signature files and installs the
latest signature file before allowing a PC to connect to the network. This is an example of a:
Company’s billing system does not allow billing to those dealers who have not paid advance amount against
proforma invoice. This check is best called as
While posting message on FACEBOOK, if user posts the same message again, FACEBOOK gives a warning. The
warning indicates which control.
Which of the following business purposes can be met by implementing Data warehouse in an organisation?
A retail company recently installed data warehousing client software in multiple, geographically diverse sites. Due to
time zone differences between the sites, updates to the warehouse are not synchronized. This will affect which of
the following most?
The cashier of a company has rights to create bank master in TALLY. This error is a reflection of poor definition for
which type of control:
An employee has left the company. The first thing to do is to
As part of auditing Information Security of a multinational bank, an auditor wants to assess the security of
information in ATM facilities. Under which privacy policy should he look for details pertaining to security guards and
CCTV surveillance of ATM’s?
Neural Networks and Fuzzy Logics are classified under which category of Artificial intelligence?
In an inter school competition on Artificial Intelligence, four children develop software which performs the following
different functions respectively. Which of them is a correct example of the use of basic Artificial Intelligence?
Which are the business activities which are strong contenders for conversion to ecommerce?
Which of the following factors should not be considered in establishing the priority of audits included in an annual
audit plan?
Which of the following is LEAST likely to be included in a review to assess the risk of fraud in application systems?
An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the
password, inside his/her desk drawer. The IS auditor should conclude that the:
After initial investigation, IS auditor has reasons to believe that there is possibility of fraud, the IS auditor has to:
Who is responsible for establishing right structure of decision-making accountabilities
The MOST important benefit of implementing Governance of Enterprise IT is:
The effectiveness of the IT governance structure and processes are directly dependent upon level of involvement of
Which of the following is best control for building requisite skills and competencies within organization?
Which of the following is best approach for monitoring the performance of IT resources?
Performance monitoring using balance score card is most useful since it primarily focuses on:
Which of the following is considered as an example of a lead indicator?
The PRIMARY objective of base lining IT resource performance with business process owners is to:
Which of the following is BEST measure to optimize performance of skilled IT human resources?
IT resource optimization plan should primarily focus on:
The PRIMARY objective of implementing performance measurement metrics for information assets is to:
Which of the following is the PRIMARY purpose of optimizing the use of IT resources within an enterprise?
While monitoring the performance of IT resources the PRIMARY focus of senior management is to ensure that:
Organization considering deploying application using cloud computing services provided by third party service
provider. The MAIN advantage of this arrangement is that it will:
Which of the following is MOST important to have in a disaster recovery plan?
Which of the following BEST describes difference between a DRP and a BCP? The DRP:
The MOST significant level of BCP program development effort is generally required during the:
All of the following are security and control concerns associated with disaster recovery procedures EXCEPT:
As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a
hard copy transaction log. At the end of the day, the order entry files are backed up onto tape. During the backup
procedure, the disk drive malfunctions and the order entry files are lost. Which of the following are necessary to
restore these files?
An IS auditor reviewing an organisation's information systems disaster recovery plan should verify that it is:
Which of the following offsite information processing facility conditions would cause an IS auditor the GREATEST
concern?
Which of the following methods of results analysis, during the testing of the business continuity plan (BCP), provides
the BEST assurance that the plan is workable
The MOST significant level of effort for business continuity planning (BCP) generally is required during the:
Which of the following is not a function of the operating system?
Which of the following represents the hierarchy of controls from highest level to lowest level?
Q4. Which of the following is a benefit of using callback devices?
Q5. Which of the following is the best choice to ensure that internal control objectives are met?
Q6. Which of the following is not one of the three major control types?
Q7. What is the correct sequence for benchmark processes in business process reengineering (BPR) projects?
Q8. When an individual in an IT department perform more than one role, which one of the following poses the
greatest risk?
Q9. Who is responsible for designating the appropriate information classification level?
Q10. Which of the following protocols is likely to be used for monitoring the health of the network?
Q11. Which of the following data validation edits is effective in detecting transposition and transcription errors?
Q12. Which type of network device directs packets through the Internet?
Q13. Which of the following helps to gain a clear understanding of the business process while developing a business
continuity plan
Q14. An offsite information processing facility having electrical wiring, air conditioning and flooring, but no
computer or communications equipment is a:
Q15. What is the best way to ensure that organizational policies comply with the legal requirements?
Q16. Which of the following is a list of OSI model levels from the top down?
Q17. Which is the name of the decentralized control method enabling someone to make a decision based on their
own options?
Q18. Which of the following is the MOST important element for the successful implementation of IT governance?
Q19. Using public-key interchange (PKI) encryption, which key is used by the sender for authentication of the
receiving party?
Q20. What is the purpose of the Address Resolution Protocol (ARP)?
Which of the following control classifications identify the cause of a problem and minimize the impact of threat
Which of the following are most commonly used to mitigate risks discovered by organizations?
Which of the following is not a type of internal controls
What means the rate at which opinion of the IS Auditor would change if he selects a larger sample size?
After you enter a purchase order in an on-line system, you get the message, “The request could not be processed
due to lack of funds in your budget”. This is an example of error?
Q.9. When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that
During the review of the controls over the process of defining IT service levels an IS Auditor would most likely
interview the
Which of the following procedures would an IS Auditor not perform during pre-audit planning to gain an
understanding of the overall environment under review
The first step the IS Audit Manager should take when preparing the annual IS audit plan is to:
The purpose of compliance tests is to provide reasonable assurance that:
IS Auditors are most likely to perform tests of internal controls if, after their evaluation of such controls, they
conclude that:
Which of the following is the least important factor in determining the need for an IS Auditor to be involved in a
new system development project?
Q. 8.Each of the following is a general control concern EXCEPT:
Q.9. Which of the following types of audits requires the highest degree of data processing expertise
A manufacturing company has implemented a new client/server system enterprise resource planning (ERP) system.
Local branches transmit customer orders to a central manufacturing facility. Which of the following controls would
BEST ensure that the orders are accurately entered and the corresponding products produced?
Q.1. What is one of the key tests which can be ideally carried out using Computer Assisted Audit Tools (CAATs)?
Q.2. Find out the best process carried out using Computer Assisted Audit Tools (CAATs)?
Q.3. What can be ideally carried out using Computer Assisted Audit Tools (CAATs)?
Q.4. What is one of the key tests which can be ideally carried out using Computer Assisted Audit Tools?
Q.5. What is one of the key tests which can be ideally carried out using Computer Assisted Audit Tools (CAATs)?
What is one of the key tests which can be ideally carried out using Computer Assisted Audit Tools (CAATs)?
Q.7. Which is one of the most effective tools and techniques to combat fraud?
Q.8. An IS Auditor, concerned that application controls are not adequate to prevent duplicate payment of invoices,
decided to review the data processing files for possible duplicate payments. Which of the following
techniques/tools would be useful to the IS Auditor?
Q.9. Many automated tools are designed for testing and evaluating computer systems. Which one of the following
such tools impact the systems performance with a greater load and stress on the system?
The most appropriate type of CAAT tool the auditor should use to test security configuration settings for the entire
application systems of any organization is:
Q.2. As per Income Tax Act, 1961 and banking norms, all fixed deposit holders of bank need to submit their PAN or
form 60/61(a form as per Income Tax Act/Rules). Bank in its account opening form, has not updated the need for
form 60/61 in case PAN is not there. This defines which control lapse as per COBIT.
Q.3. In a public sector bank while updating master data for advances given, the bank employee does not update
“INSURANCE DATA”. This includes details of Insurance Policy, Amount Insured, Expiry Date of Insurance and other
related information. This defines which control lapse as per COBIT.
Emailed purchase order for 500 units was received as 5000 units. This defines which control lapse as per COBIT.
An IS Auditor, processes a dummy transaction to check whether the system is allowing cash payments in excess of
Rs.20,000/-. This check by auditor represents which of the following evidence collection technique?
While auditing e-commerce transactions, auditor’s key concern includes all except:
RBI instructed banks to stop cash retraction in all ATMs across India from April 1, 013. This was result of few ATM
frauds detected. This action by RBI can be best classified as:
Company’s billing system does not allow billing to those dealers who have not paid advance amount against
proforma invoice. This check is best called as:
While posting message on FACEBOOK, if user posts the same message again, FACEBOOK gives a warning. The
warning indicates which control.
Which of the following business purposes can be met by implementing Data warehouse in an organisation?
A retail company recently installed data warehousing client software in multiple, geographically diverse sites. Due to
time zone differences between the sites, updates to the warehouse are not synchronized. This will affect which of
the following most?
The cashier of a company has rights to create bank master in TALLY. This error is a reflection of poor definition for
which type of control:
Neural Networks and Fuzzy Logics are classified under which category of Artificial intelligence?
In an inter school competition on Artificial Intelligence, four children develop software which performs the following
different functions respectively. Which of them is a correct example of the use of basic Artificial Intelligence?
Which are the business activities which are strong contenders for conversion to e-commerce?
Which of the following factors should not be considered in establishing the priority of audits included in an annual
audit plan?
Which of the following is LEAST likely to be included in a review to assess the risk of fraud in application systems?
An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the
password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that
the:
As a measure of IT General controls, an organization decides to separate those who can input data from those that
can reconcile or approve data. Is this a good move? Why?
9.What is also performed to assess the overall objectives within an organization, related to financial information
and assets safeguarding, efficiency and compliance? holistic approach to deterrence & prevention of fraud would
be:
After initial investigation, IS auditor has reasons to believe that there is possibility of fraud, the IS auditor has to:
ANSWER
Ans. Level 0
Ans. Web based application deveopment.
Ans. Data owner
Ans. Knowledge Software.
Ans. Integrity
Ans. Reliability.
Usability Testing
corrective maintenance
Unused space leftover after disk formatting
Detection of system penetration
Responsible to handle the integrity and security of information
stored in data base
pilot changeover
management review
software re engineering
compensating control
reviewed by the management
Least Privileges
Data owner
Unused space leftover after disk formating
Reliability
Processing Total
level 0
Sevice used to connect
Responsible to handle the I ntegrity
Ans : Hash Value
Ans : SQL injection
Ans : Avoid
Ans : Microsoft power bi
Ans : Public
Ans : Trojan
Ans : Cross application macros
Ans : salami theft
Ans : Attack vector
Ans : Iaas
Substantive test
Recovery
Discretionary
IT Risk management
70B
the work load of the primary site is montiored to ensure adequate
backup as available
CIO
Scope,skill,political
Formally report the weakness
Select the system with highest risk and plan acc
NA
perform a business impact analysis
cold site
the workload of primary site is monitored to ensure adequate
backup is available
Sec. 70B
Testing to discover how many poicy viloation have occured.
forensic audit
NA
the alternate facility will be available until the original information
processing facility is restored
chief information officer (CIO)
IT risk management
risk factors
mitigate
can be used in switchboard enviornment
check digit
NA
SIA 11
Performance
Areas of High risk.
Detection
Formally document the audit department’s plan of action
Corrective Controls
Be able to understand the system that is being audited
Controls
Implementing and enforcing good processes
Audit Risk
Administrative Risk
Prevention
Professional Independence
Utility Software
Re-performance
Reconciliation
B. Rectification
B. Corrective Control
B. Dependency Check
D. Duplicate Check
D. Business decisions can be taken and future policies can be framed
based on actual transactional data.
B. DSS combines the use of models with non-traditional data access
and retrieval functions.
D. Snapshots
B. Data completeness
A. User Controls
B. Disable his/her access rights.
B. Stakeholders
C. Transparency
D. the IT strategy extends the organization's strategies and
objectives.
C. key performance drivers
D. Board/senior management
B. Improved transparency and understanding of IT’s contribution to
business
A. Implement right level of controls.
C. Directing
B. ensuring residual risk is at acceptable level.
D. Change in government post elections.
C. Risk appetite
C. Risk treatment
D. Delay in servicing customers due to network congestion.
A. risk factors
D. Defer replacement of obsolete hardware.
A. Evaluate implemented controls.
C. Information and data
D. Non-intrusive and logical.
A. Act on input and generate output.
B. Delegating responsibility.
B. Expected benefit realization
A. Align IT initiatives with business
A. The previous day's backup file and the current transaction tape
2. Check digit
2. Routers
1. Cold site
4. Conduct compliance test regularly
3. Application, Presentation, Session, Transport, Network, Data-Link,
Physical
2. Discretionary
Corrective Controls
Scoping Risk
Controls
Administrative
Audit Risk
Administrative Risk
Prevention
Test Data
Re-performance
Confirmation
.Rectification
Dependency Check
Duplicate Check
Business decisions can be taken and future policies can be framed
based on actual transactional data.
.DSS combines the use of models with non-traditional data access and
retrieval functions.
Snapshots
.Data completeness
User Controls
Cognitive Science
Likelihood of error
Preserve