An IS auditor reviewing an organization that uses cross…
An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:
what would be a suitable compensating control?
When segregation of duties concerns exist between IT support staff and end users, what would be a suitable
compensating control?
An IS auditor should be concerned when a telecommunicat…
An IS auditor should be concerned when a telecommunication analyst:
Determining whether to hire this individual for this po…
A long-term IS employee with a strong technical background and broad managerial experience has applied for
a vacant position in the IS audit department. Determining whether to hire this individual for this position should
be based on the individual’s experience and:
A local area network (LAN) administrator normally would…
A local area network (LAN) administrator normally would be restricted from:
Many organizations require an employee to take a mandat…
Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to:
When an employee is terminated from service, the MOST i…
When an employee is terminated from service, the MOST important action is to:
Which of the following would BEST provide assurance of …
Which of the following would BEST provide assurance of the integrity of new staff?
From a control perspective, the key element in job desc…
From a control perspective, the key element in job descriptions is that they:
What should the IS auditor recommend?
An IS auditor identifies that reports on product profitability produced by an organization’s finance and marketing
departments give different results. Further investigation reveals that the product definition being used by the two
departments is different. What should the IS auditor recommend?