________________ (fill in the blank) is/are are ultimately accountable for the functionality, reliability, and
security within IT governance. Choose the BEST answer.

Run-to-run totals can verify data through which stage(s) of application processing?

Fourth-Generation Languages (4GLs) are most appropriate for designing the application’s graphical user
interface (GUI). They are inappropriate for designing any intensive data-calculation procedures. True or false?

What often results in project scope creep when functional requirements are not defined as well as they could
be?

If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and
standards, what should the auditor do? Choose the BEST answer.

Which of the following is a program evaluation review technique that considers different scenarios for planning
and control projects?

What is a reliable technique for estimating the scope and cost of a software-development project?

When participating in a systems-development project, an IS auditor should focus on system controls rather than
ensuring that adequate and complete documentation exists for all projects. True or false?

If an IS auditor observes that individual modules of a system perform correctly in development project tests, the
auditor should inform management of the positive results and recommend further:

Who assumes ownership of a systems-development project and the resulting system?