What process allows IS management to determine whether the activities of the organization differ
from the planned or expected levels? Choose the BEST answer.

When performing an IS strategy audit, an IS auditor should review both short-term (one- year) and
long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel,
and ensure that the external environment has been considered. The auditor should especially focus
on procedures in an audit of IS strategy. True or false?

When auditing third-party service providers, an IS auditor should be concerned with which of the
following? Choose the BEST answer.

Ensuring that security and control policies support business and IT objectives is a primary objective
of:

Why does an IS auditor review an organization chart?

Who is responsible for implementing cost-effective controls in an automated system?

If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties,

such as having the security administrator perform an operations function, what is the auditor’s
primary responsibility?

An advantage of a continuous audit approach is that it can improve system security when used in
time-sharing environments that process a large number of transactions. True or false?

An integrated test facility is not considered a useful audit tool because it cannot compare
processing output with independently calculated datA. True or false?

Which of the following is of greatest concern to the IS auditor?