Auditing in CIS Questions

Name: __________________________________________ Section: BSA41E1 Subject: Auditing in CIS Environment

September 26, 2015 Permit No._______________  

True/False: 1. During During the detailed feasibili feasibility ty study of the project, project, the systems systems professional professional who proposed proposed the project project should be involved in performing the study. 2. System maintenance maintenance is often often viewed as the first phase of a new development cycle. 3. All of the steps in the SD! SD! apply to software software that is developed developed in"house and to commercial commercial software. software. #. $he first step in the the SD! is is to develop a systems strategy. strategy. %. &hen the nature of the the project and the needs of the user permit, permit, most organi'ations organi'ations will see( see( a pre"coded commercial commercial software pac(age rather than develop a system in"house. ). *i+ing technologies technologies from from many vendors improves improves technical feasibility. feasibility. . -nstea -nstead d of imple implemen mentin ting g an appli applicat catio ion n in a single single big"bang big"bang release, release, modern modern system systems s are delivere delivered d in parts parts continuously and uic(ly. /. A tangible benefit benefit can be measured and e+pressed e+pressed in financial financial terms. 0. &hen &hen prepar preparing ing a cost"b cost"bene enefit fit analy analysis sis,, desig design n costs costs incurr incurred ed in the system systems s planni planning, ng, system system analysis analysis and conceptual design phases of the SD! are relevant costs. 1. &hen determining the operational feasibility of a new system, the e+pected ease of transition from the old system to the new system should be considered. 11. 11. ne"time costs include include operating operating and maintenance costs. 12. $he objective of systems planning is is to lin( systems systems projects to the strategic objectives objectives of the firm. firm. 13. $he SD! concept concept applies to specific specific applications and and not to strategic strategic systems planning. 1#. An accountant accountants s responsibilit responsibility y in the SD! is to ensure ensure that the system system applies proper accounting accounting convention conventions s and rules and possesses adeuate control. 1%. -n the conceptual design design phase of the SD!, SD!, tas( force members members are focused on selecting the new system design. Multiple Choice: 1. &hich &hich control control is not associ associated ated with with new syste systems ms developmen developmentt activitie activities4 s4 a. reco reconc ncil ilin ing g prog progra ram m vers versio ion n numb number ers s c. user user invo involv lvem emen entt b. prog progra ram m test testin ing g d. inte intern rnal al audi auditt part partic icip ipat atio ion n 2. 5outine 5outine maintenan maintenance ce activitie activities s reuire reuire all of the followi following ng controls controls e+cept e+cept a. documentation updates c. formal authori'ation b. testing d. internal audit approval 3. &hic &hich h stat statem ement ent is is corr correc ect4 t4 a. compiled compiled programs programs are very suscept susceptibl ible e to unauthori' unauthori'ed ed modificat modification ion b. the source source program program library library stores stores applica application tion programs programs in in source code code form form c. modificat modifications ions are are made to program programs s in machi machine ne code code language language d. the source source program program library library managemen managementt system system increases increases operating operating effici efficiency ency #. &hich &hich control control is not a part part of the the source source program program library library managem management ent system4 system4 a. using passwords passwords to to limit limit access access to applica application tion programs programs b. assigning assigning a test name to to all programs programs undergoi undergoing ng maintenan maintenance ce c. combining combining access access to to the develop development ment and and maintena maintenance nce test test librari libraries es d. assigning assigning version version number numbers s to programs programs to to record record program program modificat modifications ions %. &hich &hich control ensures ensures that producti production on files cannot cannot be accessed accessed without without specific specific permission permission4 4 a. Database *anagement System c. Source 6rogram ibrary *anagement System b. 5ecovery perations 7unction d. !omputer Services 7unction ). 6rog 6rogra ram m test testin ing g a. involves involves indivi individual dual module modules s only, only, not not the full system system b. reuir reuires es creat creation ion of of meanin meaningfu gfull test test data data c. need not be repeat repeated ed once once the the system system is implem implemented ented d. is prim primari arily ly conce concerne rned d with with usabi usabili lity ty . &hic &hich h stat statem ement ent is is not not true true4 4 a. An audit objectiv objective e for systems mainten maintenance ance is to detect unauthor unauthori'ed i'ed access access to applicatio application n databases. databases. b. An audit objectiv objective e for systems mainten maintenance ance is to ensure that that application applications s are free from errors. errors. c. An audit objectiv objective e for systems systems maintenanc maintenance e is to verify that that user reuests reuests for maintena maintenance nce reconcile reconcile to program program version numbers. d. An audit objecti objective ve for system systems s mainte maintenan nance ce is to ensure ensure that that the product production ion librari libraries es are are protec protected ted from unauthori'ed access. /. &hen the auditor auditor reconcile reconciles s the program program version numbers, numbers, which which audit objectiv objective e is being tested4 tested4 a. protect protect applicati applications ons from unauthori' unauthori'ed ed changes changes b. ensure ensure appl applica icatio tions ns are are free free from from error  error  c. protect protect produ production ction libraries libraries from unauthori' unauthori'ed ed access access d. ensure ensure incompati incompatible ble functi functions ons have have been identi identified fied and and segregate segregated d 0. &hich &hich level of of a data flow flow diagram diagram is used used to produce produce program program code code and database database tables tables4 4 a. conte+t level c. intermediate level b. elementary level d. prototype level 1. &hich &hich is not not a level level of of a data data flow flow diagr diagram4 am4 a. conc concep eptu tual al leve levell c. inte interm rmed edia iate te leve levell b. conte+t level d. elementary level 11. 11. &hich &hich statement statement is is not correc correct4 t4 $he $he structur structure e design design approach approach a. is a top top"d "dow own n appr approa oach ch b. is documen documented ted by data flow diagrams diagrams and and structur structure e diagrams diagrams c. assembles assembles reusabl reusable e modules modules rather rather than than creating creating systems systems from from scratc scratch h d. starts starts with an abstract abstract descriptio description n of the system and redefine redefines s it to produce a more detailed detailed descript description ion of the system

12.

13.

1#.

1%.

1).

1.

1/.

10.

2.

21.

22.

23.

2#.

2%.

$he benefits of the object"oriented approach to systems design include all of the following e+cept a. protect applications from unauthori'ed changes b. ensure applications are free from error  c. protect production libraries from unauthori'ed access d. ensure incompatible functions have been identified and segregated 8valuators of the detailed feasibility study should not include a. the internal auditor c. a user perspective b. the project manager d. the system designer   A cost"benefit analysis is a part of the detailed a. protect applications from unauthori'ed changes b. ensure applications are free from error  c. protect production libraries from unauthori'ed access d. ensure incompatible functions have been identified and segregated 8+amples of one"time costs include all of the following e+cept a. hardware acuisition c. site preparation b. insurance d. programming 8+amples of recurring costs include a. software acuisition c. personnel costs b. data conversion d. system design A commercial software system that is completely finished, tested, and ready for implementation is called a a. bac(bone system c. bench system b. vendor"supported system d. turn(ey system &hich of the following is not an advantage of commercial software4 !ommercial software a. can be installed faster than a custom system b. can be easily modified to the users e+act specifications c. is significantly less e+pensive than a system developed in"house d. is less li(ely to have errors than an euivalent system developed in"house &hich step is least li(ely to occur when choosing a commercial software pac(age4 a. a detailed review of the source code c. preparation of a reuest for proposal b. contact with user groups d. comparison of the results of a benchmar( problem $he output of the detailed design phase of the System Development ife !ycle 9SD!: is a a. fully documented system report c. detailed system design report b. systems selection report d. systems analysis report $he detailed design report contains all of the following e+cept a. input screen formats c. report layouts b. alternative conceptual designs d. process logic System documentation is designed for all of the following group e+cept a. systems designers and programmers c. accountants b. end users d. all of the above reuire systems documentation &hich type of documentation shows the detailed relationship of input files, programs, and output files4 a. structure diagrams c. system flowchart b. overview diagram d. program flowchart $ypical contents of a run manual include all of the following e+cept a. run schedule c. file reuirements b. logic flowchart d. e+planation of errors messages !omputer operators should have access to all of the following types of documentation e+cept a. a list of users who receive output c. a list of all master files used in the system b. a program code listing d. a list of reuired hardware devices