All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
business
auditing assurance services
Questions and Answers of
Auditing Assurance Services
How are internal control questionnaires useful during the exposures analysis phase of a security program?
During a security evaluation, an internal control questionnaire is most useful in undertaking which of the following tasks?a. Assessing the reliability of the controls that are in placeb. Identifying
Which of the following tasks is most facilitated by scenario analyses?a. Identifying controls and their associated level of reliabilityb. Identifying how threats can circumvent controlsc. Determining
Briefly explain how scenarios analysis might be used in the exposures analysis phase of a security program. Under what circumstance is scenarios analysis likely to be most useful?
Reducing exposures to an acceptable level means:a. All controls implemented are reliableb. Residual losses have been eliminatedc. Threats for which no control exists have a low probability of
Using probability theory, briefly explain how security administrators calculate the expected losses from an exposure.
Which of the following should not be used as a basis for determining new controls that might be implemented over information systems assets?a. Choose controls that emphasize design secrecyb. Examine
What activities are undertaken during the controls adjustment phase of a security program?
Which of the following is not a component of the final security report presented to management?a. Recommendations on existing safeguards that should be changedb. A recommendation on the single
Briefly describe the contents of the security report prepared at the conclusion of a security program. From the viewpoint of having recommendations accepted, what is the most critical aspect of the
Which of the following statements about halon gas as a fire suppressant is false?a. It is relatively safe for humansb. It has detrimental effects on the earth's ozone layerc. It is chemically
List the major points that should be covered during an audit of security controls over the information systems function to assess the adequacy of handheld fire extinguishers.
Which of the following controls is least likely to reduce the likelihood of losses to information systems assets arising from water damage that occurs as the result of a cyclone or hurricane?a. Have
What is the purpose of covering hardware with a protective fabric when it is not in use?
The purpose of a voltage regulator is to:a. Protect hardware against temporary increases in powerb. Protect hardware against sustained power surgesc. Compensate when brownouts occurd. Protect the
Briefly discuss the responsibilities of security administrators with respect to maintenance of the supply of energy to the information systems function.
Which of the following controls is likely to be most effective at preventing losses that result from structural damage to the building in which a mainframe computer facility is housed?a. Voltage
Outline the steps you might undertake as an auditor to determine whether a mainframe computer facility could withstand structural damage.
Which of the following is not a control to prevent pollution?a. Prohibition of food in the computer roomb. Filters on air conditioningc. Confining decollation to the computer room onlyd. Placing
Briefly describe two problems that can be caused by the presence of dust within a computer facility. What controls can be exercised to limit the effects of pollutants in(a) a mainframe computer room,
The unchecked emission of electromagnetic signals is a concern because:a. The signals can be picked up and printed on a remote deviceb. The signals interfere with the correct functioning of the
From a security viewpoint, what advantages accrue from having no windows in a computer facility, providing only one entrance to the facility, and placing the facility on an upper floor of a building?
Which of the following is the most likely source of a worm program?a. Another computer connected to the same communications network as the infected computerb. Public domain software obtained by a
Briefly describe two ways in which data integrity can be violated using an electronic bug. Where in a computer facility are bugs most likely to be placed?
Which of the following controls is most likely to protect an organization's investment in developing and maintaining a proprietary database?a. Copyright lawsb. A registered trademarkc. Clauses in the
What are the most vulnerable points in a data communications network with respect to wiretapping? What actions can security administrators take to prevent or inhibit wiretapping?
Which of the following controls is most likely to protect an organization's information systems from computer hackers?a. Card-key locksb. A virus detection programc. Encryption of programsd.
Briefly distinguish between viruses and worms. List two controls over viruses and worms (one for viruses and one for worms) that security administrators might implement to reduce exposures.
Which of the following is not a component of the emergency plan?a. Personnel to be notified upon the occurrence of a disasterb. Evacuation proceduresc. Restart prioritiesd. Equipment shutdown
For each of the following threats, give a control that might reduce exposures:a. Pirated softwareb. Violation of the licensing conditions pertaining to a proprietary databasec. Employee use of an
Which of the following is not a component of the backup plan?a. Site where resources can be assembled and operations restartedb. Procedures for periodically testing that recovery can be effectedc.
Give one preventive control and one detective control over the activities of computer hackers.
The primary purpose of the recovery plan is to:a. Specify precisely how recovery will be effectedb. Identify which applications are to be recovered immediatelyc. Identify a recovery committee that
What are the controls of last resort? Briefly explain the nature of each.
Which of the following types of backup facilities rely most heavily on an organization's hardware vendor to effect recovery?a. Reciprocal agreementb. Warm sitec. Cold sited. Hot site
Briefly describe the major components of an emergency plan.
Business interruption insurance covers:a. Additional costs incurred because the organization is not operating from its normal facilitiesb. Costs involved in reconstructing the computer facilityc.
Briefly describe the major components of a backup plan.
If an organization has its own information systems staff but insufficient security work exists to justify a separate security administration position, responsibility for security matters might be
What considerations affect the choice of a backup site?
Briefly describe the major components of a recovery plan. Why are the responsibilities of the recovery committee an important component of the plan?
What are the purposes of the test-plan component of a disaster recovery plan? How does a "phased approach" facilitate testing of disaster recovery procedures?
Briefly explain the difference between a hot-site and cold-site backup and recovery facility.
Identify nine major aspects of the information systems function that must be covered by an insurance policy. What are the security administrator's responsibilities after the insurance policy has been
For the following types of organizations, who is likely to perform the role of the security administrator?a. A medium-sized organization that has its own data processing facilityb. A small
Which of the following is not a function of operations management?a. Performance monitoringb. Application system post-auditsc. File libraryd. Production work flow control
Savers-Surety is a large, Brisbane-based credit union. Twelve months ago it purchased and implemented an automated operations facility (AOF) to control its mainframe operations. Prior to the purchase
What is the primary role of operations management?
In organizations where microcomputers are used extensively, the functions of operations management relating to the microcomputers should be:a. Still performed by the operations manager responsible
Meridian Manufacturing Ltd. is a large, multidivisional Singapore-based manufacturer of electronic components and products. Over the past few years, Meridian has progressively implemented local area
Briefly describe two changes that have occurred in recent years that have had an impact on how the operations function is audited. Outline the nature of the effect that has occurred.
One function of an automated operations facility is to:a. Alert users automatically about possible application system errorsb. Remove the need for job control filesc. Stop and start programs
You are the chief internal auditor for a large public utility that has used computer systems for many years in most areas of its operations. One day you are called to a meeting with the general
What is an AOF? Briefly explain the relationship between an AOF and a lights-out facility.
Which of the following statements about controls over computer operators is true?a. A malicious operator can undermine recovery from a disaster by corrupting backup files progressively over timeb.
In Australia, many financial institutions participate in a clearinghouse system for direct credit and direct debit transactions. For example, the employees of an organization can request that their
Briefly describe three controls that should be exercised over computer operators.
Which of the following statements about automated operations facility parameters is false?a. Any inaccuracy will be identified by the operating systemb. They should be maintained in a secure filec.
You are an information systems auditor in a firm of external auditors that has just been appointed to undertake the audit of Second Sunstate, a mediumsized bank located in Orlando, Florida. As part
Briefly explain why it is undesirable to allow operators to authorize reruns of application systems.
Which of the following is not a reason for the operations function undertaking job scheduling on a mainframe machine?a. To balance workloads on the machineb. To reduce the likelihood of losses
Briefly describe three control concerns that auditors should have with automated operations facilities.
Machine maintenance engineers pose some difficult control programs because:a. They often have a high level of programming skillsb. They have available special hardware/software tools that enable them
Briefly describe two implications that use of microcomputers and decentralization of the information systems function have on the reliability of controls over computer operations.
What is the purpose of computer operations scheduling controls?
Which of the following functions cannot be performed using a communications network control terminal?a. Resetting message queue lengthsb. Closing down a terminalc. Correcting a hardware error in a
For the following activities, briefly indicate who should be responsible for authorizing the availability of machine resources to undertake them and why:a. Regular execution of a production
Briefly explain the difference between preventive and repair maintenance. Why might an operations manager decide to increase the amount of preventive maintenance undertaken on a machine?
Which of the following activities should not be permitted when operators use a communications network control terminal?a. Renaming a communications lineb. Downline loading a programc. Altering the
In a local area network, the most critical control component is likely to be the:a. Fiber-optic cablesb. File serverc. Cable scannerd. User workstations
Give a decision that operations management might make on the basis of data recorded on the maintenance \(\log\) prepared for a machine.
Which of the following guidelines applies to the design of keying tasks to increase the effectiveness and efficiency of the data preparation function?a. Keying tasks should be no longer than an
Briefly describe how a maintenance engineer might violate data integrity during the maintenance of hardware. Give two controls that might be exercised over the engineer to inhibit or prevent the
Which of the following design guidelines should be followed to reduce the likelihood of repetition strain injury?a. Ensure that the data preparation area is brightly lit so keyboard operators can
What is the overall purpose of a network control terminal in a wide area communications network? Give three specific functions that can be performed by an operator using a network control terminal.
Which of the following is not a function of the production control section?a. Dispatching input received from an outside party to the computer roomb. Scheduling of production jobsc. Follow-up on
Why is a network control terminal a threat to the overall security of a communications network? What controls should be exercised to try to ensure that a network control terminal is used only for its
Which of the following activities should not be performed by control section personnel when they collect the output of a batch application system from the computer room?a. Checking to see the output
List two aspects of the operations of a local area network that need to be monitored to ensure that data integrity within the network is maintained. Briefly explain why these two aspects need to be
Which of the following is not a function of production control personnel in terms of production scheduling?a. Assisting with the establishment of the production scheduleb. Preparing job control
Why do file servers within a local area network need to be physically secured?
Which of the following is unlikely to be a responsibility of the production control section with respect to the management of service-level agreements?a. Ensuring that documentation of service-level
Briefly describe some guidelines that should be followed to reduce operator boredom in the design of keying tasks undertaken in the data preparation function.
Which of the following is not a responsibility of the production control section with respect to transfer pricing of information systems services?a. Determining the prices to be charged for
What responsibilities does operations management have with respect to backup and recovery in the data preparation function?
Which of the following is not a responsibility of the production control section with respect to acquisition of consumables that the information systems function uses?a. Ensuring that consumables are
Briefly describe the production control section's responsibilities with respect to receipt of input from and dispatch of output to external users of the information systems function.
Which of the following is unlikely to be a capability of an automated library system for removable storage media?a. Preparing reports indicating times when the temperature and dust levels in the room
Briefly describe the production control section's responsibilities with respect to job scheduling.
Which of the following reflects good control over use of removable storage media?a. Only computer operators should remove storage media from the file libraryb. Sensitive files and nonsensitive files
From a control perspective, why is it important to have user complaints about information systems services directed to production control personnel?
Which of the following decisions most likely could not be made on the basis of file management reports prepared from the storage media maintenancea. Whether to move files from one storage medium to
What are the production control section's responsibilities with respect to transfer-pricing charges in terms of:a. Internal users of the information systems function's services?b. The information
Which of the following actions should be undertaken when a file retention date expires?a. The storage medium on which the file resides should be retired from useb. The file should be removed to
What are the production control section's responsibilities with respect to acquisition of consumables used by the information systems function?
Removable storage media should not remain unused for long periods of time because:a. The data they contain will become out-of-dateb. The risk of read/write errors occurring with the media increasesc.
Briefly describe two controls that should exist over storage of removable storage media for:a. A mainframe computer with a large number of usersb. A microcomputer with only one user
The purpose of deleting data from magnetic tapes before the ends are clipped is to:a. Indicate which section of the tape should be clippedb. Protect the privacy of datac. Prevent damage to the data
Briefly describe the controls that should exist over use of removable storage media in a mainframe computer environment.
With respect to off-site storage of backup files, which of the following tasks is most likely to be undertaken by the operations manager:a. Transporting backup files to off-site storageb. Determining
Showing 1000 - 1100
of 2558
First
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Last