Which of the following inputs adds the MOST value to the strategic IT initiative decision-making process? The IT project portfolio analysis Past audit findings The maturity of the project management process Regulatory requirements

The IT project portfolio analysis

Which of the following is of MOST interest to an IS auditor reviewing an organization's risk strategy? All likely risk is identified and ranked Residual risk levels Use of an established risk framework Risk mitigation strategies

All likely risk is identified and ranked

Which of the following choices is the PRIMARY benefit of requiring a steering committee to oversee IT investment? To enforce security controls To implement development methodologies To conduct feasibility studies To ensure that investments are made according to business requirements

To ensure that investments are made according to business requirements

During an audit, the IS auditor discovers that the HR department uses a cloud-based application outside of normal vendor management. Which of the following is of GREATEST concern? Third-party relationship management is not assigned Maximum acceptable downtime is not defined Help desk personnel have access to personnel data Organization-defined security policies are not applied to the cloud application

Organization-defined security policies are not applied to the cloud application

Which of the following is the BEST way to ensure that organizational policies comply with legal requirements? Aligning policies to the most restrictive regulations CEO endorsement of policies A blanket legal statement in each policy Periodic review by subject matter experts

Periodic review by subject matter experts

An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review? Controls are based on cost-benefit analysis A risk management framework is based on global standards IT risk is presented in business terms Approvals for risk response are obtained

IT risk is presented in business terms

An IS auditor is performing a review of an organization's governance model. Which of the following should be of MOST concern to the auditor? The information security policy is not periodically reviewed by senior management There is no policy related to system patching Mission statements are not updated regularly There is no policy related to the protection of information assets

The information security policy is not periodically reviewed by senior management

Information Systems Auditing: Risk Assessment, Governance, and Compliance Strategies

Flashcard

Learn Mode

Match

Library

Create

Flashcards

Library

Match (Coming Soon)

Sociology - Management

charlotte1oxhi Created by 10 mon ago

Cards in this deck(27)

Errors in audit procedures PRIMARILY impact which of the following risk types?

Which of the following inputs adds the MOST value to the strategic IT initiative decision-making process?

The MOST important element for the effective design of an information security policy is the:

Which of the following is of MOST interest to an IS auditor reviewing an organization's risk strategy?

Which of the following choices is the PRIMARY benefit of requiring a steering committee to oversee IT investment?

During an audit, the IS auditor discovers that the HR department uses a cloud-based application outside of normal vendor management. Which of the following is of GREATEST concern?

Which of the following is the BEST way to ensure that organizational policies comply with legal requirements?

An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review?

An organization is considering making a major investment in upgrading technology. Which of the following choices is the MOST important to consider?

An IS auditor is performing a review of an organization's governance model. Which of the following should be of MOST concern to the auditor?

An organization has a well-established risk management process. Which of the following risk management practices would MOST likely expose the organization to the greatest amount of compliance risk?

An IS auditor is evaluating a newly developed IT policy for an organization. Which of the following factors does the IS auditor consider MOST important to facilitate compliance with the policy upon its implementation?

An IS auditor of a large organization is reviewing the roles and responsibilities of the IT function and finds some individuals serving multiple roles. Which one of the following combinations of roles should be of GREATEST concern for the IS auditor?

Which of the following factors is MOST critical when evaluating the effectiveness of an IT governance implementation?

A business unit has selected a new accounting application and did not consult with IT early in the selection process. The PRIMARY risk is that:

What is the PRIMARY consideration for an IS auditor reviewing the prioritization and coordination of IT projects and program management?

As a result of profitability pressure, senior management of an enterprise decided to keep investments in information security at an inadequate level. What is the BEST recommendation of an IS auditor?

From an IT governance perspective, what is the PRIMARY responsibility of the board of directors? To ensure that the IT strategy:

Which of the following is MOST important to consider when reviewing the classification levels of information assets?

An IS auditor is evaluating the IT governance framework of an organization. Which of the following is the GREATEST concern?

When performing a review of a business process reengineering (BPR) effort, which of the following is of PRIMARY concern?

Which of the following should be of GREATEST concern to an IS auditor when reviewing an information security policy? The policy:

When reviewing the development of information security policies, the PRIMARY focus of an IS auditor should be on assuring that these policies:

On which of the following factors should an IS auditor PRIMARILY focus when determining the appropriate level of protection for an information asset?

An IS auditor discovers several IT-based projects were implemented and not approved by the steering committee. What is the GREATEST concern for the IS auditor?

For a health care organization, which one of the following reasons MOST likely indicates that the patient benefit data warehouse should remain in-house rather than be outsourced to an offshore operation?

An IS audit department is planning to minimize the risk of short-term employees. Activities contributing to this objective are documented procedures, knowledge sharing, cross-training and:

Ask Our AI Tutor

Get Instant Help with Your Questions

Need help understanding a concept or solving a problem? Type your question below, and our AI tutor will provide a personalized answer in real-time!

How it works

Ask any academic question, and our AI tutor will respond instantly with explanations, solutions, or examples.

Get Started

Browse questions and discover topic-based flashcards
Practice with engaging flashcards designed for each subject
Strengthen memory with concise, effective learning tools

Discover By Topic

Information Systems Auditing: Risk Assessment, Governance, and Compliance Strategies

Related Decks