Here are the answers to the questions in Chapter 2:
Which criteria would an IS auditor consider to be the most important aspect of an organization's IS strategy?
It includes a mission statement.
It identifies a mechanism for charging for its services.
It includes a Web-based e-commerce strategy.
It supports the business objectives.
The correct answer is D. While a mission statement (A) is certainly a common component of a strategy documentation, and charging mechanisms (B) can be included as a reference, the most important item to consider is the alignment of the strategy with the business needs and objectives. Web strategies (C) may or may not be relevant to the business at hand.
From a segregation of duties standpoint, which of the following job functions should be performed by change control personnel?
Verifying that the source and object code match before moving code into production
Scheduling jobs to run in the production environment
Making changes to production code and data when programs fail
Applying operating system patches
I, II, and III
II and IV only
I and IV only
The correct answer is A. Scheduling jobs (II) would provide a change control person the opportunity to run jobs in combination with the changes they are applying, thus permitting potential fraud or the abuse of production processing. No direct changes to code or data (III) should ever be permitted by a nonprogrammer who ...