A.2. Chapter 2—Management, Planning, and Organization of Information Systems

Here are the answers to the questions in Chapter 2:

  1. Which criteria would an IS auditor consider to be the most important aspect of an organization's IS strategy?

    1. It includes a mission statement.

    2. It identifies a mechanism for charging for its services.

    3. It includes a Web-based e-commerce strategy.

    4. It supports the business objectives.

    Answer: D

    The correct answer is D. While a mission statement (A) is certainly a common component of a strategy documentation, and charging mechanisms (B) can be included as a reference, the most important item to consider is the alignment of the strategy with the business needs and objectives. Web strategies (C) may or may not be relevant to the business at hand.

  2. From a segregation of duties standpoint, which of the following job functions should be performed by change control personnel?

    1. Verifying that the source and object code match before moving code into production

    2. Scheduling jobs to run in the production environment

    3. Making changes to production code and data when programs fail

    4. Applying operating system patches

    1. I only

    2. I, II, and III

    3. II and IV only

    4. I and IV only

    Answer: A

    The correct answer is A. Scheduling jobs (II) would provide a change control person the opportunity to run jobs in combination with the changes they are applying, thus permitting potential fraud or the abuse of production processing. No direct changes to code or data (III) should ever be permitted by a nonprogrammer who ...

Get The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.