Here is a sampling of questions in the format of the CISA exam. The questions are related to business application systems development, acquisition, implementation, and maintenance and will help test your understanding of this subject. Answers with explanations are provided in Appendix A.
When reviewing a systems development project, what would the most important objective be for an IS auditor?
Ensuring that the data security controls are adequate to protect the data.
Ensuring that the standards and regulatory commitments are met.
Ensuring that the business requirements are satisfied by the project.
Ensuring that the quality controls and development methodologies are adhered to.
When participating in an application development project, which of the following would not be appropriate activities for an IS auditor?
Testing the performance and behavior of the system controls to ensure that they are working properly
Attending design and development meetings to monitor progress and provide input on control design options
Reviewing reports of progress to management and contributing to their content based on fieldwork and opinions forms from reviewing documentation provided
Assisting in the development of controls for application modules and user interfaces
When reviewing an application development project that uses a prototyping development methodology, with which of the following would the IS auditor be most concerned?
The users are testing the systems before the designs ...