Set 2
Click anywhere on the flashcard to reveal the answer.
What is the objective of an audit closure meeting?
To ensure that there have been no misunderstandings or misinterpretations of facts
What is the objective of conducting a follow-up audit?
To validate remediation action
What are the primary objectives of implementing the control self-assessment program?
1. To monitor and control high-risk areas
2. To enhance audit responsibilities
What is the role of the auditor in the implementation of the control self-assessment program?
To act as a facilitator for the CSA program
How do you determine whether IT adds value to the organization?
By ensuring alignment of the IT strategy with the organizational strategy
Who has the final responsibility for IT governance?
The board of directors
What is the main objective of IT governance?
Optimal use of technology resources
What is the prime purpose of corporate governance?
Providing strategic direction
The most important action following the dismissal of an employee is:
Disabling their access rights
An information security policy should be approved by:
The board of directors
One advantage of developing operational policies by means of a top-down approach is:
Consistency across the organization
One advantage of developing operational policies by means of a bottom-up approach is:
Risk assessment is considered.
Accountability for ensuring relevant controls over IS resources rests with:
The resource owner (data owner/system owner)
What is the best level of control when customized software is developed by a third-party vendor?
An escrow arrangement
What is the best way to determine the continuous improvement of any process?
Adoption of a maturity model
A major factor to be considered in relation to offshore data storage/transfer is:
Privacy laws
What are the concerns regarding the use of cloud services?
1. Compliance with laws and regulations (first preference)
2. Data confidentiality
What is the objective of a software escrow agreement?
To address the risk of the closure of vendors of customized written software
What is the primary objective of job rotation?
To detect fraud or illegal acts
What is the primary compensating control for the absence of segregation of duties?
Transaction and log monitoring
The first step when an employee is terminated is:
To revoke the employee’s access to all systems
What is the primary consideration when reviewing IT priorities and coordination?
Alignment of the project with business objectives
What is the primary objective of outsourcing?
To obtain services of expert firms and to save on costs
What is the primary function of IT management when a service has been outsourced?
To monitor the outsourcing provider’s performance
What is the best way to determine whether the terms of the contract are adhered to in accordance with the SLA?
An independent audit