






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Various aspects of information systems auditing and the system development lifecycle (sdlc). It discusses the tasks and responsibilities of an is auditor in reviewing feasibility studies, requirements definition, testing, and implementation of information systems. The different sdlc models, including the traditional waterfall model and the iterative model, as well as the advantages and challenges associated with each. It also covers input, processing, and output controls, as well as application controls and testing techniques used in the sdlc. The is auditor's involvement and verification activities throughout the sdlc are highlighted, emphasizing the importance of their role in ensuring the completeness, accuracy, and security of the developed system.
Typology: Exams
1 / 12
This page cannot be seen from the preview
Don't miss anything!







Project Management Structure - 3 types that outline the authority and control within an organization - CORRECT ANSWER - functional - the project manager has only a staff function without formal management authority. The work is broken down in departments
Project benefits realization objectives - CORRECT ANSWER - IT enabled business investments achieve the promised benefits
Traditional system development life cycle approach - CORRECT ANSWER Phase 1 - feasibility study - determine the strategic benefits to implementing the system Phase 2 - requirements definition - define the problem or need that requires resolution Phase 3A - software selection and acquisitions (purchased systems) - prepare a request for proposal outline entity requirements to invited bids Phase 3B - design (in house implementation) - establish a baseline of specifications Phase 4A - configuration (purchased systems) - configure system. if packaged tailor to organizations requirements Phase 4B - development (in house development) - using design specifications to begin programming and formalizing supporting operational processes Phase 5 - final testing and implementation - establish operation of the new system. with final iteration of user acceptance testing Phase 6 - post implementation - implement a formal process that assess the adequacy of the system and project cost benefit Potential risks that can occur when designing and developing new systems - CORRECT ANSWER strategic risk - arises when the business goal are identified and weighted without taking the corporate strategy into account business risk - the new system may not meet users business needs, requirements, and exceptions project risk - project activities to design and develop the system exceed the limits of the financial resources set aside for the project IS auditor should review the adequacy of the following project management techniques - CORRECT ANSWER - levels of oversight by the project committee
input sanitization data validation edits and controls (checks) - CORRECT ANSWER sequence, limit, range, validity, reasonableness, table, existence, key verification, check digit, completeness, duplicate check, logical relationship The following are processing control techniques that can address the issues of completeness and accuracy of accumulated data - CORRECT ANSWER manual recalculations editing run to run programmed reasonableness verification of calculated amounts limit checks on amounts reconciliation of file totals exception reports Output controls - CORRECT ANSWER the data delivered to users will be presented formatted and delivered in a consistent and secure manner output controls include - CORRECT ANSWER - logging and storage of negotiable sensitive and critical forms in a secure place
Test plans identify test approaches such as the following two reciprocal approaches, to software testing - CORRECT ANSWER bottom up - testing begins with atomic units, such as programs or modules and works upward until a complete system testing has taken place top down - testing follows the opposite path either in depth - first or breadth first search order two common types of data integrity - CORRECT ANSWER - relational integrity test