Which of the following is MOST critical for the effective implementation of IT governance?
Correct Answer: C
Explanation The most critical factor for the effective implementation of IT governance is a supportive corporate culture. A supportive corporate culture is one that fosters collaboration, communication and commitment among all stakeholders involved in IT governance processes. A supportive corporate culture also promotes a shared vision, values and goals for IT governance across the organization. Strong risk management practices, internal auditor commitment or documented policies are important elements for IT governance implementation, but they are not sufficient without a supportive corporate culture. References: ISACA, CISA Review Manual, 27th Edition, 2018, page 41
Question 42
The PRIMARY responsibility of a project steering committee is to:
Correct Answer: D
Section: Information System Acquisition, Development and Implementation
Question 43
To test the integrity of the data in the accounts receivable master file, an IS auditor particularly interested in reviewing customers with balances over $400.000. the selection technique the IS auditor would use to obtain such a sample is called:
Correct Answer: C
Question 44
As an IS auditor it is very important to understand the importance of job scheduling. Which of the following statement is NOT true about job scheduler or job scheduling software?
Correct Answer: A
Section: Information System Operations, Maintenance and Support Explanation/Reference: The NOT keyword is used in this question. You need to find out an option which is not true about job scheduling. Below are some advantages of job scheduling or using job scheduling software. Job information is set up only once, reduce the probability of an error. Records are maintained of all job success and failures. Reliance on operator is reduced. Job dependencies are defined so that if a job fails, subsequent jobs relying on its output will not be processed. For your exam you should know the information below: A job scheduler is a computer application for controlling unattended background program execution (commonly called batch processing). Synonyms are batch system, Distributed Resource Management System (DRMS), and Distributed Resource Manager (DRM). Today's job schedulers, often termed workload automation, typically provide a graphical user interface and a single point of control for definition and monitoring of background executions in a distributed network of computers. Increasingly, job schedulers are required to orchestrate the integration of real-time business activities with traditional background IT processing across different operating system platforms and business application environments. Job scheduling should not be confused with process scheduling, which is the assignment of currently running processes to CPUs by the operating system. Basic features expected of job scheduler software include: interfaces which help to define workflows and/or job dependencies automatic submission of executions interfaces to monitor the executions priorities and/or queues to control the execution order of unrelated jobs If software from a completely different area includes all or some of those features, this software is consider to have job scheduling capabilities. Most operating systems (such as Unix and Windows) provide basic job scheduling capabilities, for example: croon. Web hosting services provide job scheduling capabilities through a control panel or a webcron solution. Many programs such as DBMS, backup, ERPs, and BPM also include relevant job- scheduling capabilities. Operating system ("OS") or point program supplied job-scheduling will not usually provide the ability to schedule beyond a single OS instance or outside the remit of the specific program. Organizations needing to automate unrelated IT workload may also leverage further advanced features from a job scheduler, such as: real-time scheduling based on external, unpredictable events automatic restart and recovery in event of failures alerting and notification to operations personnel generation of incident reports audit trails for regulatory compliance purposes The following answers are incorrect: The other options are correctly defined about job scheduling The following reference(s) were/was used to create this question: CISA review manual 2014 page number 242 http://en.wikipedia.org/wiki/Job_scheduler
Question 45
An IS auditor is reviewing the upgrading of an operating system. Which of the following would be the GREATEST audit concern?
