While planning an audit, an assessment of risk should be made to provide:

• A.reasonable assurance that the audit will cover material items.
• B.definite assurance that material items will be covered during the audit work.
• C.reasonable assurance that all items will be covered by the audit.
• D.sufficient assurance that all items will be covered during the audit work.

Comment: *

Name: *

Email: *

Verification: *

Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested?

• A.Catastrophic service interruption
• B.High consumption of resources
• C.Total cost of the recovery may not be minimized
• D.Users and recovery teams may face severe difficulties when activating the plan

Comment: *

Name: *

Email: *

Verification: *

In a large organization, IT deadlines on important projects have been missed because IT resources are not
prioritized properly. Which of the following is the BEST recommendation to address this problem?

• A.Implement project portfolio management.
• B.Implement an integrated resource management system.
• C.Implement a comprehensive project scorecard.
• D.Revisit the IT strategic plan.

Comment: *

Name: *

Email: *

Verification: *

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:

• A.a clear business case has been approved by management.
• B.corporate security standards will be met.
• C.users will be involved in the implementation plan.
• D.the new system will meet all required user functionality.

Comment: *

Name: *

Email: *

Verification: *

A core tenant of an IS strategy is that it must:

• A.Be inexpensive
• B.Be protected as sensitive confidential information
• C.Protect information confidentiality, integrity, and availability
• D.Support the business objectives of the organization

Comment: *

Name: *

Email: *

Verification: *