The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification. Show
CISA Question 561QuestionWhen reviewing a project where quality is a major concern, an IS auditor should use the project management triangle to explain that: A. increases in quality can be achieved, even if resource allocation is decreased. AnswerA. increases in quality can be achieved, even if resource allocation is decreased. ExplanationThe three primary dimensions of a project are determined by the deliverables, the allocated resources and the delivery time. The area of the project management triangle, comprised of these three dimensions, is fixed. Depending on the degree of freedom, changes in one dimension might be compensated by changing either one or both remaining dimensions. Thus, if resource allocation is decreased an increase in quality can be achieved, if a delay in the delivery time of the project will be accepted. The area of the triangle always remains constant. CISA Question 562QuestionWhile evaluating software development practices in an organization, an IS auditor notes that the quality assurance (QA) function reports to project management. A. effectiveness of the QA function because it should interact between project management and user management AnswerA. effectiveness of the QA function because it should interact between project management and user management ExplanationTo be effective the quality assurance (QA) function should be independent of project management. The QA function should never interact with the project implementation team since this can impact effectiveness. The project manager does not interact with the QA function, which should not impact the effectiveness of the project manager. The QA function does not interact with the project implementation team, which should not impact the efficiency of the project manager. CISA Question 563QuestionAn IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to: A. stress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans. AnswerA. stress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans. ExplanationThe majority of project risks can typically be identified before a project begins, allowing mitigation/avoidance plans to be put in place to deal with the risks. A project should have a clear link back to corporate strategy and tactical plans to support this strategy. The process of setting corporate strategy, setting objectives and developing tactical plans should include the consideration of risks. Appointing a risk manager is a good practice but waiting until the project has been impacted by risks is misguided. Risk management needs to be forward looking; allowing risks to evolve into issues that adversely impact the project represents a failure of risk management. With or without a risk manager, persons within and outside of the project team need to be consulted and encouraged to comment when they believe new risks have emerged or risk priorities have changed. The IS auditor has an obligation to the project sponsor and the organization to advise on appropriate project manage me practices. Waiting for the possible appointment of a risk manager represents an unnecessary and dangerous delay to implementing risk management. CISA Question 564QuestionAn IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor’s MAIN concern should be that the: A. complexity and risks associated with the project have been analyzed. AnswerA. complexity and risks associated with the project have been analyzed. ExplanationUnderstanding complexity and risk, and actively managing these throughout a project are critical to a successful outcome. The other choices, while important during the course of the project, cannot be fully determined at the time the project is initiated, and are often contingent upon the risk and complexity of the project CISA Question 565QuestionAt the completion of a system development project, a post project review should include which of the following? A. Assessing risks that may lead to downtime after the production release AnswerB. Identifying lessons learned that may be applicable to future projects ExplanationA project team has something to learn from each and every project. As risk assessment is a key issue for project management, it is important for the organization to accumulate lessons learned and integrate them into future projects. An assessment of potential downtime should be made with the operations group and other specialists before implementing a system. Verifying that controls are working should be covered during the acceptance test phase and possibly, again, in the post implementation review. Test data should be retained for future regression testing. CISA Question 566QuestionWhen identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those: A. whose sum of activity time is the shortest. AnswerB. that have zero slack time. ExplanationA critical path’s activity time is longer than that for any other path through the network. This path is important because if everything goes as scheduled, its length gives the shortest possible completion time for the overall project. Activities on the critical path become candidates for crashing, i.e.,
for reduction in their time by payment of a premium for early completion. Activities on the critical path have zero slack time and conversely, activities with zero slack time are on a critical path. CISA Question 567QuestionTo minimize the cost of a software project, quality management techniques should be applied: A. as close to their writing
(i.e., point of origination) as possible. AnswerC. continuously throughout the project with an emphasis on finding and fixing defects primarily during testing to maximize the defect detection rate. ExplanationWhile it is important to properly establish a software development project, quality management should be effectively practiced throughout the project. The major source of unexpected costs on most software projects is rework. The general rule is that the earlier in the development life cycle that a defect occurs, and the longer it takes to find and fix that defect,
the more effort will be needed to correct it. A well-written quality management plan is a good start, but it must also be actively applied. Simply relying on testing to identify defects is a relatively costly and less effective way of achieving software quality. For example, an error in requirements discovered in the testing phase can result in scrapping significant amounts of work. Capturing lessons learned will be too late for the current project. CISA Question 568QuestionWhich of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects? A. Project database AnswerC. Project portfolio database ExplanationA project portfolio database is the basis for project portfolio management. It includes project data, such as owner, schedules, objectives, project type, status and cost. Project portfolio management requires specific project portfolio reports. A project database may contain the above for one specific project and updates to various parameters pertaining to the current status of that single project. Policy documents on project management set direction for the design, development, implementation and monitoring of the project. Program organization is the team required (steering committee, quality assurance, systems personnel, analyst, programmer, hardware support, etc.) to meet the delivery objective of the project. CISA Question 569QuestionWhich of the following is a characteristic of timebox management? A. Not suitable for prototyping or rapid application development (RAD) AnswerC. Prevents cost overruns and delivery delays ExplanationTimebox management, by its nature, sets specific time and cost boundaries. It is very suitable for prototyping and RAD, and integrates system and user acceptance testing, but does not eliminate the need for a quality process. CISA Question 570QuestionWhen planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST? A. The project budget AnswerB. The critical path for the project ExplanationSince adding resources may change the route of the critical path, the critical path must be reevaluated to ensure that additional resources will in fact shorten the project duration. Given that there may be slack time available on some of the other tasks not on the critical path, factors such as the project budget, the length of other tasks and the personnel assigned to them may or may not be affected. Which of the following should an IS auditor review to gain an understanding of the effectiveness?D. project and updates to various parameters pertaining to the current status of that single project.
Which of the following should be of greatest concern to an IS auditor reviewing a system software development project based on agile practices?The IS auditor should be most concerned with open source software licensing compliance to avoid unintended intellectual property risk or legal consequences.
|