Test Prep This preview shows page 170 - 173 out of 493 pages. QUESTION NO: 448When reviewing a project where quality is a major concern, an IS auditor should use the projectmanagement triangle to explain that:Isaca CISA Exam"Pass Any Exam. Any Time." - 170 A.increases in quality can be achieved, even if resource allocation is decreased.B.increases in quality are only achieved if resource allocation is increased.C.decreases in delivery time can be achieved, even if resource allocation is decreased.D.decreases in delivery time can only be achieved if quality is decreased.Answer: AExplanation:The three primary dimensions of a project are determined by the deliverables, the allocatedresources and the delivery time. The area of the project management triangle, comprised of thesethree dimensions, is fixed. Depending on the degree of freedom, changes in one dimension mightbe compensated by changing either one or both remaining dimensions. Thus, if resourceallocation is decreased an increase in quality can be achieved, if a delay in the delivery time of theproject will be accepted. The area of the triangle always remains constant.QUESTION NO: 449An IS auditor is assigned to audit a software development project which is more than 80 percentcomplete, but has already overrun time by 10 percent and costs by 25 percent. Which of thefollowing actions should the IS auditor take?A.Report that the organization does not have effective project management.B.Recommend the project manager be changed.C.Review the IT governance structure.D.Review the conduct of the project and the business case.Answer: DExplanation:Before making any recommendations, an IS auditor needs to understand the project and thefactors that have contributed to making the project over budget and over schedule. Theorganization may have effective project management practices and sound ITgovernance and stillbe behind schedule or over budget. There is no indication that the project manager should bechanged without looking into the reasons for the overrun.QUESTION NO: 450Which of the following should an IS auditor review to understand project progress in terms of time,budget and deliverables for early detection of possible overruns and for projecting estimates atcompletion (EACs)?A.Function point analysisB.Earned value analysisC.Cost budgetD.Program Evaluation and Review TechniqueIsaca CISA Exam"Pass Any Exam. Any Time." - 171 Answer: BExplanation:Earned value analysis (EVA) is an industry standard method for measuring a project's progress atany given point in time, forecasting its completion date and final cost, and analyzing variances inthe schedule and budget as the project proceeds. It compares the planned amount of work withwhat has actually been completed, to determine if the cost, schedule and work accomplished areprogressing in accordance with the plan. EVA works most effectively if a well-formed workbreakdown structure exists. Function point analysis (FPA) is an indirect measure of software size Upload your study docs or become a Course Hero member to access this document Upload your study docs or become a Course Hero member to access this document End of preview. Want to read all 493 pages? Upload your study docs or become a Course Hero member to access this document Tags Accounting, Public key cryptography, Network topology, CISA The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification. CISA Question 551QuestionThe purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure: A. integrity. AnswerA. integrity. ExplanationA checksum calculated on an amount field and included in the EDI communication can be used to identify unauthorized modifications. CISA Question 552QuestionWhich of the following situations would increase the likelihood of fraud? A. Application programmers are implementing changes to production programs. AnswerA. Application programmers are implementing changes to production programs. ExplanationProduction programs are used for processing an enterprise’s data. It is imperative that controls on changes to production programs are stringent. Lack of control in this area could result in application programs being modified to manipulate the data. Application programmers are required to implement changes to test programs. These are used only in development and do not directly impact the live processing of data. CISA Question 553QuestionWhich of the following techniques would BEST help an IS auditor gain reasonable assurance that a project can meet its target date? A. Estimation of the actual end date based on the completion percentages and estimated time to complete, taken from status reports AnswerC. Extrapolation of the overall end date based on completed work packages and current resources ExplanationDirect observation of results is better than estimations and qualitative information gained from interviews or status reports. Project managers and involved staff tend to underestimate the time needed for completion and the necessary time buffers for dependencies between tasks, while overestimating the completion percentage for tasks underway (80:20 rule). The calculation based on remaining budget does not take into account the speed at which the project has been progressing. CISA Question 554QuestionA manager of a project was not able to implement all audit recommendations by the target date. The IS auditor should: A. recommend that the project be halted until the issues are resolved. AnswerC. evaluate risks associated with the unresolved issues. ExplanationIt is important to evaluate what the exposure would be when audit recommendations have not been completed by the target date. Based on the evaluation, management can accordingly consider compensating controls, risk acceptance, etc. All other choices might be appropriate only after the risks have been assessed. CISA Question 555QuestionA project manager of a project that is scheduled to take 18 months to complete announces that the project is in a healthy financial position because, after 6 months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine: A. what amount of progress against schedule has been achieved. AnswerA. what amount of progress against schedule has been achieved. ExplanationCost performance of a project cannot be properly assessed in isolation of schedule performance. Cost cannot be assessed simply in terms of elapsed time on a project. To properly assess the project budget position, it is necessary to know how much progress has actually been made and, given this, what level of expenditure would be expected. It is possible that project expenditure appears to be low because actual progress has been slow. Until the analysis of project against schedule has been completed, it is impossible to know whether there is any reason to reduce budget, if the project has slipped behind schedule, then not only may there be no spare budget but it is possible that extra expenditure may be needed to retrieve the slippage. The low expenditure could actually be representative of a situation where the project is likely to miss deadlines rather than potentially come in ahead of time. If the project is found to be ahead of budget after adjusting for actual progress, this is not necessarily a good outcome because it points to flaws in the original budgeting process; and, as said above, until further analysis is undertaken, it cannot be determined whether any spare funds actually exist. Further, if the project is behind schedule, then adding scope may be the wrong thing to do. CISA Question 556QuestionA legacy payroll application is migrated to a new application. Which of the following stakeholders should be PRIMARILY responsible for reviewing and signing-off on the accuracy and completeness of the data before going live? A. IS auditor AnswerD. Data owner ExplanationDuring the data
conversion stage of a project, the data owner is primarily responsible for reviewing and signing-off that the data are migrated completely, accurately and are valid. An IS auditor is not responsible for reviewing and signing-off on the accuracy of the converted data. CISA Question 557QuestionAn organization is implementing an enterprise resource planning (ERP) application to meet its business objectives. Of the following, who is PRIMARILY responsible for overseeing the project in order to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results? A. Project sponsor AnswerC. Project steering committee ExplanationA project steering committee that provides an overall direction for the enterprise resource planning (ERP) implementation project is responsible for reviewing the project’s progress to ensure that it will deliver the expected results. A project sponsor is typically the senior manager in charge of the primary business unit that the application will support. The sponsor provides funding for the project and works closely with the project manager to define the critical success factors or metrics for the project. The project sponsor is not responsible for reviewing the progress of the project. A system development project team (SDPT) completes the assigned tasks, works according to the instructions of the project manager and communicates with the user project team. The SDPT is not responsible for reviewing the progress of the project. A user project team (UPT) completes the assigned tasks, communicates effectively with the system development team and works according to the advice of the project manager. A UPT is not responsible for reviewing the progress of the project. CISA Question 558QuestionWhen reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the: A. project be discontinued. AnswerB. business case be updated and possible corrective actions be identified. ExplanationAn IS auditor should not recommend discontinuing or completing the project before reviewing an updated business case. The IS auditor should recommend that the business case be kept current throughout the project since it is a key input to decisions made throughout the life of any project. CISA Question 559QuestionWhich of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion (EACs)? A. Function point analysis AnswerB. Earned value analysis ExplanationEarned value analysis (EVA) is an industry standard method for measuring a project’s progress at any given point in time, forecasting its completion date and final cost, and analyzing variances in the schedule and budget as the project proceeds. It compares the planned amount of work with what has actually been completed, to determine if the cost, schedule and work accomplished are progressing in accordance with the plan. EVA works most effectively if a well-formed work breakdown structure exists. Function point analysis (FPA) is an indirect measure of software size and complexity and, therefore, does not address the elements of time and budget. Cost budgets do not address time. PERT aids in time and deliverables management, but lacks projections for estimates at completion (EACs) and overall financial management. CISA Question 560QuestionAn IS auditor is assigned to audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take? A. Report that the organization does not have effective
project management. AnswerD. Review the conduct of the project and the business case. ExplanationBefore making any recommendations, an IS auditor needs to understand the project and the factors that have contributed to making the project over budget and over schedule. The organization may have effective project management practices and sound IT governance and still be behind schedule or over budget. There is no indication that the project manager should be changed without looking into the reasons for the overrun. Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects?Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects? A project portfolio database.
Which of the following is the most critical and contributes the greatest to the quality of data in a data warehouse?Which of the following is the MOST critical and contributes the greatest to the quality of data in a data warehouse? Explanation: Accuracy of source data is a prerequisite for the quality of the data in a data warehouse.
When a new system is to be implemented within a short time frame it is most important to?Explanation: It would be most important to complete the user acceptance testing to ensure that the system to be implemented is working correctly.
|