University of Saint Louis

School of Accountancy, Business, and Hospitality

Auditing in a CIS Environment (ICTE 1073)
Quiz #2 (May 17, 2019)

Code: Name: Score: /30

NO ERASURES.

1. The PMLC
A. Provides a structure for defining requirements and developing applications
B. Is focused on project scope, schedule, and budget
C. Is focused on the analysis, construction, and testing of applications
D. Provides a structure for evaluating IT investments

2. Effective project management ensures that

A. Processes are explicitly defined, managed, measured, controlled, and
effective
B. Applications are designed, developed, and implemented
C. Project tasks are defined, and resources are available and completed on
time and within budget
D. The project has included all the costs of the technology solution

3. During the planning phase, the auditor can

A. Review project deliverables to identify control weaknesses
B. Review project management processes for appropriateness
C. Facilitate communication between the project team and senior management
D. Facilitate communication between functions and raise issues

4. A project management process review would

A. Assess the adequacy of the control environment for managing projects
B. Ensure the right solution is selected that integrates with other technology
components
C. Ensure clearly defined requirements in the request for proposal
D. Ensure projects are completed on time, on budget, and with full
functionality

5. Project management tools allow the user to

A. track metrics for measuring third-party vendors.
B. help determine which vendor products to use.
C. provide a process for governing investments in IT.
D. define tasks, dependencies, and track progress.

6. Key tasks during a project management review are

A. check project management tools for proper usage
B. assess readiness for implementation
C. maintain independence to remain objective
D. All of the above

7. Which of the following is not a process risk?

A. Processes are explicitly defined, managed, measured, controlled, and
effective
B. Lack of strategic direction
C. Lack of project management standards
D. Negative organizational climate

8. Which of the following is not a project risk?

A. Review of project deliverables to identify control weakness
B. Inexperienced staff
C. Lack of management commitment
D. Project complexity and magnitude

9. One of the biggest obstacles in implementation is

A. the adequacy of the control environment for managing projects.
B. user resistance.
C. clearly defined requirements in the request for proposal.
D. ensuring projects are staffed.
10. One of the basic steps in the software acquisition process is
A. identifying a single alternative.
B. defining the information and system requirements.
C. performing user and site surveys.
D. replacing existing hardware platforms.

11. What is the most important step in the software acquisition process?
A. Defining information requirements
B. Identifying alternatives
C. Performing the feasibility analysis
D. Conducting risk analysis

12. Participants in the selection process may not include representatives from
A. Management B. Anticipated users
C. IT department D. Supplier

13. What is not an advantage of purchasing off-the-shelf solutions?

A. Shorter implementation time
B. The ability to use the company’s existing IT infrastructure
C. Use of proven technology
D. Easier to define costs

14. When selecting a supplier package, organizations should consider all of the
following, except
A. Stability of the supplier company
B. Supplier’s ability to provide support
C. Required modifications to the base software
D. Sales and marketing literature

15. The costs of risks does not include

A. Cost of loss-prevention measures B. Cost of security controls
C. Cost of losses sustained D. Insurance premiums

16. Tools used to identify risks include all of the following, except
A. Risk analysis questionnaire B. Flowchart of operations
C. Audit workflow software D. Insurance policy checklist

17. IT risk evaluation involves

A. Ranking the size and probability of potential loss
B. Evaluation of the level of risk of a given process or function
C. Ensuring that risk losses do not prevent organization management from
meeting its objectives
D. Retaining a portion of the risk to reduce the insurance or premium costs

18. The reasons for risk analysis are

A. Loss or corruption of information and IS assets
B. Impaired and ineffective management decision making
C. Disruption to customer service or other critical operations
D. All of the above
19. Which of the following statements regarding the effect of insurance on risk is
true?
A. Prevents loss or damage to the organization
B. Transfers risk of loss or damage to the insurance company
C. Risks are not managed when insured
D. None of the above

20. Advantages of a centralized organization model include all of the following,

except
A. Ability to leverage scale for pricing concessions
B. Flexibility and responsiveness to customer needs
C. Shared services only add incremental costs to increased volumes
D. Centrally located server environment

21. Resource management ensures

A. Quality assurance processes are followed
B. Appropriate organizational structure is selected
C. IT has the right resources at the right time
D. that personnel lack the tools to fulfill their job responsibilities
22. All of the following are CMM key processes, except
A. Requirements management B. Subcontract management
C. Asset classification and control D. Software configuration management

23. A process framework is needed to

A. Ensure non-compliance issues are addressed with senior management
B. Ensure all critical processes are defined, reviewed, validated, and
maintained
C. Describe the steps that a person is directed to perform
D. None of the above

24. Which of the following is not true about well-documented policies and
procedures?
A. Describe the function of activities
B. Define inter-relationships with other departments
C. Ensure quality systems are implemented
D. Should tie directly to goals and objectives of the organization

25. The purpose of a procedure is to

A. Describe steps that a person is directed to perform
B. Describe steps to achieve some objective
C. Describe how to produce a product
D. All of the above

26. An investment approval request should include which of the following?

A. Business issues and assumptions
B. Financial return and contingencies
C. Resources required and proposed technology
D. All of the above

27. Approaches to developing a pricing model includes the following, except

A. IT-based consumption model
B. Fee-based chargeback
C. Profit-oriented chargeback
D. All of the above choices are approaches to developing a pricing model

28. Developing a pricing model requires knowledge of

A. Security requirements B. Tax and regulatory requirements
C. Third-party charging models D. Project pricing model

29. Project cost estimates should include

A. Alignment to enterprise architecture standards
B. Financial return and contingencies
C. The total development and infrastructure costs
D. The business benefits of the proposed solution

30. Financial planning in IT begins with an understanding of

A. Business volume growth projections
B. Enterprise architecture standards
C. IT organizational model
D. Regulatory compliance requirements

http://bit.ly/icte1073-q2