A finance department has a multi-year project to upgrade the enterprise resource planning (ERP) system hosting the general ledger. and in year one, the system version upgrade will be applied. Which of the following should be the PRIMARY focus of the IS auditor reviewing the first year of the project?
正解: D
The primary focus of the IS auditor reviewing the first year of the project should be regression testing. Regression testing is a type of testing that ensures that the existing functionality of the system is not affected by the changes or upgrades made to the system. Since the project involves upgrading the ERP system hosting the general ledger, which is a critical and complex component of the finance department, it is important to verify that the upgrade does not introduce any errors or defects that could compromise the accuracy, completeness, and reliability of the financial data and reports. Regression testing can help identify and resolve any issues before they affect the users and the business processes. Unit testing, network performance, and user acceptance testing (UAT) are also important aspects of the project, but they are not the primary focus of the IS auditor in the first year. Unit testing is a type of testing that verifies that each individual module or component of the system works as expected. Network performance is a measure of how well the system can communicate and exchange data with other systems and devices over a network. User acceptance testing (UAT) is a type of testing that validates that the system meets the user requirements and expectations. These aspects are more relevant in later stages of the project, when the system is more developed and ready for deployment. References: ERP Upgrade: The Path to Modernization | SAP ERP System Validation: Your Guide To Successfully Validating ERP Systems The role of internal auditors in ERP#based organizations What is Regression Testing? Definition, Tools & Examples What is Unit Testing? Definition, Tools & Examples What is Network Performance? Definition, Metrics & Examples What is User Acceptance Testing (UAT)? Definition, Process & Examples
CISA 試験問題 474
Which of the following types of attack works by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs?
正解: C
Section: Protection of Information Assets Explanation: Code injection is a technique to introduce code into a computer program or system by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs.
CISA 試験問題 475
What is the primary objective of a control self-assessment (CSA) program?
正解: A
Section: Protection of Information Assets Explanation: Audit responsibility enhancement is an objective of a control self-assessment (CSA) program.