CISA Made Easy

                                           - easy CISA preparation

Thursday, June 19, 2008

Segregation of duties from CISA Exam Point of View

CISA Exam Quick Tips 8 :

Segregation of duties for a programmer.

A programmer can be a System Programmer or an Application Programmer. So, the question is what additioal job a programmer can be assigned to? A programmer can be a System Analyst. Means, System programmer and a Programmer who designs application to run on systems can be a System Analyst.

The second things to know is what job is incompatible for a Programmer as per IT Governance Best Practices? Answer will be- A programmer should not be entrusted with the additional job of Data Entry Personnel, a Tape Librarian or a Computer Operator.

My above statement will be diagrammatically represented as below:

















Now you may ask yourself why these jobs are unsuited or attuned. If you are able to answer yourself, your preparation for this topic is through for CISA Exam.

CISA Type Question 8.
IN IS Audit process 'Segregation of duties' is generally BEST tested by which of the following methods?
1. Compliance Testing.
2. Substantive Testing.
3. Can not be tested.
Note: CISA Quick Tips on Compliance & Substantive Testing will be published in due course.

Answer to CISA Type Question 7.

While auditing a network an IS Auditor must see that whether

broadcast domain is defined correctly and as per requirement or not.

Broadcast can be a cause of major packet loss in situations and

degrade a network.So, the Correct answer is 2. Broadcast.


Further Reference:


1. CISA Review Manual by published ISACA


2. http://www.isaca.org


Add Post To: | Digg| Technorati| del.icio.us| Stumbleupon| Reddit| BlinkList| Furl| Spurl| Yahoo| Simpy|

Posted by PassCISA | Permalink |  

Labels:

Readers who visited this post also read :

2 comments:

Hello all, I would also like to give my opinion on Risk and Compliance.
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization. IT GRC encompasses the practices for delivering: Greater business value from IT strategy, investment and alignment, Significantly reduced business and financial risk from the use of IT, and Conformance with policies of the organization and its external legal and regulatory compliance mandates. IT GRC energizes the entire organization to imagine what it can achieve, establishes methods for achieving their objectives, and demonstrates the practices that are proven to work for minimizing business and financial risk. Fundamentally, IT GRC is about striking an appropriate balance between business reward and risk, enabling an organization to more effectively anticipate and manage business risk while more effectively delivering value for the organization. IT governance, risk, compliance, IT GRC, White paper, compliance survey report, 2008 compliance report.
You can also get more information from http://www.compliancehome.com/symantec/

July 14, 2008 at 4:23 PM  

can anyone tell me how much a cisa training tuition would cost me?

March 25, 2009 at 4:32 AM  

Post a Comment

Subscribe to: Post Comments (Atom)
 

Home | | | | |

CISA made Easy - Easy CISA Preparation