Integrated Test facility for CISA Exam
CISA Quick Point 21.
CASE Study: I have seen an IS auditor while auditing an RDBMS, put some test data in live environment. Later on after completion of audit he could not remove the test data because data went to so many tables and the test data were so similar to live data that differentiation between test and live data was very difficult.
Later on from the backup the old database was restored after some downtime.
i am quoting this incident because I am personally very impressed with this technique.
Do you know what this process is called?
Answer is -Integrated Test facility (ITF ).
In the quick tips section I should not give all the details.
CISA Review Manual contains all the necessary information about ITF.
I shall quickly discuss ITF here.
What is Integrated Test Facility ?
Answer: Processing test data in live environment
Where and How this is used ?
IN IS Audit. personally i believe this is a very good audit instrument
where test environment is not feasible.
What are the limitation of ITF?
Now I believe all of you can answer this.
If the IS auditor is very comfirtable with the database and application and he is wll aware of flow of data, then only he should use this techniques. Otherwise this will be very difficult to differentiate two types of data.
CISA Type Question 21.
Before using ITF what is the MOST important thing that an IS auditor should consider
1. Should take backup of test data.
2. He should ensure the presense of latest backup of database and application.
3. He should study the programme codes.
4. He should study the database scripts.
Answer to CISA Type Question 20.
Certificate Authority can be internal to an organisation or this can be commercial so,
the correct answer is 3. Both A & B.
Further Reference:
1. CISA Review Manual by published ISACA
2. http://www.isaca.org
0 comments:
Post a Comment