Multiple Choice
An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?
A) Investigation of the physical security over access to the components of the LAN.
B) The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.
C) Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.
D) The level of security of other LANs in the company which also utilize sensitive data.
Correct Answer:
Verified
Correct Answer:
Verified
Q222: An audit to test the system of
Q223: According to IIA guidance, which of the
Q224: In the annual audit of the financial
Q225: Which of the following is not a
Q226: At the beginning of fieldwork in an
Q228: A staff auditor, nearly finished with an
Q229: Which of the following is an advantage
Q230: Which of the following statements is true
Q231: What would a chief audit executive most
Q232: A chief audit executive (CAE) is selecting