ISACA: Serving IT Governance Professionals

English
Chinese (Simplified)
Chinese (Traditional)
Deutsch
Espanol
Francais
Hebrew
Italiano
Japanese
Korean
Nederlands
Polski
Portuguese

Advanced Search

ABOUT
Membership
CERTIFICATION
Education
COBIT
Knowledge Center
Journal
Bookstore

What We Offer & Who We Serve

@ISACA Newsletter

Licensing and Promotion

Volunteering

IT Governance
Institute

	Professional Membership
	Student Membership
	Academic Membership

	Local Chapter Information
	Join Today
	Professional Growth Global Community Advance Your Career


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

Why Certify

How to Earn CPE

Maintain Your Certification

Write an Exam Question

US DoD Information

Exam Registration

Online Learning

Upcoming Events

Conferences

COBIT Education

On-Site Training

Exam Review Courses

Sponsor & Exhibit Opportunities

Call for Papers


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?

Browse Knowledge Center topics

Where networking and knowledge intersect.

	BMIS (Information Security)
	COBIT 5 \| COBIT 4.1
	ITAF (IT Assurance\Audit)
	Research (Deliverables\Projects)
	Risk IT (IT Risk Management)
	Standards (Assurance\Audit\Control)
	Val IT (Value Delivery)

Featured Resources

Career Centre

Legislative Reporting

Current Issue

Past Issues

Author Blog

CPE Quizzes

Submit an Article

COBIT 5

COBIT 5: Enabling Processes

COBIT 5: Enabling Processes

Top Sellers

Accounting Information Systems, 9th Edition

CISA Review Manual 2012

CRISC Review Manual 2012

CISM Practice Question Database v12

Security, Audit and Control Features Oracle PeopleSoft, 3rd Edition

Implementing Service Quality Based on ISO/IEC 20000

ISACA
My ISACA

Join ISACA
Feedback
Shopping Cart

Sign In

ISACA > Journal > Past Issues > 2005 > Volume 1 > Quiz 98

Quiz 98

Journal
- Current Issue
- JOnline
- Past Issues
  - 2012
  - 2011
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.

Sayana Article
Parkes Article
Steuperaert Article
Shue Article
Benvenuto and Brand Article

CPE Quiz # 98

Based on Information Systems Control Journal Volume 5, 2004

A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit

Your results will appear in a new window.

Enter your name below so it displays on the quiz results page:

Name:

Sayana Article

1. In preparation of an IS audit of outsourcing, it is most important to determine and understand thoroughly the nature of the outsourced work. The focus should be on the areas of risk and the controls to mitigate those risks.
TrueFalse2. As most outsourcing arrangements are put in place after a detailed process of evaluations, due diligence and negotiations, the IS auditor can leave the review of the outsourcing contract to the company lawyer.
TrueFalse3. The audit of outsourcing is more than the audit of the service provider. Noting that the company and the service provider’s organizations are bigger than the outsourcing arrangement itself, many facets need to be reviewed to obtain a total picture.
TrueFalse

Parkes Article

4. From the IT governance perspective, the risks of outsourcing for the outsourcer are different from that of the receiving organization.
TrueFalse5. When core knowledge systems and development of new or maintenance of existing systems are outsourced, IT governance considerations for executives and the boards for the outsourcer include adequate backup and disaster recovery arrangements, security of associated communication channels, and contracted standards for software development and maintenance.
TrueFalse6. Reports to executives and directors in the form of overview flowcharts allow the reader to get the big picture on internal controls and security quickly, including the linkages to activities that have not been outsourced. They should substitute long reports in technical jargon.
TrueFalse7. Provision of computer equipment, replacement of network PCs and servers, and network devices are usually considered low-risk outsourced activities for both the receiving organization and the service provider.
TrueFalse

Steuperaert Article

8. The IT Governance Global Status Report was not intended to deal mainly with COBIT. To this end, the survey questionnaire and the research were kept solution-neutral up to the last stage. It was only at the last stage that specific questions were asked and information gathered concerning COBIT.
TrueFalse9. The COBIT purchasers represented 25 percent of the random sample of companies interviewed for the IT governance study and report.
TrueFalse10. One of the major findings and messages from the independent global survey and research project noted that COBIT is the preferred way to implement effective IT governance.
TrueFalse

Shue Article

11. The Public Company Accounting Oversight Board (PCAOB) auditing standard No. 2 specifically states that if the service organization is part of a user company's information system, it is part of the company's internal control over financial reporting.
TrueFalse12. A service organization�s auditor report such as SAS70-Type-1, which reports on controls placed in operation, will satisfy the Sarbanes-Oxley requirements for outsourcing controls.
TrueFalse

Benvenuto and Brand Article

13. The predominant thinking among US regulators, policy makers and providers is that when something is outsourced, the outsourcing company still owns it, is responsible for it and needs to control it.
TrueFalse14. SAS70 was designed to provide assurance over the general IT and process controls required within the Sarbanes-Oxley framework; therefore, no additional audit work needs to be performed.
TrueFalse15. In managing the risks of outsourcing, the authors recommend a risk management methodology model. Sources of control information for this model include laws and regulations, internal audit, SAS70, client audits and other third-party reviews.
TrueFalse16. According to the authors, the most involved and important step of the five-step approach to managing the risks of outsourcing is defining demarcation points between internal and external parties.
TrueFalse

Your results will appear in a new window.

Please note: This quiz requires a JavaScript-enabled browser. If the quiz is not displayed above, you either do not have a browser which supports JavaScript or JavaScript support has been disabled.

© 2012 ISACA. All Rights Reserved

Site Map
Contact Us
Press Room
Terms of Use
ISACA PRIVACY POLICY – YOUR PRIVACY RIGHTS
IP Guidelines