Information Systems Acquisition, Development and Implementation for CISA

Sample Practice Questions

1. Question 1

   An organization is implementing a new system that supports a month-end business process. Which of the following implementation strategies would be MOST efficient to decrease business downtime?
   1. A. Cutover
   2. B. Phased
   3. C. Pilot
   4. D. Parallel
   Explanation

   The correct answer is: D. Parallel.

   A parallel implementation strategy runs old and new systems simultaneously, eliminating the risk of business downtime because the old system continues to operate if the new one fails. Cutover involves a single switch with associated downtime risk. Phased and pilot strategies introduce extended transition periods but neither minimizes downtime as effectively as parallel for a month-end-critical process. Parallel is therefore the most efficient to decrease downtime. A parallel implementation also gives the business an opportunity to validate the new system against the old before retiring the legacy; the IS auditor should expect documented reconciliation evidence between the two systems and a formal go/no-go decision based on the parallel results before the legacy is decommissioned.

2. Question 2

   Which of the following is the BEST way to ensure that an application is performing according to its specifications?
   1. A. Pilot testing
   2. B. System testing
   3. C. Integration testing
   4. D. Unit testing
   Explanation

   The correct answer is: B. System testing.

   System testing exercises the integrated application as a whole against its specifications in a production-like environment, providing the broadest assurance that the application performs to specification. Pilot testing exercises a deployment subset. Integration testing checks combined components but not the full system. Unit testing is too narrow. System testing is therefore the best validation. System testing should also include performance, security and recovery scenarios relevant to the production environment, with documented test cases tied to specifications and recorded results; the IS auditor should expect to see system-test evidence as part of the change record supporting the move from test to production.

3. Question 3

   During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:
   1. A. cost-benefit analysis.
   2. B. acceptance testing.
   3. C. application test cases.
   4. D. project plans.
   Explanation

   The correct answer is: D. project plans..

   When evaluating controls over a major application development project, the most effective use of auditor time is reviewing the project plans because they reveal governance structure, risk approach, deliverable definitions and the integration of control activities throughout the lifecycle; the plans frame everything else. Cost-benefit analysis is investment-justification; acceptance testing is end-stage; application test cases are technical artifacts. Reviewing the project plans is therefore the most effective focus. Reviewing project plans also lets the IS auditor see whether the control activities (testing types, sign-off points, segregation of duties, configuration management) are scheduled into the project at appropriate phases rather than scrambled together at the end, which is one of the central evidences of disciplined development governance.

4. Question 4

   The GREATEST benefit of using a prototyping approach in software development is that it helps to:
   1. A. improve efficiency of quality assurance (QA) testing.
   2. B. conceptualize and clarify requirements.
   3. C. decrease the time allocated for user testing and review.
   4. D. minimize scope changes to the system.
   Explanation

   The correct answer is: B. conceptualize and clarify requirements..

   Prototyping's greatest benefit is helping stakeholders conceptualize and clarify requirements, because seeing a working sketch exposes assumptions, gaps and preferences that pure documentation cannot. Improving QA, decreasing user testing time and minimizing scope changes are possible secondary effects but the central value is requirements clarification. Requirements clarification is therefore the right answer. Prototyping is particularly valuable when users find it hard to articulate requirements in the abstract; the IS auditor should expect prototyping output to feed into a formal requirements document with explicit sign-off so that the agreed requirements are preserved beyond the prototype itself.

5. Question 5

   When evaluating whether the expected benefits of a project have been achieved, it is MOST important for an IS auditor to review:
   1. A. the project schedule.
   2. B. quality assurance (QA) results.
   3. C. post-implementation issues.
   4. D. the business case
   Explanation

   The correct answer is: C. post-implementation issues..

   When evaluating realized benefits, reviewing post-implementation issues exposes the actual operating reality of the system, including problems that erode realized benefits and any unexpected challenges that emerged after deployment. Project schedule speaks to delivery timing, not benefits. QA results speak to product quality at handoff, not in-life benefit performance. The business case states expected benefits but does not show whether they materialized. Post-implementation issues therefore best inform the benefits-evaluation review. Post-implementation issues also surface adoption problems, operational gaps and exceptions that were not visible during testing, and they are the most concrete artifact the IS auditor has for assessing whether benefits estimated in the business case can realistically be sustained in operation.

Other CISA domains

• Governance and Management of IT (293 questions)
• Information System Auditing Process (318 questions)
• Information Systems Operations and Business Resilience (360 questions)
• Protection of Information Assets (576 questions)