1C Flashcards
Q1: The COSO Internal Control – Integrated Framework is the most important IT Governance framework used by companies to demonstrate SOX-compliance.
FALSE: COSO is not an IT Governance framework, but a general corporate governance framework.
COBIT-> Most widely accepted standard for demonstrating SOX compliance for IT-centered organizations
Q2: COBIT makes use of process maturity analysis through a so-called process capability model. All processes of a firm can then become subject to the use of such a capability model in order to assess and improve them.
true
Q3: For both Corporate Goverance, as well as IT Governance, the ultimate responsibility lies with the management of an organization, in other words the team of C-level executives (CEO, CIO, CFO, etc.)
False
manager& governance
Q4: Section 404 of the Sarbanes-Oxley Act states, amongst other, that all (financial) information can be tracked to its origin.
True
Q5: The principal agent problem states that
he shareholders and management may have different interests.
Q6: In case of deliberate (onopzettelijk) inaccurate information and/or certification, the Sarbanes-Oxley Act may penalize
firm and managers
Q7: Which statement about the COSO framework is NOT CORRECT?
* It can be used to become SOX compliant.
* It is named after the Committee of Sponsoring Organizations of the Treadway Commission (IMA, AAA, AICPA, IIA, FEI).
* It s an IT framework.
* It s five key components are: control environment, risk assessment, control activities, information and
communication and monitoring activities
It s an IT framework.
Q8: Corporate and IT Governance frameworks are developed by professional organizations such as ISACA and COSO. Accordingly, these frameworks are strongly practice-driven and not, or only limitedly, scientifically validated.
True
Q9: In COBIT a RACI chart or matrix can be used to
assign responsibilities
Q10: The Sarbanes-Oxley Act is an American law setting new governance standards for publicly traded companies in the US.
true
Q11: The Sarbanes-Oxley Act aims at -
protecting the shareholders of a firm and the public from accounting errors and fraud.
Q12: COBIT is one of the most popular IT governance frameworks. Despite the fact that IT is a cornerstone for compliance, reporting, and risk management, organizations are obliged to rely on other frameworks (such as the COSO Internal Control-Integrated Framework) so as to demonstrate SOX compliance.
False
cobit most widely accepted standard for demonstrating SOX compliance for IT-centered organizations
Q13: IS Governance is broadly defined as the capability of an organization to manage and control IT strategy and ensure alignment between business and IT so that value creation improves.
true
Q14: Which of the following is NOT a COBIT governance principle?
* Provide stakeholder value
* Holistic approach
* Tailored to enterprise needs
* Governance indiscernible from management
- Governance indiscernible from management
Q15: What is NOT a goal of corporate governance?
* Regulate risk
* Reduce opportunity for corruption
* Centralize all responsibilities at the management level
* Maintain legal and ethical standards
- Centralize all responsibilities at the management level -> this
Q16: Looking back upon the COBIT standard, it can be said it is
* Relatively easy to understand and implement
* Quite challenging and complex to understand and implement
- Quite challenging and complex to understand and implement -> this
Q17: coso is an example of
* An internal control framework
* An external control framework
* An internal and external control framework
* Business model
- An internal control framework -> this
Q18: Which statement about COBIT is NOT CORRECT?
* It is a Business Framework for Governance and Management of Enterprise IT.
* It s only used by a minority of firms.
* It was developed by by ISACA (https://www.isaca.org).
* It provides a set of tools that ensures IT is working effectively and generates value.
- It s only used by a minority of firms. -> this
The most recent version of COBIT was introduced in
2019
