2.3.a: Quiz IT Alignment (Doshi) Flashcards
The PRIMARY objective of review of information systems by IT steering committee should be to assess:
A. alignment of IT processes as per business requirement.
B. alignment of business process as per IT requirement.
C. the capacity of existing software.
D. the capacity of installed technology.
A. alignment of IT processes as per business requirement.
(A)IT steering committee must determine that IT processes are designed as per business requirement and that whether IS processes support the business requirement. The role of an IT steering committee is to ensure that the IS objectives are in line with business objectives.
(B)In no case business process should be defined as per IT requirement.
(C)Capacity of existing software and installed technology are important consideration. However prime objective should be to assess alignment of IT processes as per business requirement.
An IS auditor is reviewing an organization’s IT strategic plan. He should FIRST review:
A. alignment of IT processes as per business requirement.
B. the business plan.
C. the capacity of installed technology.
D. latest technology trends.
B. the business plan.
(A)The very first step in reviewing an organization’s IT strategic plan is to review/understand the business plan. Without understanding the context in which business operates and its expansion plan, review of strategic plan may not be that effective. To evaluate the IT strategic plan, the IS auditor would first need to familiarize him/herself with the business plan.
(B)Alignment of IT processes as per business is an important consideration. However, first one needs to understand the business.
(C)Impact and capacity of technology depends on nature of business and business plan. Hence understanding of business plan should be first step.
Information security governance requires strategic alignment in terms of:
A. enterprise requirements are the basis for security requirements.
B. security requirements are the basis for enterprise requirements.
C. current technology trend.
D. benchmarking with industry standards.
A. enterprise requirements are the basis for security requirements.
(1) Information security to be effective should be in line with enterprise requirements. Hence enterprise requirements should form the basis of security requirements. Other options are not relevant.
(2) Security requirements should not form the basis for enterprise requirements. It should be other way round.
(3) Current technology and benchmarking are important consideration though prime consideration should be alignment of security requirements in terms of enterprise objectives.
As a part of effective IT governance, IT Plan should be consistent with the organization’s:
A. business plan.
B. information security plan.
C. business continuity plan.
D. risk management plan
A. business plan.
To govern IT effectively, IT and business should be moving in the same direction, requiring that the IT plans are aligned with an organization’s business plans. Information security, business continuity and risk management should be considered while developing IT plan, but all this will add value only if IT plan is in line with business plan.
The BEST way to determine that whether IS functions support the organization’s business objective is to ensure that:
A. IS has latest available equipments.
B. IS plans are designed as per business objectives.
C. all resources are utilized effectively and efficiently.
D. IS has proper control over outsourcing partners.
B. IS plans are designed as per business objectives.
To govern IT effectively, IT and business should be moving in the same direction, requiring that the IT plans are aligned with an organization’s business plans.
To improve the IS alignment with business, which of the following is the BEST practice:
A. Outsourcing risks are managed.
B. Use of latest technology to operate business.
C. Structured way of sharing of business information.
D. Involvement of top management to mediate between business and information system.
D. Involvement of top management to mediate between business and information system.
(1) Strategic alignment can be best assured by involvement of top management. Top management who are very well aware of business objectives can derive maximum benefit from information system by way of structure alignment.
(2) Management of outsourcing risk is a good practice however it does not necessarily ensures IS alignment with business.
(3) Use of latest technology and structured way of information sharing may not be effective in absence of mandate from top management.
An IS auditor is evaluating an organization’s IS strategy. Which of the following would be the MOST important consideration?
A. Organizations IS strategy has been approved by CIO.
B. Organization’s IS strategy is designed as per IS department’s budget.
C. Organization’s IS strategy is considered on the basis of latest technology available in the market.
D. Organization’s IS strategy supports the business objectives of the organization.
D. Organization’s IS strategy supports the business objectives of the organization.
It must be noted that IS function will not effective if same does not supports the business objectives of the organization. Other factors are important consideration but they can be meaningless in absence of IS alignment with business objectives.
An IS auditor is evaluating an organization’s IT security policy. The PRIMARY objective is to ensure that:
A. IT security policy is available with all the users.
B. IT security policy support business and IT objectives.
C. IT security policy is considered on the basis of latest technology available in the market.
D. IT security policy is approved by top management
IT security policy support business and IT objectives.
It must be noted that IT security function will not effective if same does not supports the business objectives of the organization. Other factors are important consideration but they can be meaningless in absence of proper alignment of IT security with business and IT objectives. Even if top management approves the policy which is not in line with business objective, same should be questionable.
IT governance to be effective requires that:
A. the business strategies and objectives supports the IT strategy.
B. the business strategy is derived from an IT strategy.
C. Cost effective IT governance.
D. the IT strategy supports the business strategies and objectives.
D. the IT strategy supports the business strategies and objectives.
Effective IT governance need to manage two dimensions of governance. First and primary, governance is a decision-making framework that reflects the organization’s goals and priorities, and how the organization intends to achieve them. Second, governance processes, covers the structures and methods the organization uses to execute and institutionalize the governance framework. In essence, the framework is what the organization has decided, while the process is how the organization will institutionalize those decisions.
IS auditor is reviewing software development process. Which of the following is BEST way to ensure that business requirements are met during software development?
A. Proper training to developer.
B. Programmers with good business knowledge.
C. Adequate documentation.
D. user engagement in development process.
D. user engagement in development process.
Though other factors are important to ensure all the requirements have been considered, best way is to ensure that users are frequently engaged from early stage of software development. End users anchor the value stream. Most software requirements techniques start by asking users what they want or need the system to do.
An IS auditor is reviewing an organization’s IS strategy. Which among below is the MOST important criteria for such review?
A. It includes a mission statement.
B. It includes usage of latest technology.
C. It includes best security practices.
D. It supports the business objectives
D It supports the business objectives.
The correct answer is D. Other factors are important consideration but if IS strategy is not in line with business objectives, IS strategy will not add value to the business.