4 - IT

Question 1

What are the 3 basic processes in a manual AIS?

Answer 1

1 - Journalize
2 - Post
3 - Summarize

Question 2

What are the 3 basic processes in a automated AIS?

Answer 2

1 - Input
2 - Process
3 - Output

Question 3

What are the 6 risks that are heightened in a computer based system?

Answer 3

1 - Reliance on faulty programs
2 - Unauthorized access to data
3 - Unauthorized changes to master files, programs
4 - Failure to make necessary changes to systems, programs
5 - Inappropriate manual intervention (management override)
6 - Loss of data

Question 4

Physical ______ _______ are substantially reduced in a computerized environment, particularly in online, real-time systems.

Answer 4

audit trails

Question 5

These are built into better accounting information system software and created by maintaining a file of all transactions processed by the system, to include the username of the person who processed the transaction.

Answer 5

Electronic audit trails

Question 6

In a computerized environment, many functions that are normally separated as part of ___________ controls are combined to be processed at the same time.

Answer 6

segregation of duties

Question 7

Computerized systems have uniform transaction processing, which results in an increase in processing consistency and decreases the chance for ________. `

Answer 7

clerical errors

Question 8

In a computerized environment, there is an increased risk of ___________, or errors in programming logic.

Answer 8

systematic errors

Question 9

Computerized systems can gain efficiency by automatically generating transactions when conditions occur, but these transactions should be ___________.

Answer 9

Regularly reported and reviewed

Question 10

One benefit of computerized systems is the potential for increased __________ review.

Answer 10

Management

Question 11

The ____________ framework is a widely used international standard for identifying best practices in IT security and control

Answer 11

COBIT (Control Objectives for Information and Related Technology)

Question 12

COBIT bridges the gap between strategic business requirement, __________, and the delivery of supporting IT.

Answer 12

accounting control needs

Question 13

COBIT facilitates ____________ and helps ensure the _______ of information and information systems

Answer 13

IT governance; integrity

Question 14

The IT function is divided into these 4 domains:

Answer 14

1 - Planning and organization
2 - Acquisition and implementation
3 - Delivery and support
4 - Monitoring

Question 15

This domain of the COBIT IT function establishes a strategic vision for IT and develops tactics to plan, communicate, and realize the strategic vision

Answer 15

Planning and organization

Question 16

This domain is concerned with acquiring, implementing, and developing IT solutions to address business objectives and integrate with critical business processes

Answer 16

Acquisition and implementation

Question 17

This domain is concerned with delivering IT services, including operations, security, and training

Answer 17

Delivery and support

Question 18

This domain is concerned with assessing IT quality and compliance with control requirements.

Answer 18

Monitoring

Question 19

The COBIT model identifies 4 interrelated monitoring processes:

Answer 19

1 - Monitor and evaluate IT performance
2 - Monitor and evaluate internal control
3 - Ensure regulatory compliance
4 - Provide IT Guidance

Question 20

To have value to an organization, data must have the following 7 attributes:

Answer 20

1-Effectiveness
2-Efficiency
3-Confidentiality
4-Integrity
5-Availability
6-Compliance
7-Reliability

Question 21

The five physical resources that comprise an IT system include:

Answer 21

1 - People
2 - Applications
3 - Technology
4 - Facilities
5 - Data

Question 22

These systems provide transaction processing, management support, and decision making support in a single, integrated, organization-wide package.

Answer 22

Enterprise resource planning systems (also known as enterprise-wide systems

Question 23

What are the 4 goals of an ERP system?

Answer 23

1 - Global (organization wide) visibility
2 - Cost reductions
3 - Employee empowerment
4 - “Best practices”

Question 24

In __________, a virtual data pool is created by contracting with a third-party data storage provider.

Answer 24

Cloud-based system

Question 25

What are the 6 benefits of cloud-based systems:

Answer 25

1 - Universal access
2 - Cost reductions
3 - Scalability
4 - Outsourcing and economies of scale
5 - Enterprise-wide integration
6 - Deployment speed

Question 26

What are the 5 primary risks with cloud-based systems?

Answer 26

1 - Risk of data loss and outages
2 - Increased risk of system penetration by hackers
3 - Reliance on CSP competence, professionalism, and reliability.
4 - Data stored on community clouds may be vulnerable to other tenants
5 - Storing data with a high profile provide can make a company a high-profile target for cyber-attackers

Question 27

The _________ is responsible for the efficient and effective functions of existing systems and for planning for the development and technical resources for future systems

Answer 27

Chief Information Officer (aka VP of IT, etc.)

Question 28

What are the 3 main functional areas of an IT department:

Answer 28

1 - Application development
2 - Systems administration and programming
3 - Computer operations

Question 29

This functional area is responsible for creating new end-user applications and maintaining existing applications.

Answer 29

Application development

Question 30

These people are responsible for analyzing and designing computer systems; lead teams of programmers, and work with end-users to define problems and ID solutions.

Answer 30

Systems analyst

Question 31

These people work under the systems analyst and write the actual programs that process data and produce reports

Answer 31

Applications programmers

Question 32

New program development is completed in a _________ environment using copies of live data and existing programs.

Answer 32

test or “sandbox”

Question 33

This department maintains the computer hardware and infrastructure and works to grant access to system resources

Answer 33

Systems administration and programming

Question 34

Responsible for the management activities of systems they control

Answer 34

System administrators (could be web admin, network admin, database admin, etc.)

Question 35

These people are responsible for maintaining the various operating systems and related hardware. They also update the system and install new hardware.

Answer 35

System programmers

Question 36

The ___________ ensures that all applicable devices link to the organization’s network and that the networks operate securely and continuously.

Answer 36

Network managers.

Question 37

Ensures that all components of the system are protected from all internal or external threats

Answer 37

Security management

Question 38

This department is responsible for the day-to-day operations of the computer system.

Answer 38

Computer operations

Question 39

Computer operators and data entry personnel should never be allowed to act as ________.

Answer 39

Programmers

Question 40

Systems programmers should never have access to _________.

Answer 40

application program documentation

Question 41

Data administrators should not have access to ______.

Answer 41

computer operations, live data

Question 42

Application programmers and systems analysts should never have access to _________

Answer 42

computer operations, live data

Question 43

Application programmers and systems analysts should not ____________..

Answer 43

Control access to computer resources.