Chapter 9: Governance of the Information Systems Organization

Question 1

The process whereby the changing practices and expectation of consumers, shaped by the wide adoption of digital technologies in everyday life, will influence the IT‐related activities of workers and managers in organizations

Answer 1

IT consumerization

Question 2

aligning behavior with business goals through empowerment and monitoring.

Answer 2

Governance

Question 3

Empowerment comes from?

Answer 3

granting the right to make decisions

Question 4

Monitoring comes from?

Answer 4

evaluating performance

Question 5

What are the four (4) perspectives of IT governance?

Answer 5

1. Distribution of Decision Rights
2. Interaction and Allocation of Decision Rights in BU
3. Platform-based Governance
4. Control Structures for Governance Guidelines.

Question 6

shifts the focus from well‐bounded organizational contexts to contexts beyond organizational or industry boundaries in order to leverage digital ecosystems and IT consumerization

Answer 6

platform‐based governance

Question 7

bring together all staff, hardware, software, data, and processing into a single location

Answer 7

centralized IS organizations

Question 8

Scatter staff, hardware, software, data, and processing across different locations to address local business needs.

Answer 8

Decentralized IS organizations

Question 9

A hybrid of the Decentralzied and Centralized IS Organizations that aims to distribute power, hardware, software, data, and personnel between a central IS group and IS in business units.

Answer 9

Federalism

Question 10

What are the nine (9) advantages of Centralization

Answer 10

1. Global standards; common data
2. “One voice” for negotiating supplier contracts
3. Faster decision making because fewer people are involved
4. Greater leverage in deploying strategic IT initiatives
5. Economies of scale and a shared cost structure
6. Access to large capacity
7. Improved recruitment and training of IT professionals
8. Improved control of security and databases
9. Consistent with centralized enterprise structure

Question 11

What are the five (5) disadvantages of Centralization

Answer 11

1. Technology may not meet local needs
2. Slow support for strategic initiatives
3. Schism between business and IT organization
4. “Us versus them” mentality when technology problems occur
5. Lack of business unit control over overhead costs

Question 12

What are the six (6) advantages of Decentralization

Answer 12

1. Technology customized to local business needs
2. Close partnership between IT and business units
3. Greater flexibility
4. Reduced telecommunication costs
5. Consistency with decentralized enterprise structure
6. Business unit control of overhead costs

Question 13

What are the five (5) disadvantages of Decentralization

Answer 13

1. Difficulty in maintaining global standards and consistent data
2. Higher infrastructure costs
3. Difficulty in negotiating preferential supplier agreements
4. Loss of control
5. Duplication of staff and data

Question 14

What are the 10 advantages of Federalism

Answer 14

1. IT Vision and Leadership
2. Groupwide IT Strategy and Architecture
3. Economies of Scale
4. COntrol of Standards
5. Critical Mass of SKills
6. Users control IT priorities
7. Business Units have Ownership
8. Responsive to Business unit needs
9. Strategic Control
10. Synergy

Question 15

True or False

It is important to match the manager’s decision rights with his or her accountability for a decision.

Answer 15

True

Question 16

Mismatching the managers decision rights with his or her account ability results in.

Answer 16

either an oversupply of IT resources or the inability of IT to meet business demand.

Question 17

What are the two (2) major components of IT governance?

Answer 17

1. Assignment of decision‐making authority and responsibility
2. Decision‐making mechanisms

Question 18

What are the five (5) applicable categories of IT Decisions

Answer 18

1. IT Principles
2. IT Architecture
3. IT Infrastructure Strategies
4. Business Application Needs
5. IT Investment and Prioritization

Question 19

This IT decision category determines what IT assets are needed

Answer 19

IT Principles

Question 20

This IT decision category determines how to structure IT assets

Answer 20

IT Architecture

Question 21

This IT decision category determines how to build IT Assets

Answer 21

IT Infrastructure Stratagies

Question 22

This IT decision category determines how to acquire, implement, and maintain IT

Answer 22

Business Application Needs

Question 23

This IT decision category determines how much to invest and where to invest IT assets

Answer 23

IT Investment and Prioritization

Question 24

A pattern resulting from allocation of decision rights

Answer 24

Archetype

Question 25

What are the six (6) political Archetypes

Answer 25

1. Business Monarchy
2. IT Monarchy
3. Feudal
4. Federal
5. IT Duopoly
6. Anarchy

Question 26

This political archetype allocates decisions rights to a group of, or individual, business executives (i.e., CxOs). Includes committees comprised of senior business executives (may include CIO). Excludes IT executives acting independently

Answer 26

Business Monarchy

Question 27

This political archetype allocates decisions rights to individuals or groups of IT Executives

Answer 27

IT Monarchy

Question 28

This political archetype allocates decisions rights to Business Unit Leaders and key process owners or thier delegates

Answer 28

Feudal

Question 29

This political archetype allocates decisions rights to C‐level executives and at least one other business group (e.g., CxO and BU leaders)—IT executives may be an additional participant. Equivalent to a country and its states working together

Answer 29

Federal

Question 30

This political archetype allocates decisions rights to IT executives and one other group

Answer 30

IT Duopoly

Question 31

This political archetype allocates decisions rights to each individual user

Answer 31

Anarchy

Question 32

a committee composed of key stakeholders or experts who provide guidance on important IT issues

Answer 32

Steering Committee

Question 33

Steering committees work especially well with which political archetype , which calls for joint participation of IT and business leaders in the decision‐making process

Answer 33

federal archetype

Question 34

This level of steering committee provides strategic direction and funding authority for major IT projects and ensures that adequate resources be allocated to the IS organization for achieving strategic goals

Answer 34

The highest Level which reports to the BOD or the CEO

Question 35

This level steering committees provide a forum for business leaders to present their IT needs and to offer input and direction about the support they receive from IT operations

Answer 35

Lower Level Steering Commitees

Question 36

A layered architecture of digital technology combined with a governance model.

Answer 36

Digital Platform

Question 37

The ability of any self‐contained system to create, generate, or produce a new output, structure, or behavior without any input from the originator of the system

Answer 37

Generativity

Question 38

System that consists of self‐interested, self‐organizing, and autonomous digital entities; System of entities that is nourished by the significant impacts of the large variety of resources available from individuals, organizational units, and outside services.

Answer 38

Digital Ecosystems

Question 39

enacted in the United States in 2002 to increase regulatory visibility and accountability of public companies and their financial health

Answer 39

Sarbanes-Oxley Act of 2002

Question 40

According to SoX, CFOs and CEOs must do what?

Answer 40

Personally certify and be accountable for their firms’ financial records and accounting (Section 302)

Question 41

According to SoX Auditors must do what?

Answer 41

Auditors must certify the underlying controls and processes that are used to compile the financial results of a company (Section 404)

Question 42

According to SoX, Companies must do what?

Answer 42

Companies must provide real‐time disclosures of any events that may affect their stock price or financial performance within a 48‐hour period (Section 409)

Question 43

What five (5) control weaknesses were repeatedly uncovered by SOX auditors?

Answer 43

1. Failure to segregate duties
2. Lack of proper oversight
3. Inadequate review of audit logs
4. Failure to identify abnormal transactions
5. Lack of understanding of key system configurations.

Question 44

Name three (3) other frameworks used to implement SoX

Answer 44

1. Committee of Sponsoring Organizations of the Treadway Commission (COSO)
2. Control Objectives for Information and Related Technology (COBIT)
3. Information Technology Infrastructure Library (ITIL)

Question 45

What are the three (3) control objectives for management and auditors that focused on addressing risks to internal control as put fourth by the COSO

Answer 45

1. Operations
2. Compliance
3. Financial Reporting

Question 46

To make sure a company meets its control objectives, what five (5) essential control components did COSO establish?

Answer 46

1. Create control environement that addresses the overall culture of the company
2. Assess the most critical risks to internal controls
3. Create control structures that outline important processes and guidelines
4. Provide clear information about employees’ responsibilities and procedures to be followed
5. Monitor internal controls

Question 47

This governance framework provides guidelines about who in the organization should make decisions about IT processes, IT resources, and information to a company’s strategies and objectives

Answer 47

COBIT

Question 48

The COBIT governance framework defined four (4) major domain for risks?

Answer 48

1. Planning and organization
2. Acquisition and implementation
3. Delivery and support
4. Monitoring and evaluating

Question 49

A set of concepts and techniques for managing IT infrastructure, development, and operations, developed in the United Kingdom

Answer 49

ITIL

Question 50

What are the six (6) actics that CIOs can use in the implementation of SoX

Answer 50

1. Knowledge Building
2. Knowledge Deployement
3. Innovation Directive
4. Mobilization
5. Standardization
6. Subsidy

Question 51

This tactic seeks to establish a knowledge base to implement SoX

Answer 51

Knowledge Building

Question 52

This tactic seeks to Disseminate knowledge about SoX and develop an understanding of this knowledge by management and other organizational members

Answer 52

Knowledge Dissimination

Question 53

This tactic seeks to organize for implementing SoX and announce the approach

Answer 53

Innovation Directive

Question 54

This tactic seeks to Persuade decentralized players and subsidiaries to participate in SoX implementation

Answer 54

Mobilization

Question 55

This tactic seeks to negotiate agreements between organizational members to facilitate the SoX implementation

Answer 55

Standardization

Question 56

This tactic seeks to Fund the implementers’ costs during the SoX implementation and the users’ costs during its deployment and use

Answer 56

Subsidy