Domain III – Information Technology – Section B: IT Infrastructure and IT Control Frameworks

Question 1

Types of Processing Facilities

Answer 1

The information processing facility may be organized in one of three ways: Centralized, Decentralized, and Distributed

Question 2

Centralized Facility

Answer 2

establishes only one computer department in the whole company where all the processing takes place. Data entry and retrieval may occur either at the centralized facility or from terminals connected to the facility.
=> All departments send requests to the centralized facility describing their processing and information requirements. Information is processed and sent back to the user departments.

Question 3

Decentralized Facility

Answer 3

establishes a separate computer facility to service the needs of each major department or unit in an organization. The department and its processing requirements dictate the size of each facility.

Question 4

Distributed Computer Facility

Answer 4

In a distributed computer facility, both the centralized and decentralized facilities are combined
=> Users have their own computer equipment, but some computer terminals are connected to a bigger computer in a remote location.

Question 5

Data Processing Methods

Answer 5

• Batch Method – data is initially input and grouped in temporary transaction files, before processing the data and updating the master file.
• Online Method – data is processed immediately after each input rather than being stored in a temporary file for later processing.

Question 6

Data file

Answer 6

is a file that includes raw data for processing. They may be categorized as: transaction file, master file, report file, output file, history file, backup file.

Question 7

Program file

Answer 7

is the file that includes the instructions required by the computer.
=> Program files may be: in‐house developed, custom‐made, ready‐made or off‐the‐shelf

Question 8

Operating System

Answer 8

is a program consisting of a set of internal command instructions that allows the computer to utilize its own resources and direct its operations.
- It is the first program loaded to the system’s memory once started and remains active at all times.
=> The operating system acts as the interface between the physical hardware, the software applications, and the users.

Question 9

Network

Answer 9

is a system of interconnected computers including the hardware and software needed to connect them.

Question 10

Local Area Networks (LAN)

Answer 10

are networks that serve users within a specified geographical area (usually within one building, or more than one building in close proximity).

Question 11

Wide Area Networks (WAN)

Answer 11

are networks that serve users across an extended geographical region using various transmission media for connectivity.
Types of WANs
- Integrated Services Digital Networks (ISDN)
- Virtual Networks (VNs)
- Wireless Networks
- Value‐Added Networks (VANs)

Question 12

Metropolitan Area Networks (MAN)

Answer 12

are networks that fill that gap between LANs and WANs serving users within the same town or city dispersed over approximately 50 km.

Question 13

Integrated Services Digital Networks (ISDN)

Answer 13

are WAN networks used for voice, data, and video communication through the use of digital switching and transmission technologies.

Question 14

Virtual Networks (VNs)

Answer 14

are private secure networks working within a vulnerable network.

Question 15

Wireless Networks

Answer 15

are WAN networks that allow users to access information instantly via wireless handheld devices such as mobile phones.

Question 16

Value‐Added Networks (VANs)

Answer 16

are networks that provide other services such as storage, data translation, and error correction.

Question 17

Mainframe

Answer 17

is the most powerful type of computers after the supercomputer. They are powerful computers that support the processing requirements of thousands of users (e.g., computers used by most banks and large corporations).

Question 18

Gateways

Answer 18

are a combination of hardware and software packages that has its own processor and memory. A gateway is used to interconnect networks that use different protocols by performing protocol and bandwidth conversions.

Question 19

Protocol

Answer 19

refers to the rules used by network operations to control the flow and priority of transmissions.

Question 20

Electronic Funds Transfer (EFT)

Answer 20

is the exchange of money via telecommunications. Money is transferred from one account to another electronically without the actual exchange or dealing with cash.

Question 21

Database Administrator

Answer 21

is generally responsible for the administration of the organizations’ database. The primary responsibility of a database administrator is to ensure that date is available, secured, and easily accessible as needed.

Question 22

Librarian

Answer 22

records, issues, receives, and safeguards all program and data files that are owned/used by the organization.

Question 23

Network Administrator

Answer 23

administers the technical and administrative functionality of the organization’s network.

Question 24

Help desk function

Answer 24

is a unit within the organization that responds to users’
technical questions. The help desk staff usually respond directly when resolving minor problems, however, may refer to the IT department, or help desks of suppliers when resolving more complex problems.

Question 25

Security Officer

Answer 25

ensures that the users are complying with the corporate security policy and that there are adequate controls to prevent unauthorized access to the system
including data, programs, and equipment.

Question 26

Systems Analyst

Answer 26

is responsible for defining user requirements and designing the system accordingly. The detailed design prepared by the systems analyst is used by the
programmers for creating the related program.

Question 27

Programmers

Answer 27

are responsible for developing and maintaining the software (both system and application software). Programmers convert the design prepared by the
system analyst into machine executable modules. They are also responsible for maintaining the software after it has been developed.

Question 28

Change Control

Answer 28

ensures that changes to programs have a minimal impact on processing and result in minimal risk to the overall system.

Question 29

COBIT

Answer 29

is a framework created by Information Systems Audit and Control Association (ISACA) for information technology (IT) governance and management. It is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.

Question 30

COBIT‐2019 Principles

Answer 30

• Principles for a Governance System: provide stakeholder value, holistic approach, dynamic governance system, governance distinct from management, tailored to enterprise needs, end‐to‐end governance system.
• Principles for a Governance Framework: based on a conceptual model, open and flexible, aligned to major standards.

Question 31

COBIT‐2019 Objectives

Answer 31

COBIT‐2019 has developed 40 core governance and management objectives.

1. Governance Objectives – are grouped in one domain, which is the Evaluate, Direct and Monitor
2. Management Objectives – are grouped in four domains: (1) Align, Plan and Organize, (2) Build, Acquire and Implement, (3) Deliver, Service and Support, (4) Monitor, Evaluate and Assess

Question 32

Electronic Systems Assurance and Control (eSAC)

Answer 32

The eSAC model published by the IIA sets the stage for effective technology risk management by giving companies a framework to guide an evaluation of the e‐business control environment.

• provides a framework to help management, corporate governance entities, and internal auditors understand evaluate, monitor, and mitigate technology risks.
• examines risks in all organizational components, including customers, competitors, regulators, community, and owners.

Question 33

The eSAC model includes the following components:

Answer 33

 Organization’s Mission and Outcomes – The organization typically pursues its mission through establishing strategies and objectives consistent with its values.
 Control Context – A sound control environment helps the organization stay on its path as it moves from mission to results. The eSAC model adopts the broad control context from COSO
 Assurance Objectives – The eSAC provides control attributes that are particularly pertinent for e‐business activities (i.e. Availability, Capability, Functionality, Protectability, Accountability)