Information System Flashcards
One important purpose of COBIT is to
A. Guide managers, users, and auditors to adopt best practices related to the management of information technology.
B. Identify specific control plans that should be implemented to reduce the occurrences of fraud.
C. Specify the components of an information system that should be installed in an e-commerce environment.
D. Suggest the type of information that should be made available for management decision-making.
A. Guide managers, users, and auditors to adopt best practices related to the management of information technology.
This is one important purpose of COBIT.
COBIT
COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework created by international professional association ISACA for information technology (IT) management and IT governance.
In COBIT, the process of ensuring security and continuous service falls within the \_\_\_\_\_\_\_ control process domain. A. Acquire and implement. B. Deliver and support. C. Monitor and evaluate. D. Plan and organize.
B. Deliver and support.
The process of security and continuous service does fall within the deliver and support control process domain.
One important purpose of COBIT is to
A. Guide managers, users, and auditors to adopt best practices related to the management of information technology.
B. Identify specific control plans that should be implemented to reduce the occurrences of fraud.
C. Specify the components of an information system that should be installed in an e-commerce environment.
D. Suggest the type of information that should be made available for management decision-making.
A. Guide managers, users, and auditors to adopt best practices related to the management of information technology.
This is one important purpose of COBIT.
Which of the following is true of enterprise resource planning (ERP) systems?
I. The online analytical processing system (OLAP) provides data warehouse capabilities for the ERP system.
II. The ability of an ERP system to provide an integrated view of transactions in all parts of the system is a function of the online transaction processing (OLTP) system. A. I only. B. II only. C. Both I and II. D. Neither I nor II.
A. I only.
The online analytical processing system (OLAP) incorporates data warehouse and data mining capabilities within the ERP.
The online transaction processing system (OLTP) records the day-to-day operational transactions and enhances the visibility of these transactions throughout the system. It is primarily the OLAP and not the OLTP, that provides an integrated view of transactions in all parts of the system. The OLTP is primary concerned with collecting data (and not analyzing it) across the organization.
A client would like to implement a management information system that integrates all functional areas within an organization to allow information exchange and collaboration among all parties involved in business operations. Which of the following systems is most effective for this application?
A. A decision support system.
B. An executive support system.
C. An office automation system.
D. An enterprise resource planning system.
D. An enterprise resource planning system.
ERPs provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ERPs attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions. This is the correct answer since facilitating information exchange and collaboration is the primary purpose of the proposed system.
In DRP (disaster recovery plan), top priority is given to which activities? A. Accounting. B. Manufacturing. C. Mission critical. D. Business critical.
C. Mission critical.
Mission critical tasks are given first priority in DRP.
In DRP (disaster recovery plan), the lowest priority is given to which activities? A. Accounting. B. Manufacturing. C. Mission critical. D. Task critical.
C. Mission critical.
A controller is developing a disaster recovery plan for a corporation’s computer systems. In the event of a disaster that makes the company’s facilities unusable, the controller has arranged for the use of an alternate location and the delivery of duplicate computer hardware to this alternate location. Which of the following recovery plans would best describe this arrangement?
A. Hot site. B. Cold site. C. Back-up site procedures. D. Hot spare site agreement.
B. Cold site.
In a cold site approach to disaster recovery, hardware and records are delivered after the occurrence of a disaster. This approach is less expensive, but more risky than a hot site approach.
DRP
disaster recovery plan
Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals?
A. Network maintenance and wireless access.
B. Data entry and antivirus management.
C. Data entry and application programming.
D. Data entry and quality assurance.
C. Data entry and application programming.
The separation of the data entry function from the application programming function is critical to the segregation of duties within an IT department. This is because if one both enters data and changes the programs into which those data are entered, one can perpetrate consequential financial frauds. This is why data entry occurs within the operations unit of an IT department and application development occurs within the development function of an IT department. These functions must be kept separate and their duties segregated. Therefore, this is the best answer to the question.
In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?
A. Managing remote access.
B. Developing application programs.
C. Reviewing security policy.
D. Installing operating system upgrades.
A. Managing remote access.
Managing remote access is an appropriate responsibility for a network administrator.
IT people controls are mostly A. Application, Corrective. B. General, Corrective. C. General, Detective. D. General, Preventive.
D. General, Preventive.
Most IT people controls are general and preventive. For example, the segregation of duties prevents employees from making unauthorized changes to program and data files.
In a large firm, the custody of an entity's data is most appropriately maintained by which of the following personnel? A. Data librarian. B. Systems analyst. C. Computer operator. D. Computer programmer.
A. Data librarian.
The data librarian is the person who should maintain the custody of an entity’s data in a large firm.
To maintain effective segregation of duties within the information technology function, an application programmer should have which of the following responsibilities?
A. Modify and adapt operating system software.
B. Correct detected data entry errors for the cash disbursement system.
C. Code approved changes to a payroll program.
D. Maintain custody of the billing program code and its documentation.
C. Code approved changes to a payroll program.
This is an appropriate responsibility for an application programmer.