Information Technology Governance

Question 1

Relating to IT governance, what is the best action an LARGE organization can take to increase internal control effectiveness? This does not apply to small organizations.

Answer 1

Segregation of duties

Question 2

Relating to IT governance, what is the best action an SMALL organization can take to increase internal control effectiveness?

Answer 2

Engaging the owner in the activities of the business. This is an important COMPENSATING control.

Question 3

1. The uniformity of transaction processing is higher in automated than manual systems. True or false?
2. A greater level of control is necessary in automated than manual systems. True or false?

Answer 3

Statement one = true

Statement two = false

Question 4

An automated computerized accounting system ________ the incidences of clerical errors and __________ the incidences of systematic errors.

Answer 4

1. Reduce instances of clerical errors. System automatically checks for errors.
2. Increases instances of systematic errors. Errors in programming can occur.

Question 5

Do computerized systems increase or decrease the need for access controls (logical and physical)?

Answer 5

Increase. Because computerized systems actually increase the number of points where the system can be accessed, increasing the need for both physical and logical access controls.

Question 6

What is a key characteristic that distinguishes computer processing to manual processing? (Hint: related to data entry)

Answer 6

Computer processing virtually eliminates computational errors.

Question 7

How does computerized accounting systems (online real-time processing) differ from manual accounting systems with regards to job functions?

Answer 7

It is common for computerized systems to combine functions that would be considered incompatible in a manual system.

Question 8

With regards to accounting systems, ledgers, journals, and invoices are part of what accounting system?

Answer 8

Manual

Question 9

With regards to accounting systems, e-vouchers, automated transactions, and concentration of information are part of what accounting system?

Answer 9

Automated

Question 10

Are audit trails easier to follow and more transparent in automated or manual accounting systems?

Answer 10

Automated

Question 11

Processing speed, fewer idiosyncratic errors, and lower likelihood of intrusion are advantages of what accounting system?

Answer 11

Automated

Question 12

An automated system requires controls related to people, software, and hardware. Are access controls more or less of important in automated system as to manual?

Answer 12

More important. Highly important.

Question 13

Compared to manual systems, automated systems have
1. ________ risks related to remote access
2. ________ risks related to concentration of information
3. ________ opportunities for directly observing processes
Answer: Either increase or decrease

Answer 13

1. Increase risks for remote access
2. Increase risks for concentration of info
3. Decreased opportunities for observing processes

Question 14

______ processing errors are the MOST IMPORTANT risk related to computer accounting systems.

Answer 14

Systematic

Question 15

Authorization is often _____ in online systems. (Hint: automated or manual)

Answer 15

Automated

Question 16

Do both manual and automated accounting systems require stringent internal controls? Can they both produce inaccuracy in financial reporting?

Answer 16

Yes and yes

Question 17

Balancing risk versus return is over IT and its processes and strategically managing and acquiring IT resources in support of the organization’s mission is the primary goal of what?

Answer 17

IT Governance

Question 18

Is COBIT (Control Objectives for Information and related Technology) a required framework that should be adopted and implemented?

Answer 18

No it’s not required. There are many IT governance models and frameworks that an organization can implement.

Question 19

There are four domains and processes of IT COBIT framework. They are?

Answer 19

1. Planning and organization
2. Acquisition and implementation
3. Delivery and support
4. Monitoring

Question 20

What are seven desired information attributes of COBIT framework?

Answer 20

1. Effective
2. Efficient
3. Confidential
4. Integrity
5. Available
6. Compliant
7. Reliable

Question 21

COBIT provides a framework for ______ and management of _________.

Answer 21

1. IT Governance

2. Enterprise IT

Question 22

Guiding managers, users, and auditors to adopt best practices related to the management of information technology is an important purpose of what?

Answer 22

COBIT.

Question 23

Using the company’s IT strategic plan to consider how implementing something detracts or aligns with company’s business objectives is part of what domain in COBIT?

Answer 23

Planning and organization

Question 24

Assessing how to acquire, implement, or develop IT solutions that address business objectives and integrate with critical business process is part of what domain of COBIT?

Answer 24

Acquisition and implementation

Question 25

Relating to strategic decisions for IT management, which three of the four are the most important strategic decisions?
A. How a system can contribute to long-range business plan
B. How system would support daily business operations
C. How indicators can be developed to measure achievement of business objectives
D. How system reduces operating costs

Answer 25

First three are important. Reducing operating costs are least important.

Question 26

What are the four IT monitoring processes of COBIT model?

Answer 26

1. Monitor and evaluate IT performance (reviewing system response time logs)
2. Monitor and evaluate Internal controls
3. Ensure regulatory compliance
4. Provide IT guidance

Question 27

Assessing how to best deliver required IT services including operations, security, and training is part of what domain in COBIT?

Answer 27

Delivery and support

Question 28

A formal review process to assess how to best assess IT quality and compliance with control requirements is part of what domain in COBIT?

Answer 28

Monitoring

Question 29

COBIT is primarily focused on _______ organizational IT processes. COSO is primarily focus on ______ processes. (Hint: Answer is either internal or external)

Answer 29

COBIT - Internal

COSO - External

Question 30

The primary target audience for COBIT is? (Hint: type of auditor)

Answer 30

Internal auditors. COBIT is primary focused on internal organization IT processes.

Question 31

The primary target audience for COSO is? (Hint: type of auditor)

Answer 31

External auditors. COSO focuses primary of external processes.

Question 32

Review of outsourcing contracts and policies to improve service quality is part of what domain of COBIT model?

Answer 32

Delivery and support. This is part of assessing how to best deliver required IT services including operations, security, and training.

Question 33

Reviewing to determine if company complied with privacy REGULATIONS regarding customer data is part of what domain of COBIT model?

Answer 33

Monitoring. Analyzing compliance with privacy regulations is part of a formal review process to assess how to best assess IT quality and compliance with control requirements.

Question 34

Assessing whether to purchase, or internally develop, a new CRM (customer relationship management) system is part of what domain of COBIT model?

Answer 34

Acquisition and implementation. This is a part of assessing how to acquire, implement, or develop IT solutions that address business objectives and integrate with critical business process.

Question 35

IT staff, computer servers, network structure, and routers are examples of what? (Hint: IT _______)

Answer 35

IT resources

Question 36

Standards for user response times is an example of what?

Answer 36

Information criterion

Question 37

Improving responsiveness and flexibility, and aiding the decision-making processes in an organization, are important goals of an _________.

Answer 37

ERP system

Question 38

An important goal of ERP is to ______ data redundancy and an ERP will _____ the costs of implementation and training.

Answer 38

• reduce data redundancy

- increase the costs of implementation

Question 39

Regarding cloud service delivery models, _____ is the use of the cloud to access virtual hardware.

Answer 39

IaaS (Infrastructure as a service)

Question 40

Regarding cloud service delivery models, ______ is the use of the cloud to create (not access) software.

Answer 40

PaaS (Platform as a service)

Question 41

Regarding cloud service delivery models, _____ is the use of the cloud to use (not create) software.

Answer 41

SaaS (Software as a service). Example Office 365.

Question 42

The _______________ incorporates data warehouse and data mining capabilities within the ERP.

Answer 42

Online analytical processing system (OLAP)

Question 43

The _______________ (1) records the day-to-day operational transactions and enhances the visibility of these transactions throughout the system. It is primarily the ____ (2)and not the ____, (3) that provides an integrated view of transactions in all parts of the system.

Answer 43

1. OLTP
2. OLAP
3. OLTP

Question 44

The _______ is primary concerned with collecting data (and not analyzing it) across the organization.

Answer 44

Online transaction processing system (OLTP)

Question 45

What is a key distinction between OLAP and OLTP with regards to data?

Answer 45

OLAP analyzes data

OLTP collects data

Question 46

________ provide information to mid- and upper-level managers to assist them in managing non-routine problems and in long-range planning. (Hint: Type of system)

Answer 46

Decision support system (DSS)

Question 47

_________ are a subset of DSS especially designed for forecasting and making long-range, strategic decisions; thus, these systems have a greater emphasis on external data. (Hint: Type of system)

Answer 47

Executive support system (ESS)

Question 48

This system facilitate the work of clerical employees by providing information relevant to their day-to-day activities.

Answer 48

Office automation system

Question 49

What is the most effective system to implement that integrates all functional areas within an organization to allow information exchange and collaboration among all parties involved in business operations?

Answer 49

Enterprise resource planning system

Question 50

___ provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ____ attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions. (Hint: Same answer for both blanks)

Answer 50

ERPs

Question 51

Explain the primary objective of enterprise resource planning systems?

Answer 51

Integrate data from all aspects of an organization’s activities.

Question 52

What type of management reporting system would encompass querying a data warehouse and drilling down into transaction and trend information via various network set-ups?

Answer 52

OLAP. On-line analytical processing system.

Question 53

Data loss, vendor security failure, and system hacks are all risks of what? (Hint: type of computing)

Answer 53

Cloud-based computing.

Global visibility not a risk

Question 54

The below are all motivations to implement what type of system?

1. Reducing data redundancy
2. Improving organizational agility
3. Improving data analytic capabilities

Answer 54

ERP

Question 55

ERPs increase or decrease system complexity?

Answer 55

Increase

Question 56

What are the three most likely reasons an ERP system fails?

Answer 56

1. Poor system development process
2. Lack of management support
3. Underestimating system implementation

Question 57

Analyzing customer sales to determine optimal opening and closing times would be part of what type of system?

Answer 57

OLAP. This is an example of a data mining application within an online analytical processing (OLAP) system.

Question 58

The preparation of a simple payroll report is an application of an ___________ system.

Answer 58

Online transaction processing system (OLTP). This deals with data collection.

Question 59

Using ERM to determine which accounts would provide most profitable returns to a company would a be an application of what type of system?

Answer 59

CRM (Customer relationship management)

Question 60

ERP (Enterprise resource planning) is an application software most likely to be used by what type of size organization?

Answer 60

Medium to large size

Question 61

What are the three main functional areas within most IT departments?

Answer 61

1. Applications development
2. Systems administration and programming
3. Computer operations

Question 62

The functions below all relate to what functional area within IT department?

1. Network maintenance
2. Wireless access
3. Antivirus management

Answer 62

Systems administration

Responsibilities do not need to be segregated

Question 63

The functions below all relate to what functional area within IT department?

1. Data entry
2. Quality assurance

Answer 63

Operations

Responsibilities do not need to be segregated

Question 64

Application programming occurs within what function of an IT department?

Answer 64

Applications development

Question 65

With regards to IT departmental responsibilities, these should be segregated to different individuals ideally based on?

Answer 65

Different functional areas of IT

Question 66

Why does data entry (operations) and application programming (development) need to be delegated to separate individuals? (Hint: Two reasons)

Answer 66

1. This is because if one both enters data and changes the programs into which those data are entered, one can perpetrate consequential financial frauds
2. Those responsibilities are in different functions (operations vs development)

Question 67

With regards to IT responsibilities and functions, this position is responsible for managing the flow of documents and reports in and out of the computer operations department. What position is it?

Answer 67

Data control clerk

Question 68

With regards to IT responsibilities and functions, this position keys (i.e.) enters, hand-written or printed records to convert them into electronic media. What position?

Answer 68

Data entry clerk

Question 69

With regards to IT responsibilities and functions, this position is responsible for operating the computer, including loading program and data files, running the programs, and producing the output. What position?

Answer 69

Computer operator

Question 70

With regards to IT responsibilities and functions, this position is responsible for maintaining control over the computer operations files, but not for controlling the flow of documents into and out of the computer operations department. What position?

Answer 70

File librarian

Question 71

Managing remote access to the systems they control is a responsibility of who? (Hint: type of position)

Answer 71

Network administrator (or system administrator).

Question 72

When a programmer who writes applications also has access to a file library, why is this is problem?

Answer 72

If she changes both live and archive copies of programs, changes that she has made may not be detected.

Question 73

Evaluating the quality and nature of IT department staff training is essential to retaining ____________________,

Answer 73

Competent individuals within an organization

Question 74

When a network administrator provides support to server (via dial-up connection) and then leaves the company, if the company fails to remove user account(s) among an employee leaving, then this will be a ____ risk to the company.

Answer 74

Control

Question 75

Coding approved changes to a payroll program is an appropriate responsibility of an application programmer. Which of the following are should not be responsibilities of this position?
A. Have access to operating software to make modifications
B. Correcting data entry errors
C. Have access to program code or archive documentation

Answer 75

All of the above

Question 76

This position is responsible for maintaining the hardware and software aspects of a computer network. What position is it?

Answer 76

Network administrator

Question 77

Developing application programs is a function of what position?

Answer 77

Application programmers

Question 78

Installing operating system upgrades is a function of what position?

Answer 78

System programmers

Question 79

Limited access to employee master files to authorized employees in the personnel department could prevent an employee from getting paid an appropriate hourly wage, why?

Answer 79

Limiting access to employee master files to authorized employees would help prevent unauthorized changes in the wage rates in the master files.

Question 80

When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an error report. The error report should most probably be reviewed and followed up by the?

Answer 80

Control group

Question 81

________ responsible for providing a continuous review function by supervising and monitoring input, operations, and the distribution of output. Has INTERNAL AUDIT responsibilities.

Answer 81

Control group

Question 82

This position has responsibility for the overall operation of the information systems department. What position?

Answer 82

Supervisor of computer operations

Question 83

This position is responsible for designing the system. What position?

Answer 83

Systems analyst.

Question 84

This position is charged with designing program flowcharts and writing computer programs based on the work of the systems analyst. What position?

Answer 84

Computer programmer

Question 85

Machine operators _______ (by nature of operating the system) have access to error messages and will distribute them to the control group. Machine operators _____ have access to the systems manual. Machine operators _____ be supervised by programmer (Should or should not).

Answer 85

1. Should
2. Should not
3. Should not

Question 86

Good internal control in a computer system requires that operators, programmers, and the library function be _________.

Answer 86

Segregated

Question 87

Which of the following are effective control measures?

1. Periodic rotation of operators
2. Mandatory vacations
3. Controlled access to the facility
4. Segregation of personnel for controlling input and output

Answer 87

All of the above

Question 88

Modifying and adapting operating system software is a function of what position?

Answer 88

Systems programmer

Question 89

Correcting detected data entry errors for the cash disbursement system is a function of what person(s)?

Answer 89

Data control personnel

Question 90

Maintaining custody of the billing program code and its documentation is function of?

Answer 90

Data library personnel

Question 91

_______ have the ability to add or update documentation items in data dictionaries.

Answer 91

Database administrators

Question 92

_________ are given responsibility for maintaining system software, including operating systems and compilers.

Answer 92

Systems programmers

Question 93

_______ is responsible for developing systems. (Unit type)

Answer 93

Applications development unit

Question 94

The responsibility of ________ is to implement and maintain system-level software such as operating systems, access control software, and database systems software. (Unit type)

Answer 94

Systems programming unit

Question 95

Help desks are usually a responsibility of _________ because of the operational nature of their functions (for example, assisting users with systems problems involving prioritization and obtaining technical support/vendor assistance). (Unit type)

Answer 95

Computers operations unit

Question 96

The responsibility of ______ is to interact with application systems as planned.

Answer 96

User departments

Question 97

________ is responsible for designing the computer system, including the goals of the system and means of achieving those goals, based upon the nature of the business and its information needs. The _________ also must outline the data processing system for the computer programmer with system flowcharts. (same answer)

Answer 97

Systems analyst

Question 98

_______ write detailed programs based upon the work of the systems analyst.

Answer 98

Computer programmers

Question 99

The _____ has overall responsibility for the computer operations function (systems design, programming, operations, library, etc.).

Answer 99

Data processing manager

Question 100

Why would computer operators have access to operator instructions and detailed program listings lessen internal control?

Answer 100

computer operators who have access to detailed program listings have the opportunity to modify the programs.

Question 101

Should a systems programmer maintain output controls?

Answer 101

No.

Question 102

_________ are responsible for analyzing and designing computer systems; they generally lead a team of programmers who complete the actual coding for the system; they also work with end users to define the problem and identify the appropriate solution.

Answer 102

Systems analysts

Question 103

_____ work under the direction of the systems analyst to write the actual programs that process data and produce reports.

Answer 103

Application programmers

Question 104

______ responsible for management activities associated with the system they control. For example, they grant access to their system resources, usually with usernames and passwords.

Answer 104

Systems administrators (or network)

Question 105

______ maintain the various operating systems and related hardware. For example, they are responsible for updating the system for new software releases and installing new hardware.

Answer 105

System programmers

Question 106

______ must not be permitted to participate directly in systems operations.

Answer 106

System administrators

Question 107

______ not permitted to have access to information about application programs or data files.

Answer 107

System programmers