IT

Question 1

A parity check is..

Answer 1

Not an input control. It is a hardware control that makes certain each piece of data has the appropriate odd or even number of data components, or data bits.

Question 2

Distributed Processing Environment

Answer 2

Various processes are performed separately by the individuals responsible in their locations and are integrated into a central system

Question 3

Define “Integrated Test Facility (ITF).”

Answer 3

Dummy division and fictitious transactions ran along with client data (Use auditor and client data in the client’s computer system)
* Another use of ITF is embedded audit modules

Question 4

What is the purpose of test data procedures?

Answer 4

To process known errors to see if the client’s system catches them. The auditor only needs to include those errors that are important to the auditor (that is, the auditor need not include every possible type of error). There may be a danger of contaminating the client’s database with the test data.

Question 5

Who should have responsibility of modifying and adapting operating system software?

Answer 5

System Analysts

Question 6

Describe a hot site..

Answer 6

Location has redundant hardware and software that’s already configured and ready to preserve the continuity in disaster

Question 7

What are VANs?

Answer 7

Links files of different companies together (connects trading partners)

Question 8

Systems Development Life Cycle

Answer 8

1. Planning- feasibility study to determine objectives, is existing system meeting requirements, etc
2. Analysis- define problem and qualitative solutions (custom or vendor supplied)
3. Design- baseline for system and specs needed, or select purchased system (proposal)
4. Development- use specs to program formalized process, unit testing (watch for scope creep); if purchased configure new system to org needs
5. Testing- establish actual operation, final testing and user sign off (meet needs? intended objectives?)
6. Implementation- implement formal process, assess adequacy, cost/benefit, ROI, end user management
7. Maintenance- monitoring and support, training

Question 9

COBIT 5 core principles

Answer 9

1. Meeting stakeholders needs
2. End to end application (seamless governance a sa whole and mngmt of IT apply to all components)
3. Development of single integrated framework
4. Enabling a holistic approach
5. Separating governance from management

Question 10

Application controls include:

Answer 10

Preventative
Detective
Corrective
** They are NOT company wide controls

Question 11

Test Data

Answer 11

Data- Auditor

Program- Client

Question 12

Controlled Reprocessing

Answer 12

Data - Client

Program- Client, but auditor computer

Question 13

ITF

Answer 13

Data - Auditor and client

Program- Client

Question 14

Parallel Simulation

Answer 14

Data- Client

Program- Auditor (going around their system)

Question 15

Primary purpose of disaster recovery plan

Answer 15

To specify the steps required to resume operations

Question 16

Systems Programmers

Answer 16

• Writes, updates, maintains software and systems and compilers
• For controls, can’t also have application programming duties and can’t be a Systems Operator

Question 17

List the Management Reporting Systems

Answer 17

Mngmt Info (MIS)
Decision Support (DSS)
Enterprise Resource Planning (ERP)- automate/integrate business process, share data, access real time
Executive Support Info (MA, etc)
Analytical Processing (query, retrieval)
Expert System

Question 18

End to End Application

Answer 18

COBIT 5 approaches:

1. System for IT should seamlessly integrate into system of governance for enterprise as a whole
2. Systems for governance of IT should apply to all components both internally and externally

Question 19

Limit Test

Answer 19

Confirms information against established limits (minimum age, etc)

Question 20

Segregated IT roles

Answer 20

Operators (Administrators)
Programmers (Engineers)
Librarians (Custodians)

Question 21

The least risky strategy for conversion from a manual to computerized payroll system would be a

Answer 21

Parallel conversion

Question 22

Which of the following best describes a time-sharing center?

Answer 22

A computer remotely accessed by a number of different users, who are unaware of each other

Question 23

IT Functions Segregation

Answer 23

{COPAL}
Control group- responsible for IT, passwords, etc
Operators- convert data into machine read-able
Programmer- develops and writes computer programs, debugging programs, writes manual
Analyst- designs overall system, prepares flowchart
Librarian- keeps track of program/files; maintains storage data and backups; controls access

Question 24

IT input controls

Answer 24

Provide reasonable assurance that data rec’v by IT have been authorized, converted to machine sensible form (transaction entry; file maintenance; inquiry transactions; error correction)

Question 25

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?

Answer 25

Validity check- only authorized codes will be accepted

Question 26

Systems Operator

Answer 26

• Schedules and monitors jobs (Administrators)
• Runs IT help desk
• Control, can’t be a Systems Programmer

Question 27

What is the primary objective of data security controls?

Answer 27

To ensure that storage media are subject to authorization prior to access, change, or destruction

Question 28

Executive Information System

Answer 28

• Specialized for company executive needs
• Assists with strategy only
• No decision-making capabilities

Question 29

Which controls are typically included in an organization’s disaster recovery plan?

Answer 29

Backup and downtime controls (data transmission, data input, and data processing controls are not disaster recovery plan but part of normal operations)

Question 30

Cloud computing/Data storage

Answer 30

• More convenient
• Cost effective
• Risk of unauthorized access (not the best way to store sensitive company info)
• 3rd parties manage data and risk

Question 31

What is the Network Administrator responsible for

Answer 31

Design and implementation of security policies