IT Governance and Management

Question 1

List six risks that are greater in an automated than in manual systems.

Answer 1

Reliance on faulty programs, unauthorized access, unauthorized changes, failure to update systems, inappropriate manual intervention, data loss.

Question 2

Do automated systems increase or decrease the potential for data analytics compared with manual accounting systems?

Answer 2

ncrease since they are designed to include data and text analytic subsystems (e.g., expert systems, DSS, executive support systems).

Question 3

How does segregation of duties differ in an automated, compared to a manual, accounting system?

Answer 3

Segregated functions are often combined in automated systems, with automated processes then used as a compensating control.

Question 4

How does the audit trail differ in an automated, compared to a manual, accounting system?

Answer 4

In automated systems, audit trails are often in imaged or other electronic forms. In manual systems, they were paper.

Question 5

Describe the control objectives for information and related technology (COBIT) framework.

Answer 5

A widely used international standard for identifying best practices in IT security and control. Provides management with an information technology (IT) governance model that helps in delivering value from IT processes and in understanding and managing the IT related risks.

Question 6

What are the three major components of the COBIT model?

Answer 6

1. Domains and processes,
2. information criteria,
3. IT resources.

Question 7

According to the COBIT model, what are the four IT domains?

Answer 7

1. Planning and organization,
2. acquisition and implementation,
3. delivery and support, and
4. monitoring and evaluating

Question 8

According to the COBIT model, what are the seven criteria or properties that information should possess?

Answer 8

1. Effectiveness,
2. efficiency,
3. confidentiality,
4. integrity,
5. availability,
6. compliance, and
7. reliability

Question 9

According to the COBIT model, what are the five physical resources that, together, comprise an IT system?

Answer 9

1. People,
2. applications,
3. technology,
4. facilities, and
5. data.

Question 10

What are enterprise resource planning systems (ERPs) ?

Answer 10

These systems provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ERPs attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions.

Question 11

Define online transaction processing system (OLTP)

Answer 11

This system incorporates data warehouse and data mining capabilities into an ERP system.

Question 12

What is an online analytical processing system (OLAP)?

Answer 12

This system incorporates data warehouse and data mining capabilities into an ERP system.

Question 13

What is a cloud-based system?

Answer 13

A cloud-based system is a virtual data pool that is created by contracting with a third-party data storage provider.

Question 14

Define Infrastructure as a Service (IaaS).

Answer 14

Use of the cloud to access virtual hardware, such as computers and storage. Examples include Amazon Web Services and Carbonite.

Question 15

Define Platform as a Service (PaaS).

Answer 15

Creating cloud-based software and programs Salesforce.com’s Force.com is an example of PaaS.

Question 16

Define Software as a Service (SaaS).

Answer 16

Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS. Also Google Docs.

Question 17

Define Scalability.

Answer 17

The capacity of a system to grow with the information processing needs of an organization.

Question 18

Define BCM/BCP.

Answer 18

Business (or organizational) continuity management (sometimes abbreviated BCM) is the process of planning for disasters and embedding this plan in an organization’s culture. This is sometimes also called business continuity planning (BCP).

Question 19

What is DRP?

Answer 19

DRPs (disaster recovery plans) enable organizations to plan for, and recover from, disasters. DRP processes include maintaining program and data files, and enabling transaction processing facilities. In addition to backup data files, DRPs must identify mission-critical tasks and ensure uninterrupted processing for these tasks.

Question 20

Define cold site (empty shell).

Answer 20

An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization.

Question 21

Define warm site.

Answer 21

A location to which the business can relocate after a disaster. The location is already stocked with computer hardware similar to that of the original site, but does not contain backed up copies of data and information.

Question 22

Define hot site.

Answer 22

An off-site location that is completely equipped to immediately take over the company’s data processing. All equipment plus backup copies of essential data files and programs are also usually maintained at this location. It enables the business to relocate with minimal losses to normal operations - typically within a few hours. A hot site is one of the most expensive facilities to maintain.

Question 23

Define Mirrored Site

Answer 23

Fully redundant, fully staffed, and fully equipped site with real-time data replication of mission critical systems (ex: credit card processing).

Question 24

What is a business impact analysis (BIA)?

Answer 24

Identifies the maximum tolerable interruption periods of an organization by function and activity as a part of assessing risk importance and consequences.

Question 25

List the three main functional areas within an information technology department.

Answer 25

1. Applications Development
2. Systems Administration and Programming
3. Computer Operations

Question 26

Describe the responsibilities of application programmers.

Answer 26

They work under the direction of the systems analyst to write the actual programs that process data and produce reports

Question 27

Which department is responsible for developing new systems?

Answer 27

Applications development.

Question 28

Describe the responsibilities of the computer operations department.

Answer 28

Responsible for the day-to-day operations of the computer system

Question 29

What personnel in an organization should have access to computer operations (“live data”)?

Answer 29

Computer operators (and systems programmers, though their access should be limited to times when they need to update systems hardware or software).

Question 30

What are the duties of the file librarian.

Answer 30

Responsible for controlling IT-related files, checking them in and out only as necessary to support scheduled jobs. Should not have access to live operating equipment or data.