IT Systems and Business Continuity

Question 1

Organizational controls concern the proper segregation of

Answer 1

Duties and responsibilities within the information systems department.

Question 2

The responsibilities of systems analysts, programmers, operators, file librarians, the control group, and others should be

Answer 2

Assigned to different individuals, and proper supervision should be provided.

Question 3

Traditional segregation of responsibilities for authorization, recording, and access to assets

Answer 3

May not be feasible in an IT environment

Question 4

IT personnel in an organization are

Answer 4

1) Systems analysts
2) Database Administrator (DBA)
3) Programmers
4) Operators

Question 5

Are specifically qualified to analyze and design computer information systems. They survey the existing system, analyze the organization’s information requirements, and design new systems to meet those needs. They should not have access to data center operations, production programs, or data files.

Answer 5

Systems analysts

Question 6

Is the individual who has overall responsibility for developing and maintaining the database and for establishing controls to protect its integrity.

Answer 6

Database administrator (DBA)

Question 7

Design, write, test, and document the specific programs according to specifications developed by the analysts. They should not have access to the data center operations or to production programs or data.

Answer 7

Programmers

Question 8

Are responsible for the day-to-day functioning of the data center, whether the organization runs a mainframe, servers, or anything in between. They load data, mount storage devices, and operate the equipment. Should not be assigned programming duties or responsibility for system design.

Answer 8

Operators

Question 9

Was an early attempt to create an integrated computer-based information system. It was designed to plan and control materials used in a production setting

Answer 9

Materials requirements planning (MRP)

Question 10

Is intended to integrated enterprise-wide information systems across the organization by creating one database linked to all the entity’s applications.

Answer 10

The Traditional ERP system

Question 11

Has added front-office functions. These connect the organization with customers, suppliers, shareholders or other owners, creditors, and strategic allies.

Answer 11

The current generation of ERP software (ERP II)

Question 12

Is a network of networks all over the world.

Answer 12

Internet

Question 13

The three main parts of the Internet are:

Answer 13

1) Servers - that hold information
2) The clients - that view the information
3) The Transmission Control Protocol/Internet Protocol (TCP/IP) - suite of protocols that connect the two

Question 14

Is generally a dedicated computer or device that manages specific resources.

Answer 14

Server

Question 15

Was later developed as an open standard usable with many programs and platforms

Answer 15

Extensible Markup Language (XML)

Question 16

For financial statements is the specification developed by an AICPA-led consortium for commercial and industrial entities that report in accordance with U.S. GAAP.

Answer 16

Extensible Business Reporting Language (XBRL)

Question 17

Performs the fundamental tasks needed to manage computer resources.

Answer 17

Systems software

Question 18

The most basic piece of systems software. Is an interface among users, application software, and the computer’s hardware.

Answer 18

Operating system

Question 19

Controls over operating systems include

Answer 19

(a) Segregation of duties
(b) Testing before use
(c) Marking back-out plans and implementing changes in off-hours, and
(d) Keeping detailed logs of all changes

Question 20

Consist of (1) the hardware devices being connected and (2) the medium through which the connection is made.

Answer 20

Networks

Question 21

Connects devices within a single office or home or among buildings in an office park. Is owned entirely by a single organization.

Answer 21

Local area network (LAN)

Question 22

Connects devices across an urban area, for instance, two or more office parks.

Answer 22

Metropolitan area network (MAN)

Question 23

Consists of a group of LANs operating over widely separated locations. Can be either publicly or privately owned.

Answer 23

Wide area network (WAN)

Question 24

Examples of privately owned WANs include:

Answer 24

1) Value-added networks (VANs)
2) Virtual private networks (VPNs)
3) Private branch exchange (PBX)

Question 25

Includes the activity of disaster recovery and business continuity

Answer 25

Contingency planning

Question 26

Is the process of resuming normal information processing operations after the occurrence of a major interruption.

Answer 26

Disaster recovery

Question 27

Should describe IT recovery strategies, including details about procedures, vendors, and systems.

Answer 27

Disaster recovery plan (DRP)

Question 28

Is the continuation of business by other means during the period in which computer processing is unavailable or less than normal.

Answer 28

Business continuity

Question 29

Is the most basic part of any disaster recovery or business continuity plan

Answer 29

Periodic backup and offsite rotation of computer files

Question 30

Is a physical location maintained by an outside contractor for the purpose of providing processing facilities for customers in case of disaster.

Answer 30

Alternative processing facility

Question 31

Recovery centers take two basic forms:

Answer 31

A hot site or a cold site

Question 32

Is a fully operational processing facility that is immediately available.

Answer 32

Hot site

Question 33

Is a shell facility with sufficient electrical power, environmental controls, and communications lines to permit the organization to install its own newly acquired equipment.

Answer 33

Cold site