Module 8

Question 1

Separate systems

Answer 1

Wholly separate IT systems. Integration of information only occurs through transfers initiated by staff of information from one stand-alone system to another

Question 2

Enterprise systems

Answer 2

Systems from across different areas of a business that are connected to a central data system, which can be accessed across the business for a variety of purposes and activities

Question 3

Straight through processing

Answer 3

Removes the need for human intervention - the entire system is fully automated. Human intervention only occurs when exceptions must be managed

Question 4

IT controls should be designed so that they are

Answer 4

Tailored to the level of risk of the business

Question 5

Remit of IT department (5)

Answer 5

• Develop IT strategy
• Develop and communicate IT policy
• Develop procedures to address controls
• Specify scope of activites
• Monitor activities and IT controls

Question 6

In order to achieve effectiveness and efficiency through IT, businesses should (2)

Answer 6

• Perform regular assessments of infrastructure, applications, and user requirements
• Monitor both internal and external service provider activities

Question 7

Four steps for developing an IT strategic plan

Answer 7

1) Identify the starting position of IT within the org
2) Identify ideal IT systems to support bus in achieving objectives
3) Analyse the gaps between current and ideal IT environment
4) Build the systems project plan

Question 8

Control Objectives for Information and Related Technology (COBIT)

Answer 8

Framework providing set of generally accepted measures, indicators, processes and best practices to assist in the use of IT

Question 9

Four key areas ITGCs commonly cover (acronym)

Answer 9

APOC

Question 10

A >

Answer 10

Access to programs and data

Question 11

P >

Answer 11

Program changes and development

Question 12

O >

Answer 12

Computer operations

Question 13

C >

Answer 13

Continuity of operations

Question 14

IT General Controls (ITGCs)

Answer 14

Provide the foundation to the control activities over processing

Question 15

IT Application Controls (ITACs)

Answer 15

Automated procedures that typically operate at a transaction level and are designed to ensure the integrity of the data. These controls ensure that only information that is authorised, accurate and complete will be processed

Question 16

Master file data

Answer 16

Presents risks that must be addressed through both strong ITGCs and ITACs

Question 17

Master files

Answer 17

Contain data which may affect more than one processing cycle

Question 18

Master file change controls (7)

Answer 18

• All changes should be recorded on change request form
• Changes should be authorised appropriately
• Records of before and after should be kept and reviewed
• Segregation of duties
• Audit log should be generated
• Batch controls used for making numerous changes
• Complete listing of the data should be reviewed in detail periodically

Question 19

Program changes (2)

Answer 19

• Bug fixes

- Version upgrades

Question 20

In order to ensure changes and developments are appropriate, must consider: (4)

Answer 20

• Authorisation
• Development
• Testing
• Approval

Question 21

Changes should be made in what environment

Answer 21

Separate test environment (NOT live environment)

Question 22

Actions to be taken to mitigate risks from program changes (4)

Answer 22

• Migration to production environment
• Configuration changes
• Emergency changes
• Production development

Question 23

Project management general controls (5)

Answer 23

• Initiation
• Planning the project
• Risk management approach
• Execution
• Completion

Question 24

Systems development life cycle (SDLC)

Answer 24

Process to introduce, develop, maintain and enhance software

Question 25

SDLC Stage 1

Answer 25

Business Analysis

Question 26

SDLC Stage 2

Answer 26

Feasibility Study

Question 27

SDLC Stage 3

Answer 27

Systems analysis

Question 28

SDLC Stage 4

Answer 28

Design

Question 29

SDLC Stage 5

Answer 29

Development

Question 30

SDLC Stage 6

Answer 30

Testing

Question 31

SDLC Stage 7

Answer 31

Implementation

Question 32

SDLC Stage 8

Answer 32

Maintenance

Question 33

SDLC Stage 9

Answer 33

Post-implementation review

Question 34

SDLC Stage 10

Answer 34

Enhancements/ wish list

Question 35

Four methods of implementation`

Answer 35

• Parallel
• Direct
• Phased
• Pilot

Question 36

Continuity of operations

Answer 36

Key objective of any company is the ability to carry on trading after a disaster

Question 37

Server back up options (5)

Answer 37

• Switch server to another in-house facility
• Cloud computing
• Mutual aid pact
• Cold site (crate and ship)
• Hot site

Question 38

Testing the disaster recovery plan

Answer 38

Dress rehearsal should be performed (like a fire drill) to ensure employees are familiar with the process

Question 39

Key features of an IT strategy (6)

Answer 39

• Introduction
• Business/ IT linkage
• Assessment of current situation
• Demand side architecture
• Supply side architecture
• Strategic plan