Chapter 2— Auditing It Governance Controls
Chapter 2— Auditing IT Governance Controls
TRUE/FALSE
1. To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.
2. To ensure sound internal control, program coding and program processing should be separated.
3. Some systems professionals have unrestricted access to the organization's programs and data.
4 . IT governance focuses on the management and assessment of strategic IT resources
5. Distributed data processing places the control IT recourses under end users.
6. An advantage of distributed data processing is that redundant tasks are greatly eliminated
7. Certain duties that are deemed incompatible in a manual system may be combined in a computer-based information system environment.
8. To improve control and efficiency, the CBIS tasks of new systems development and program maintenance should be performed by the same individual or group.
9. In a CBIS environment, data consolidation protects corporate data from computer fraud and losses from disaster.
10. The database administrator should be separated from systems development.
11. A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.
12. RAID is the use of parallel disks that contain redundant elements of data and applications.
13. Transaction cost economics (TCE) theory suggests that firms should outsource specific non(core IT assets
14. Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.
15. A database administrator is responsible for the receipt, storage, retrieval, and custody of data files.
16. A ROC usually involves two or more user organizations that buy or lease a building and remodel it into a computer site, but without the computer and peripheral equipment.
17. Fault tolerance is the ability of the system to continue operation when part of the
TRUE/FALSE
1. To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.
2. To ensure sound internal control, program coding and program processing should be separated.
3. Some systems professionals have unrestricted access to the organization's programs and data.
4 . IT governance focuses on the management and assessment of strategic IT resources
5. Distributed data processing places the control IT recourses under end users.
6. An advantage of distributed data processing is that redundant tasks are greatly eliminated
7. Certain duties that are deemed incompatible in a manual system may be combined in a computer-based information system environment.
8. To improve control and efficiency, the CBIS tasks of new systems development and program maintenance should be performed by the same individual or group.
9. In a CBIS environment, data consolidation protects corporate data from computer fraud and losses from disaster.
10. The database administrator should be separated from systems development.
11. A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.
12. RAID is the use of parallel disks that contain redundant elements of data and applications.
13. Transaction cost economics (TCE) theory suggests that firms should outsource specific non(core IT assets
14. Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.
15. A database administrator is responsible for the receipt, storage, retrieval, and custody of data files.
16. A ROC usually involves two or more user organizations that buy or lease a building and remodel it into a computer site, but without the computer and peripheral equipment.
17. Fault tolerance is the ability of the system to continue operation when part of the