Test Bank For Information Technology Auditing 4e James A Hall

Description

Test Bank For Information Technology Auditing 4e James A Hall

Chapter 2— Auditing IT Governance Controls

TRUE/FALSE

1.To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated.

ANS: F PTS: 1

2.To ensure sound internal control, program coding and program processing should be separated.

ANS: T PTS: 1

3.Some systems professionals have unrestricted access to the organization’s programs and data.

ANS: T PTS: 1

4.44IT governance focuses on the management and assessment of strategic IT resources

ANS: T PTS: 1

5.Distributed data processing places the control IT recourses under end users.  

ANS: T PTS: 1

6.  An advantage of distributed data processing is that redundant tasks are greatly eliminated

ANS: F PTS: 1

7. Certain duties that are deemed incompatible in a manual system may be combined in a computer-based information system environment.  

ANS: T PTS: 1

8.To improve control and efficiency, new systems development and program maintenance should be performed by the same individual or group.

ANS: F PTS: 1

9. Distributed data processing reduces the risk of operational inefficiencies. 

ANS: F PTS: 1

10.The database administrator should be separated from systems development.

ANS: T PTS: 1

11.A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.

ANS: T PTS: 1

12. RAID is the use of parallel disks that contain redundant elements of data and applications.

ANS: T PTS: 1

13. Transaction cost economics (TCE) theory suggests that firms should outsource specific noncore IT assets

ANS: F PTS: 1

14. Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory.

ANS: F PTS: 1

15. A database administrator is responsible for the receipt, storage, retrieval, and custody of data files.

ANS: F PTS: 1

16. Virtualization is the technology that unleased cloud computing.

ANS: T PTS: 1

17. Fault tolerance is the ability of the system to continue operation when part of the system fails due to hardware failure, application program error, or operator error.

ANS: T PTS: 1

18. An often-cited benefit of IT outsourcing is improved core business performance. 

ANS: T PTS: 1

19. Commodity IT assets include such things are network management.

ANS: T PTS: 1

20. Specific IT assets support an organization’s strategic objectives.  

ANS: T PTS: 1

21. A generally accepted advantage of IT outsourcing is improved security.

ANS: F PTS: 1

22. An advantage of distributed data processing is that individual end user groups set specific IT standards without concern for the broader corporate needs. 

ANS: F PTS: 1

23. A mutual aid is the lowest cost disaster recovery option, but has shown to be effective and low risk.

ANS: F PTS: 1

24. Critical applications should be identified and prioritized by the user departments, accountants, and auditors.

ANS: T PTS: 1

25. A ROC is generally shared with multiple companies.

ANS: T PTS: 1

MULTIPLE CHOICE

1.All of the following are issues of computer security except

a.	releasing incorrect data to authorized individuals
b.	permitting computer operators unlimited access to the computer room
c.	permitting access to data by unauthorized individuals
d.	providing correct data to unauthorized individuals

ANS: B PTS: 1

2.Segregation of duties in the computer-based information system includes

a.	separating the programmer from the computer operator
b.	preventing management override
c.	separating the inventory process from the billing process
d.	performing independent verifications by the computer operator

ANS: A PTS: 1

3.In a computer-based information system, which of the following duties needs to be separated?

a.	program coding from program operations
b.	program operations from program maintenance
c.	program maintenance from program coding
d.	all of the above duties should be separated

ANS: D PTS: 1

4.Participation in system development activities include:

a.	system analysts, database designers and programmers
b.	managers and operating personnel who work directly with the system
c.	accountants and auditors
d.	all of the above

ANS: D PTS: 1

5.Adequate backups will protect against all of the following except

a.	natural disasters such as fires
b.	unauthorized access
c.	data corruption caused by program errors
d.	system crashes

ANS: B PTS: 1

6.Which is the most critical segregation of duties in the centralized computer services function?

a.	systems development from data processing
b.	data operations from data librarian
c.	data preparation from data control
d.	data control from data librarian

ANS: A PTS: 1

7.Systems development is separated from data processing activities because failure to do so

a.	weakens database access security
b.	allows programmers access to make unauthorized changes to applications during execution
c.	results in inadequate documentation
d.	results in master files being inadvertently erased

ANS: B PTS: 1

8.Which organizational structure is most likely to result in good documentation procedures?

a.	separate systems development from systems maintenance
b.	separate systems analysis from application programming
c.	separate systems development from data processing
d.	separate database administrator from data processing

ANS: A PTS: 1

9.All of the following are control risks associated with the distributed data processing structure except

a.	lack of separation of duties
b.	system incompatibilities
c.	system interdependency
d.	lack of documentation standards

ANS: C PTS: 1

10.Which of the following is not an essential feature of a disaster recovery plan?

a.	off-site storage of backups
b.	computer services function
c.	second site backup
d.	critical applications identified

ANS: B PTS: 1