EdTest Bank, Chapter 2

IT Auditing 4 th Ed—Test Bank, Chapter 2 © 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

Chapter 2— Auditing IT Governance Controls

TRUE/FALSE

• To fulfill the segregation of duties control objective, computer processing functions (like authorization

of credit and billing) are separated.

ANS: F PTS: 1

• To ensure sound internal control, program coding and program processing should be separated.

ANS: T PTS: 1

• Some systems professionals have unrestricted access to the organization's programs and data.

ANS: T PTS: 1

• 44IT governance focuses on the management and assessment of strategic IT resources

ANS: T PTS: 1

• Distributed data processing places the control IT recourses under end users.

ANS: T PTS: 1

• An advantage of distributed data processing is that redundant tasks are greatly eliminated

ANS: F PTS: 1

• Certain duties that are deemed incompatible in a manual system may be combined in a computer-based

information system environment.

ANS: T PTS: 1

• To improve control and efficiency, new systems development and program maintenance should be

performed by the same individual or group.

ANS: F PTS: 1

• Distributed data processing reduces the risk of operational inefficiencies.

ANS: F PTS: 1

• The database administrator should be separated from systems development.

ANS: T PTS: 1

Information Technology Auditing 4th Edition Hall Test Bank Visit TestBankDeal.com to get complete for all chapters

IT Auditing 4 th Ed—Test Bank, Chapter 2 © 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

• A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster.

ANS: T PTS: 1

• RAID is the use of parallel disks that contain redundant elements of data and applications.

ANS: T PTS: 1

• Transaction cost economics (TCE) theory suggests that firms should outsource specific noncore IT

assets

ANS: F PTS: 1

• Commodity IT assets easily acquired in the marketplace and should be outsourced under the core

competency theory.

ANS: F PTS: 1

• A database administrator is responsible for the receipt, storage, retrieval, and custody of data files.

ANS: F PTS: 1

• Virtualization is the technology that unleased cloud computing.

ANS: T PTS: 1

• Fault tolerance is the ability of the system to continue operation when part of the system fails due to

hardware failure, application program error, or operator error.

ANS: T PTS: 1

• An often-cited benefit of IT outsourcing is improved core business performance.

ANS: T PTS: 1

• Commodity IT assets include such things are network management.

ANS: T PTS: 1

• Specific IT assets support an organization’s strategic objectives.

ANS: T PTS: 1

• A generally accepted advantage of IT outsourcing is improved security.

ANS: F PTS: 1

IT Auditing 4 th Ed—Test Bank, Chapter 2 © 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

• An advantage of distributed data processing is that individual end user groups set specific IT standards

without concern for the broader corporate needs.

ANS: F PTS: 1

• A mutual aid is the lowest cost disaster recovery option, but has shown to be effective and low risk.

ANS: F PTS: 1

• Critical applications should be identified and prioritized by the user departments, accountants, and

auditors.

ANS: T PTS: 1

• A ROC is generally shared with multiple companies.

ANS: T PTS: 1

MULTIPLE CHOICE

• All of the following are issues of computer security except
• releasing incorrect data to authorized individuals
• permitting computer operators unlimited access to the computer room
• permitting access to data by unauthorized individuals
• providing correct data to unauthorized individuals

ANS: B PTS: 1

• Segregation of duties in the computer-based information system includes
• separating the programmer from the computer operator
• preventing management override
• separating the inventory process from the billing process
• performing independent verifications by the computer operator

ANS: A PTS: 1

• In a computer-based information system, which of the following duties needs to be separated?
• program coding from program operations
• program operations from program maintenance
• program maintenance from program coding
• all of the above duties should be separated

ANS: D PTS: 1

IT Auditing 4 th Ed—Test Bank, Chapter 2 © 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

4. Participation in system development activities include:

• system analysts, database designers and programmers
• managers and operating personnel who work directly with the system
• accountants and auditors
• all of the above

ANS: D PTS: 1

• Adequate backups will protect against all of the following except
• natural disasters such as fires
• unauthorized access
• data corruption caused by program errors
• system crashes

ANS: B PTS: 1

• Which is the most critical segregation of duties in the centralized computer services function?
• systems development from data processing
• data operations from data librarian
• data preparation from data control
• data control from data librarian

ANS: A PTS: 1

• Systems development is separated from data processing activities because failure to do so
• weakens database access security
• allows programmers access to make unauthorized changes to applications during

execution

• results in inadequate documentation
• results in master files being inadvertently erased

ANS: B PTS: 1

• Which organizational structure is most likely to result in good documentation procedures?
• separate systems development from systems maintenance
• separate systems analysis from application programming
• separate systems development from data processing
• separate database administrator from data processing

ANS: A PTS: 1

• All of the following are control risks associated with the distributed data processing structure except
• lack of separation of duties
• system incompatibilities
• system interdependency
• lack of documentation standards

ANS: C PTS: 1