0% found this document useful (0 votes)
6 views

Chapter-2-Exam-Key-to-Correction

The document contains a series of questions and answers related to IT governance, data processing models, and disaster recovery planning. It covers key objectives, responsibilities, and controls associated with IT functions, as well as the distinctions between centralized and distributed data processing models. Additionally, it highlights the importance of security standards and the involvement of various stakeholders in IT governance and disaster recovery planning.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
6 views

Chapter-2-Exam-Key-to-Correction

The document contains a series of questions and answers related to IT governance, data processing models, and disaster recovery planning. It covers key objectives, responsibilities, and controls associated with IT functions, as well as the distinctions between centralized and distributed data processing models. Additionally, it highlights the importance of security standards and the involvement of various stakeholders in IT governance and disaster recovery planning.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

I.

Instructions: Read each question carefully and choose the best answer from the
given options.

1. Which of the following is a key objective of IT governance?


a) Increasing product prices
b) Reducing IT-related risks and ensuring value from IT investments
c) Expanding the company’s physical infrastructure
d) Minimizing employee salaries
Answer: b) Reducing IT-related risks and ensuring value from IT investments

2. Which of the following is NOT considered an IT governance control?


a) Organizational structure of the IT function
b) Disaster recovery planning
c) Employee social activities
d) Computer center operations
Answer: c) Employee social activities

3. Which IT governance control focuses on managing the daily operations of IT


facilities?
a) Disaster recovery planning
b) Computer center operations
c) Organizational structure of the IT function
d) IT budget management
Answer: b) Computer center operations

4. In a centralized data processing approach, where is all data processing performed?


a) On individual user devices across various locations
b) By multiple small computers across departments
c) By one or more large computers at a central site
d) On cloud-based storage only
Answer: c) By one or more large computers at a central site

5. What is the primary responsibility of a Database Administrator (DBA)?


a) Ensuring security and integrity of the database
b) Managing employee records
c) Overseeing customer service operations
d) Handling financial transactions manually
Answer: a) Ensuring security and integrity of the database
6. Where are offline data files safely stored in a centralized IT environment?
a) Employee workstations
b) The Data Library
c) External USB drives
d) Cloud storage services
Answer: b) The Data Library

7. Who are responsible for designing and building an information system?


a) End users
b) Systems professionals
c) External auditors
d) Sales representatives
Answer: b) Systems professionals

8. Which of the following is a key principle of segregation of IT functions?


a) Combining transaction authorization and transaction processing
b) Keeping record-keeping and asset custody separate
c) Assigning all IT tasks to a single department
d) Allowing unrestricted access to all users
Answer: b) Keeping record-keeping and asset custody separate

9. What is the audit objective in verifying the IT function structure?


a) Ensuring all IT tasks are assigned to a single individual
b) Verifying that incompatible functions are properly segregated based on risk levels
c) Merging all IT functions into a centralized department
d) Allowing employees to perform multiple conflicting IT roles
Answer: b) Verifying that incompatible functions are properly segregated based on
risk levels

10. Which of the following is NOT a risk associated with DDP?


a) Destruction of audit trails
b) Improved user satisfaction
c) Hiring qualified professionals
d) Lack of standards
Answer: b) Improved user satisfaction

11. Who should be involved in identifying critical applications?


a) Only IT personnel
b) Only external auditors
c) User departments, accountants, and auditors
d) Only senior management
Answer: c) User departments, accountants, and auditors

12. Which factor is MOST important when evaluating a disaster recovery plan?
a) The number of IT staff in the company
b) The ability to restore computing resources after a catastrophe
c) The physical security of the office building
d) The total cost of IT operations
Answer: b) The ability to restore computing resources after a catastrophe

13. What is a potential issue when outsourcing IT functions?


a) Increased control over IT systems
b) Vendor exploitation
c) More in-house IT expertise
d) Eliminating the need for disaster recovery plans
Answer: b) Vendor exploitation

14. Why is SAS 70 important for organizations outsourcing IT services?


a) It ensures third-party vendors meet security and control standards
b) It eliminates the need for IT governance
c) It transfers responsibility for financial statements to vendors
d) It removes the need for in-house auditing
Answer: a) It ensures third-party vendors meet security and control standards

15. Which of the following is NOT part of audit procedures for disaster recovery?
a) Site backup
b) Critical application list
c) Employee salary records
d) Data backup
Answer: c) Employee salary records
II. Match each statement or description with the appropriate data processing
model: Centralized Data Processing (CDP) or Distributed Data Processing
(DDP).

1) All data processing is performed by one or more large computers housed at a central
site.
2) IT resources and control are decentralized and distributed across various locations or
business units.
3) It is typically used by large organizations that require high-level control over their
IT systems from a central location.
4) Each unit is responsible for its own IT operations, with less dependency on a central
IT department.
5) This model is associated with cost reductions, as local departments manage their
own systems with smaller, inexpensive computers.
6) It may lead to resource inefficiencies, as different units may use incompatible
hardware or software.
7) All IT services and resources are handled by a single, centralized IT team.
8) Allows more flexibility and responsiveness for end users in meeting their specific
needs.
9) It may cause difficulties in achieving consistent IT standards and security across all
units.
10) This model is less prone to inefficiencies and issues with incompatible systems.

1. Centralized Data Processing Model (CDP)


2. Distributed Data Processing Model (DDP)
3. Centralized Data Processing Model (CDP)
4. Distributed Data Processing Model (DDP)
5. Distributed Data Processing Model (DDP)
6. Distributed Data Processing Model (DDP)
7. Centralized Data Processing Model (CDP)
8. Distributed Data Processing Model (DDP)
9. Distributed Data Processing Model (DDP)
10. Centralized Data Processing Model (CDP)

You might also like