Chat with AI
Deck 8: Controlling Information Systems: Introduction to Pervasive Controls
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/159
Play
Full screen (f)
Deck 8: Controlling Information Systems: Introduction to Pervasive Controls
1
The chief information officer (CIO) prioritizes and selects IT projects and resources.
False
2
The IS function of quality assurance conducts reviews to ensure the attainment of IT objectives.
True
3
The IS function with the principal responsibilities of ensuring the security of all IT resources is data control.
False
4
Within the data center, the data control group is responsible for routing all work into and out of the data center, correcting errors, and monitoring error correction.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
5
Segregation of duties consists of separating the four functions of authorizing events, executing events, recording events, and safeguarding the resources resulting from consummating the events.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
6
The IS function with the responsibility of guiding the IT organization in establishing and meeting user information requirements is the IT steering committee.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
7
Embezzlement is a fraud committed by two or more individuals or departments.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
8
According to COBIT, IT resources include applications, information, infrastructure, and people.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
9
The system of controls used in this text consists of the control environment, pervasive control plans, IT general controls, and business process and application control plans.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
10
Individual departments coordinate the organizational and IT strategic planning processes and reviews and approves the strategic IT plan.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
11
According to COBIT, IT resources must be managed by IT control processes to ensure that an organization has the information it needs to achieve its objectives.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
12
The systems development function provides efficient and effective operation of the computer equipment.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
13
The function composed of people, procedures, and equipment and is typically called the information systems department, IS department, or the IT department is the information systems organization.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
14
A small organization that does not have enough personnel to adequately segregate duties must rely on alternative controls, commonly called resource controls.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
15
The policy of requiring an employee to alternate jobs periodically is known as forced vacations.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
16
The information systems function is synonymous with the accounting function.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
17
The functions of the security officer commonly include assigning passwords and working with human resources to ensure proper interview practices are conducted during the hiring process.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
18
Within the data center, the data librarian function grants access to programs, data, and documentation.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
19
IT governance is a process that ensures that the organization's IT sustains and extends the organization's strategies and objectives.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
20
Combining the functions of authorizing and executing events is a violation of the organizational control plan known as segregation of duties.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
21
The WebTrust family of services offers best practices and e-business solutions related exclusively to B2B electronic commerce.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
22
Antivirus is a technique to protect one network from another "untrusted" network.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
23
A fidelity bond indemnifies a company in case it suffers losses from defalcations committed by its employees.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
24
Program documentation provides a description of an application program and usually includes the program's purpose, program flowcharts, and source code listings.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
25
Business continuity planning is the process that identifies events that may threaten an organization and provide a framework whereby the organization will continue to operate when the threatened event occurs or resume operations with a minimum of disruption.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
26
A facility usually comprised of air-conditioned space with a raised floor, telephone connections, and computer ports, into which a subscriber can move equipment, is called a hot site.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
27
The disaster recovery strategy known as a cold site is a fully equipped data center that is made available to client companies for a monthly subscriber fee.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
28
Forced vacations is a policy of requiring an employee to take leave from the job and substitute another employee in his or her place.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
29
With continuous data protection (CDP) all data changes are data stamped and saved to secondary systems as the changes are happening.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
30
Training materials help users learn their jobs and perform consistently in those jobs.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
31
The user manual gives detailed instructions to computer operators and to data control about a particular application.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
32
In a logic bomb attack, a Web site is overwhelmed by an intentional onslaught of thousands of simultaneous messages, making it impossible for the attacked site to engage in its normal activities.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
33
Systems documentation provides an overall description of the application, including the system's purpose; an overview of system procedures; and sample source documents, outputs, and reports.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
34
Biometric identification systems identify authorized personnel through some unique physical trait such as fingers, hands, voice, eyes, face, or writing dynamics.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
35
The disaster backup and recovery technique known as electronic vaulting is a service whereby data changes are automatically transmitted over the Internet on a continuous basis to an off-site server maintained by a third party.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
36
The most common biometric devices perform retinal eye scans.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
37
Program change controls provide assurance that all modifications to programs are authorized and documented, and that the changes are completed, tested, and properly implemented.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
38
Data encryption is a process that codes data to make it readable to human eye.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
39
The operations run manual describes user procedures for an application and assists the user in preparing inputs and using outputs.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
40
COBIT 5 is more procedure-based than COBIT 4.1
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
41
Quality assurance function:
A) modifies and adapts application software
B) conducts reviews to determine adherence to IT standards
C) analyzes existing applications and proposes solutions
D) supervises applications systems development
A) modifies and adapts application software
B) conducts reviews to determine adherence to IT standards
C) analyzes existing applications and proposes solutions
D) supervises applications systems development
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
42
In an information systems organization, all of the following functions might logically report to the data center manager except:
A) data control
B) computer operations
C) data librarian
D) quality assurance
A) data control
B) computer operations
C) data librarian
D) quality assurance
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
43
A policy:
A) is a plan or process put in place to guide actions and achieve goals.
B) can compel behavior and enforce penalties for failure to follow.
C) can be used to prevent fraud in an organization.
D) all of the above.
A) is a plan or process put in place to guide actions and achieve goals.
B) can compel behavior and enforce penalties for failure to follow.
C) can be used to prevent fraud in an organization.
D) all of the above.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
44
COBIT was developed to:
A) provide guidance to managers, users, and auditors on the best practices for the management of information technology
B) identify specific control plans that should be implemented to reduce the occurrence of fraud
C) specify the components of an information system that should be installed in an e-commerce environment
D) suggest the type of information that should be made available for management decision making
A) provide guidance to managers, users, and auditors on the best practices for the management of information technology
B) identify specific control plans that should be implemented to reduce the occurrence of fraud
C) specify the components of an information system that should be installed in an e-commerce environment
D) suggest the type of information that should be made available for management decision making
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
45
____ can consist of many computers and related equipment connected together via a network.
A) PCs
B) Servers
C) LAN
D) Firewall
A) PCs
B) Servers
C) LAN
D) Firewall
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
46
Pervasive control plans:
A) are unrelated to applications control plans
B) are a subset of applications control plans
C) influence the effectiveness of applications control plans
D) increase the efficiency of applications control plans
A) are unrelated to applications control plans
B) are a subset of applications control plans
C) influence the effectiveness of applications control plans
D) increase the efficiency of applications control plans
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
47
Top 10 management concerns about IT's capability to support an organization's vision and strategy include all except the following:
A) decline in IT investments during recession
B) overall security of IT assets
C) the Internet
D) need for project management leadership
A) decline in IT investments during recession
B) overall security of IT assets
C) the Internet
D) need for project management leadership
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
48
Computer hacking and cracking is the intentional, unauthorized access to an organization's computer system, accomplished by bypassing the system's access security controls.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
49
Intrusion-prevention systems (IPS) actively block unauthorized traffic using rules specified by the organization.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
50
The department or function that develops and operates an organization's information systems is often called the:
A) information systems organization
B) computer operations department
C) controller's office
D) computer technology branch
A) information systems organization
B) computer operations department
C) controller's office
D) computer technology branch
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
51
An intrusion-detection systems (IDS) logs and monitors who is on or trying to access the network.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
52
The use of IT resources for enterprise systems and e-business:
A) magnifies the importance of protecting the resources both within and outside of the organization from risks
B) magnifies the importance of protecting the resources both within but not outside the of the organization from risks
C) makes it easier to provide internal control risk when IT resources are interlinked
D) none of the above
A) magnifies the importance of protecting the resources both within and outside of the organization from risks
B) magnifies the importance of protecting the resources both within but not outside the of the organization from risks
C) makes it easier to provide internal control risk when IT resources are interlinked
D) none of the above
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
53
Threat monitoring is a technique to protect one network from another "untrusted" network.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
54
COBIT was developed by:
A) COSO
B) IT Governance Institute
C) PCAOB
D) AICPA
A) COSO
B) IT Governance Institute
C) PCAOB
D) AICPA
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
55
Periodic cleaning, testing, and adjusting of computer equipment is referred to as preventative maintenance.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
56
This IT function's key control concern is that organization and IT strategic objectives are misaligned:
A) CIO
B) quality assurance
C) IT steering committee
D) systems development manager
A) CIO
B) quality assurance
C) IT steering committee
D) systems development manager
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
57
Access control software ensures that only authorized users gain access to a system through a process of identification and authentication.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
58
In an information systems organization, which of the following reporting relationships makes the least sense?
A) The data center manager reports to the CIO.
B) The systems development manager reports to the data center manager.
C) Database administration reports to the technical services manager.
D) The data librarian reports to the data center manager.
A) The data center manager reports to the CIO.
B) The systems development manager reports to the data center manager.
C) Database administration reports to the technical services manager.
D) The data librarian reports to the data center manager.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
59
Application controls restrict access to data, programs, and documentation.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
60
Top security concerns reported by IT security professionals include all the following except:
A) data breaches
B) cyber crimes and cyber attacks
C) data backup
D) workforce mobility
A) data breaches
B) cyber crimes and cyber attacks
C) data backup
D) workforce mobility
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
61
Which of the following statements is true?
A) Management has a legal responsibility to protect an organization's informational assets.
B) Proper protection of organizational information from unauthorized use required both physical and logical controls.
C) The unauthorized disclosure of financial information is a violation of federal securities laws.
D) All of the above.
A) Management has a legal responsibility to protect an organization's informational assets.
B) Proper protection of organizational information from unauthorized use required both physical and logical controls.
C) The unauthorized disclosure of financial information is a violation of federal securities laws.
D) All of the above.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
62
Which one of the following personnel is not involved in safeguarding resources resulting from consummating events?
A) security officer
B) technical service manager
C) database administrator
D) CIO
A) security officer
B) technical service manager
C) database administrator
D) CIO
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
63
An outside auditing firm annually supervises a physical count of the items in a retail store's shelf inventory. This is an example of:
A) authorizing events
B) executing events
C) recording events
D) safeguarding resources
A) authorizing events
B) executing events
C) recording events
D) safeguarding resources
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
64
Approving a customer credit purchase would be an example of which basic events processing function?
A) authorizing events
B) executing events
C) recording events
D) safeguarding resources
A) authorizing events
B) executing events
C) recording events
D) safeguarding resources
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
65
A warehouse clerk manually completing an order document and forwarding it to purchasing for approval is an example of:
A) authorizing events
B) executing events
C) recording events
D) safeguarding resources
A) authorizing events
B) executing events
C) recording events
D) safeguarding resources
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
66
Which of the following has the responsibility of efficient and effective operation of IT?
A) steering committee
B) security officer
C) CIO
D) systems development manager
A) steering committee
B) security officer
C) CIO
D) systems development manager
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
67
The control concern that there will be a high risk of data conversion errors relates primarily to which of the following information systems functions?
A) data control
B) data entry
C) data librarian
D) database administration
A) data control
B) data entry
C) data librarian
D) database administration
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
68
A warehouse supervisor prepares a sales order listing items to be shipped to a customer and then signs it approving the removal of the items from the warehouse. The supervisor is performing which functions?
A) authorizing events and safeguarding of resources
B) executing and recording events
C) authorizing and executing events
D) authorizing and recording events
A) authorizing events and safeguarding of resources
B) executing and recording events
C) authorizing and executing events
D) authorizing and recording events
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
69
The controlled access to data, programs, and documentation is a principal responsibility of which of the following functions?
A) data control
B) data preparation (data entry)
C) data librarian
D) computer operator
A) data control
B) data preparation (data entry)
C) data librarian
D) computer operator
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
70
Which of the following has the major duties of prioritizing and selecting IT projects and resources?
A) steering committee
B) security officer
C) CIO
D) systems development manager
A) steering committee
B) security officer
C) CIO
D) systems development manager
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
71
From the standpoint of achieving the operations system control goal of security of resources, which of the following segregation of duties possibilities is least important?
A) between systems programming and computer operations
B) between data control and data preparation personnel
C) between systems development and computer operators
D) between technical services and data center
A) between systems programming and computer operations
B) between data control and data preparation personnel
C) between systems development and computer operators
D) between technical services and data center
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
72
Which of the following is not a strategic planning process?
A) IT-related requirements to comply with industry, regulatory, legal, and contractual obligations, including privacy, transborder data flows, e-business, and insurance contracts.
B) Acquisition and development schedules for hardware, software, and application systems and for personnel and financial requirements.
C) Systems development life cycle adoption to ensure that comprehensive documentation is developed for each application.
D) An inventory of current IT capabilities.
A) IT-related requirements to comply with industry, regulatory, legal, and contractual obligations, including privacy, transborder data flows, e-business, and insurance contracts.
B) Acquisition and development schedules for hardware, software, and application systems and for personnel and financial requirements.
C) Systems development life cycle adoption to ensure that comprehensive documentation is developed for each application.
D) An inventory of current IT capabilities.
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
73
Which of the following is not one of COBIT's four broad IT control process domains?
A) plan and organize
B) acquire and implement
C) repair and replace
D) monitor and evaluate
A) plan and organize
B) acquire and implement
C) repair and replace
D) monitor and evaluate
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
74
Specifications for availability, reliability, performance, capacity for growth, levels of user support, disaster recovery, security, minimal system functionality, and service charges are included in:
A) application documentation
B) service-level requirements
C) business continuity plan
D) security plan
A) application documentation
B) service-level requirements
C) business continuity plan
D) security plan
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
75
In an information systems organizational structure, the function of ____ is the central point from which to control data and is a central point of vulnerability.
A) data control
B) data entry
C) data librarian
D) database administration
A) data control
B) data entry
C) data librarian
D) database administration
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
76
Managing functional units such as networks, CAD/CAM and systems programming typically is a major duty of:
A) data center manager
B) systems development
C) technical services manager
D) database administrator
A) data center manager
B) systems development
C) technical services manager
D) database administrator
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
77
The segregation of duties control plan consists of separating all of the following event-processing functions except:
A) planning events
B) authorizing events
C) executing events
D) recording events
A) planning events
B) authorizing events
C) executing events
D) recording events
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
78
Which of the following has the responsibility to ensure the security of all IT resources?
A) steering committee
B) security officer
C) CIO
D) systems development manager
A) steering committee
B) security officer
C) CIO
D) systems development manager
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
79
A key control concern is that certain people within an organization have easy access to applications programs and data files. The people are:
A) data librarians
B) systems programmers
C) systems development
D) data center managers
A) data librarians
B) systems programmers
C) systems development
D) data center managers
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
80
A clerk receives checks and customer receipts in the mail. He endorses the checks, fills out the deposit slip, and posts the checks to the cash receipts events data. The clerk is exercising which functions?
A) recording and executing events
B) authorizing and executing events
C) recording and authorizing events
D) safeguarding of resources and authorizing events
A) recording and executing events
B) authorizing and executing events
C) recording and authorizing events
D) safeguarding of resources and authorizing events
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 159 flashcards in this deck.
