CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 196
1. What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?
A) Repeatable but Intuitive
B) Defined
C) Managed and Measurable
D) Optimized
2. Responsibility for the governance of IT should rest with the:
A) IT strategy committee.
B) chief information officer (CIO).
C) audit committee.
D) board of directors.
3. An IS auditor identifies that reports on product profitability produced by an organization's finance and marketing departments give different results. Further investigation reveals that the product definition being used by the two departments is different. What should the IS auditor recommend?
A) User acceptance testing (UAT) occur for all reports before release into production
B) Organizational data governance practices be put in place
C) Standard software tools be used for report development
D) Management sign-off on requirements for new reports
4. From a control perspective, the key element in job descriptions is that they:
A) provide instructions on how to do the job and define authority.
B) are current, documented and readily available to the employee.
C) communicate management's specific job performance expectations.
D) establish responsibility and accountability for the employee's actions.
5. Which of the following would BEST provide assurance of the integrity of new staff?
A) background screening
B) References
C) Bonding
D) Qualifications listed on a resume
A) Repeatable but Intuitive
B) Defined
C) Managed and Measurable
D) Optimized
2. Responsibility for the governance of IT should rest with the:
A) IT strategy committee.
B) chief information officer (CIO).
C) audit committee.
D) board of directors.
3. An IS auditor identifies that reports on product profitability produced by an organization's finance and marketing departments give different results. Further investigation reveals that the product definition being used by the two departments is different. What should the IS auditor recommend?
A) User acceptance testing (UAT) occur for all reports before release into production
B) Organizational data governance practices be put in place
C) Standard software tools be used for report development
D) Management sign-off on requirements for new reports
4. From a control perspective, the key element in job descriptions is that they:
A) provide instructions on how to do the job and define authority.
B) are current, documented and readily available to the employee.
C) communicate management's specific job performance expectations.
D) establish responsibility and accountability for the employee's actions.
5. Which of the following would BEST provide assurance of the integrity of new staff?
A) background screening
B) References
C) Bonding
D) Qualifications listed on a resume
1. Right Answer: B
Explanation: Defined (level 3) is the lowest level at which an IT balanced scorecard is defined.
2. Right Answer: D
Explanation: Governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise's resources are used responsibly. The audit committee, the chief information officer (CIO) and the IT strategy committee all play a significant role in the successful implementation of IT governance within an organization, but the ultimate accountability resides with the board of directors.
3. Right Answer: B
Explanation: This choice directly addresses the problem. An organization wide approach is needed to achieve effective management of data assets. This includes enforcing standard definitions of data elements, which is part of a data governance initiative. The other choices, while sound development practices, do not address the root cause of the problem described.
4. Right Answer: D
Explanation: From a control perspective, a job description should establish responsibility and accountability. This will aid in ensuring that users are given system access in accordance with their defined job responsibilities. The other choices are not directly related to controls. Providing instructions on how to do the job and defining authority addresses the managerial and procedural aspects of the job. It is important that job descriptions are current, documented and readily available to the employee, but this in itself is not a control. Communication of management's specific expectations for job performance outlines the standard of performance and would not necessarily include controls.
5. Right Answer: A
Explanation: A background screening is the primary method for assuring the integrity of a prospective staff member. References are important and would need to be verified, but they are not as reliable as background screening. Bonding is directed at due-diligence compliance, not at integrity, and qualifications listed on a resume may not be accurate.
Explanation: Defined (level 3) is the lowest level at which an IT balanced scorecard is defined.
2. Right Answer: D
Explanation: Governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise's resources are used responsibly. The audit committee, the chief information officer (CIO) and the IT strategy committee all play a significant role in the successful implementation of IT governance within an organization, but the ultimate accountability resides with the board of directors.
3. Right Answer: B
Explanation: This choice directly addresses the problem. An organization wide approach is needed to achieve effective management of data assets. This includes enforcing standard definitions of data elements, which is part of a data governance initiative. The other choices, while sound development practices, do not address the root cause of the problem described.
4. Right Answer: D
Explanation: From a control perspective, a job description should establish responsibility and accountability. This will aid in ensuring that users are given system access in accordance with their defined job responsibilities. The other choices are not directly related to controls. Providing instructions on how to do the job and defining authority addresses the managerial and procedural aspects of the job. It is important that job descriptions are current, documented and readily available to the employee, but this in itself is not a control. Communication of management's specific expectations for job performance outlines the standard of performance and would not necessarily include controls.
5. Right Answer: A
Explanation: A background screening is the primary method for assuring the integrity of a prospective staff member. References are important and would need to be verified, but they are not as reliable as background screening. Bonding is directed at due-diligence compliance, not at integrity, and qualifications listed on a resume may not be accurate.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment