AUDITING IN CIS

PRELIM EXAM
RAQUEL ALVAREZ-DE CASTRO, CPA, MBA/MPA

Mervidelle F. Castro

I.QUESTIONS.

1. What is IT governance

IT governance is a subset of corporate governance to provide a structure or

framework for aligning IT strategy with business strategy. It ensures that IT-
related decisions match the organization or company’s objectives .

2. What are the objectives of IT governance?

IT governance has primarily been driven by the need for the transparency of
enterprise risks and the protection of shareholder value. IT governance exists with
the following objectives.
 Deliver Value to Stakeholders.
 Set strategy
 Manage risk
 Measure performance

3. What are the three primary CBIS functions that must be separated
The following are the three primary CBIS functions that must be separated:
 Separate systems development from computer operations
 Separate the database administrator from other functions and system
development
 Separate new system development from maintenance.

4. What is RAID
RAID stands for Redundant Array of Inexpensive Disks. is a storage
technology that balances data protection, system performance, and storage space
by determining how the storage system distributes data. RAID is a way of logically

___________________________NOTHING FOLLOWS_____________________________________
 putting multiple disks together into a single array. The idea then is that these disks
working together will have the speed and/or reliability of a more expensive disk. 

5. What is the role of data librarian?

The data librarian helps the librarian in charge of services on research data
management in designing services to researchers and research units on data
management. He uses his technical expertise to train and/or support researchers
with their data from defining their needs to proposing practical solutions. He is
responsible for the receipt, storage, retrieval and custody of data files and control
access to data library

6. What is data conversion?

Data conversion is the conversion of one data format into another. It is a
technical process mostly done by software, although rarely hardware or human
intervention is used.

7. What are the five risks associated with or distributed data processing?
1. Inefficient use of resources
2. Destruction of audit trails
3. Inadequate segregation of duties
4. Potential inability to hire qualified professionals
5. Lack of standards

8. What is ROC?

The Recovery Operating center is a backup data center that many companies
share. It is a physical or virtual facility site which is kept in a state of readiness at
all times as a backup facility for computer and business operations in case
of emergency or disaster.

9. What is commodity IT asset?

Commodity IT asset are those assets that are not unique to a particular
organization and can be easily acquired in the marketplace.

10. Define specific asset?

Specific assets are those that are unique to the organization and has a little value
outside of their current use.

___________________________NOTHING FOLLOWS_____________________________________
II. PROBLEM 
 De Castro, CPA, during its preliminary review of the financial statements of Comet, Inc., found a lack
of proper segregation of duties between the programming and operating functions. Comet owns its
own computing facilities. De Castro, CPA, diligently intensified the internal control study and
assessment tasks relation to the computer facilities. De Castro concluded in its final report that
sufficient compensating general controls provided reasonable assurance that the internal control
objective s were being met.
Required: What compensating controls are most likely in place?

With microcomputer systems, the segregation of duties and functions is often

impractical and unlikely in practice. Usually, the same person has complete control over the
installation of the computer programs and entry of data. Thus, it is possible for a user
with the required technical knowledge to alter the programs and data for personal gain
without leaving any audit trail. Automatic transaction processes must have appropriate
controls in place. For example, input controls should ensure that purchases or sales will not
take place above a pre-specified amount, and organization controls should ensure that
changes to the program trading software are authorized, fully tested before
implementation, and documented.

___________________________NOTHING FOLLOWS_____________________________________