Professional Documents
Culture Documents
Mervidelle Castro - Aud in CIS Prelim
Mervidelle Castro - Aud in CIS Prelim
PRELIM EXAM
RAQUEL ALVAREZ-DE CASTRO, CPA, MBA/MPA
Mervidelle F. Castro
I.QUESTIONS.
1. What is IT governance
3. What are the three primary CBIS functions that must be separated
The following are the three primary CBIS functions that must be separated:
Separate systems development from computer operations
Separate the database administrator from other functions and system
development
Separate new system development from maintenance.
4. What is RAID
RAID stands for Redundant Array of Inexpensive Disks. is a storage
technology that balances data protection, system performance, and storage space
by determining how the storage system distributes data. RAID is a way of logically
___________________________NOTHING FOLLOWS_____________________________________
putting multiple disks together into a single array. The idea then is that these disks
working together will have the speed and/or reliability of a more expensive disk.
7. What are the five risks associated with or distributed data processing?
1. Inefficient use of resources
2. Destruction of audit trails
3. Inadequate segregation of duties
4. Potential inability to hire qualified professionals
5. Lack of standards
8. What is ROC?
The Recovery Operating center is a backup data center that many companies
share. It is a physical or virtual facility site which is kept in a state of readiness at
all times as a backup facility for computer and business operations in case
of emergency or disaster.
___________________________NOTHING FOLLOWS_____________________________________
II. PROBLEM
De Castro, CPA, during its preliminary review of the financial statements of Comet, Inc., found a lack
of proper segregation of duties between the programming and operating functions. Comet owns its
own computing facilities. De Castro, CPA, diligently intensified the internal control study and
assessment tasks relation to the computer facilities. De Castro concluded in its final report that
sufficient compensating general controls provided reasonable assurance that the internal control
objective s were being met.
Required: What compensating controls are most likely in place?
___________________________NOTHING FOLLOWS_____________________________________