Scribd Logo
Upload

Welcome to Scribd!

  • 14 views

    Feedback On The Self-Test - Ais 5131 Chapter 1 Part A

    Uploaded by

    Clarissa Mencero
    This document provides a self-test on IT governance and strategy from Chapter 1 of AIS 5131. It includes 10 multiple choice questions testing understanding of key concepts related to IT governance, corporate governance, enterprise governance of IT, and the role of IT auditors. For each question, the correct answer and brief rationale is provided to explain why the other answer choices are incorrect based on definitions and scope covered in the chapter.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Feedback On The Self-Test - Ais 5131 Chapter 1 Part A

    Uploaded by

    Clarissa Mencero
    14 views3 pages
    This document provides a self-test on IT governance and strategy from Chapter 1 of AIS 5131. It includes 10 multiple choice questions testing understanding of key concepts related to IT governance, corporate governance, enterprise governance of IT, and the role of IT auditors. For each question, the correct answer and brief rationale is provided to explain why the other answer choices are incorrect based on definitions and scope covered in the chapter.

    Original Description:

    Original Title

    Feedback on the Self-test_ais 5131 Chapter 1 Part A

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a self-test on IT governance and strategy from Chapter 1 of AIS 5131. It includes 10 multiple choice questions testing understanding of key concepts related to IT governance, corporate governance, enterprise governance of IT, and the role of IT auditors. For each question, the correct answer and brief rationale is provided to explain why the other answer choices are incorrect based on definitions and scope covered in the chapter.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views3 pages

    Feedback On The Self-Test - Ais 5131 Chapter 1 Part A

    Uploaded by

    Clarissa Mencero
    This document provides a self-test on IT governance and strategy from Chapter 1 of AIS 5131. It includes 10 multiple choice questions testing understanding of key concepts related to IT governance, corporate governance, enterprise governance of IT, and the role of IT auditors. For each question, the correct answer and brief rationale is provided to explain why the other answer choices are incorrect based on definitions and scope covered in the chapter.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    FEEDBACK ON THE SELF-TEST ON AIS 5131

    CHAPTER 1 IT GOVERNANCE AND IT STRATEGY – PART A

    1. IT Governance:
    a) is an isolated discipline.
    b) is a non-essential part of a comprehensive enterprise/corporate governance program.
    c) provides operational (day-to-day) direction, ensures achievement of objectives,
    ascertains proper management of risks, and verifies responsible use of resources.
    d) starts with setting of objectives, then proceeds to continuous loop to measure
    performance, benchmark against objectives and move forward or change direction, as
    appropriate.

    ANS: D

    RATIONALE: A is incorrect because IT governance is not an isolated discipline. B is


    incorrect because IT governance is an integral part of a comprehensive
    enterprise/corporate governance program. C is incorrect because IT governance
    provides strategic direction; the other parts of the statement though are correct.

    2. Corporate governance practices should be executed for ethical issues, decision


    making and overall practices and are used to direct and control enterprises.
    a) True
    b) False

    ANS: A

    3. Which of the following statements about Corporate Governance is most correct?


    a) Corporate governance is used by government bodies world-wide to reduce inaccurate
    financial reporting and provides greater transparency and accountability.
    b) Many government regulations require a senior management to sign-off the adequacy
    if internal controls and include an assessment on the internal controls over financial
    reports (e.g. Sarbanes-Oxley Act, Section 406) 404
    c) Both a and b.
    d )None of the above.

    ANS: A

    RATIONALE: B is incorrect. The concept mentioned is correct. But the example


    mentioned is incorrect since Sarbanes-Oxley Act Section 406 pertains to the code of
    ethics requirements for senior financial officers. Sarbanes-Oxley Act Sections 302 and
    404 cover the concept in item B. Section 302 includes the senior management to sign-
    off the adequacy of the internal controls and Section 404 includes the assessment of
    internal controls over financial reports. Section 404 also includes the requirement that
    an independent external auditor inspects the internal controls of the company.

    4. Who should provide input to the IT-decision making process?


    a) Internal customers and departments
    b) Senior management
    c) Board of directors
    d) All of the above
    ANS: D

    RATIONALE: D is correct since all stakeholders should provide input to the IT-decision
    making process.
    5. Which of the following statements about Enterprise Governance of Information and
    Technology (EGIT) is most correct?
    a) EGIT’s purpose is to direct IT endeavors to ensure that IT aligns with and supports
    the enterprise’s objectives, and that it achieves its promised benefits.
    b) IT should not take advantage of opportunities but maximize benefits.
    c) IT resources should be used responsibly, and IT-related risks should be eliminated
    completely.
    d) All of the above

    ANS: A

    RATIONALE: B is incorrect since IT should take advantage or exploit opportunities and


    maximize benefits. C is incorrect since IT-related risks should be managed
    appropriately. Risks in general, including IT risks, cannot be removed or eliminated
    completely.

    6. The process/practice in implementing EGIT framework on Performance Measurement


    refers to
    a) maintaining an updated inventory of all IT resources and addresses the risk
    management process.
    b) ensuring that all IT resources perform as expected to deliver value to the business,
    and identify risks early on.
    c) implementing processes that address legal and regulatory policies and contractual
    compliance requirements.
    d) none of the above.

    ANS: B

    RATIONALE: A is incorrect since it pertains to IT resource management. C is incorrect


    since it pertains to compliance management.
    7. Which of the following statements about Effective Enterprise Governance is most
    correct?
    a) The key element of EGIT is the alignment of business and IT that leads to the
    achievement of business value, value which means balance among benefits, risks and
    resources.
    b) An issue on EGIT- IT delivers value to the business- is driven by putting
    accountability into the enterprise.
    c) Another issue on EGIT- IT risk is managed - is driven by strategic alignment of IT
    within the business.
    d) All of the above.

    ANS: A
    RATIONALE: B and C are incorrect because it’s the other way around. The issue on “IT
    delivers value to the business” is driven by strategic alignment of IT within the business
    while the issue on “IT risk is managed” is driven by embedding accountability into the
    enterprise.

    8. Factors which make EGIT significant includes


    a) Requirement of business managers and BOD for better return from IT investments
    b) Need to comply with regulatory requirements for IT controls in areas such as in
    privacy and financial reporting (e.g. the US Sarbanes-Oxley Act, Basel Accords, the
    European Union (EU) General Data Protection Regulation (GPDR), etc.)
    c) IT Governance initiatives including the adoption of control frameworks and good
    practices to help monitor and enhance critical IT activities to increase business value
    and reduce busines risk
    d) All of the above.

    ANS: D

    9. Which item in the terms of references on the role of an IS Auditor (audit’s role in
    EGIT) refers to the clear definition of the functional areas or departments and issues to
    be covered?
    a) Scope of work
    b) Reporting line to be used
    c) IS auditor’s right to access information
    d) None of the above

    ANS: A

    RATIONALE: B is incorrect since reporting line to be used pertains to the fact that EGIT
    issues are identified or reported to the highest level of the organization. C is incorrect
    since IT auditor’s right to access information states that the IS auditor should have
    access to information both within the organization and from third party service
    providers, especially for outsourced IT services, as needed.

    10. In accordance with the defined role of the IS auditor, which of following aspects
    related to EGIT need to be assessed?
    a) Alignment of enterprise governance and EGIT and alignment of IT function with the
    enterprise’s mission, vision, values, objectives and strategies
    b) Achievement of performance objectives (e.g. efficiency and effectiveness) established
    by the business and the IT function
    c) The control environment of the organization and the inherent risk within the IS
    environment
    d) All of the above

    ANS: D

    You might also like