Professional Documents
Culture Documents
Feedback On The Self-Test - Ais 5131 Chapter 1 Part A
Feedback On The Self-Test - Ais 5131 Chapter 1 Part A
Feedback On The Self-Test - Ais 5131 Chapter 1 Part A
1. IT Governance:
a) is an isolated discipline.
b) is a non-essential part of a comprehensive enterprise/corporate governance program.
c) provides operational (day-to-day) direction, ensures achievement of objectives,
ascertains proper management of risks, and verifies responsible use of resources.
d) starts with setting of objectives, then proceeds to continuous loop to measure
performance, benchmark against objectives and move forward or change direction, as
appropriate.
ANS: D
ANS: A
ANS: A
RATIONALE: D is correct since all stakeholders should provide input to the IT-decision
making process.
5. Which of the following statements about Enterprise Governance of Information and
Technology (EGIT) is most correct?
a) EGIT’s purpose is to direct IT endeavors to ensure that IT aligns with and supports
the enterprise’s objectives, and that it achieves its promised benefits.
b) IT should not take advantage of opportunities but maximize benefits.
c) IT resources should be used responsibly, and IT-related risks should be eliminated
completely.
d) All of the above
ANS: A
ANS: B
ANS: A
RATIONALE: B and C are incorrect because it’s the other way around. The issue on “IT
delivers value to the business” is driven by strategic alignment of IT within the business
while the issue on “IT risk is managed” is driven by embedding accountability into the
enterprise.
ANS: D
9. Which item in the terms of references on the role of an IS Auditor (audit’s role in
EGIT) refers to the clear definition of the functional areas or departments and issues to
be covered?
a) Scope of work
b) Reporting line to be used
c) IS auditor’s right to access information
d) None of the above
ANS: A
RATIONALE: B is incorrect since reporting line to be used pertains to the fact that EGIT
issues are identified or reported to the highest level of the organization. C is incorrect
since IT auditor’s right to access information states that the IS auditor should have
access to information both within the organization and from third party service
providers, especially for outsourced IT services, as needed.
10. In accordance with the defined role of the IS auditor, which of following aspects
related to EGIT need to be assessed?
a) Alignment of enterprise governance and EGIT and alignment of IT function with the
enterprise’s mission, vision, values, objectives and strategies
b) Achievement of performance objectives (e.g. efficiency and effectiveness) established
by the business and the IT function
c) The control environment of the organization and the inherent risk within the IS
environment
d) All of the above
ANS: D