Auditing IT Governance Controls
1. What is IT governance?
Response: IT governance is a relatively new subset of corporate governance that focuses on the management and assessment of strategic IT resources.
2. What are the objectives of IT governance?
Response: The key objectives of IT governance are to reduce risk and ensure that investments in IT resources add value to the corporation.
3. What is distributed data processing?
Response: Distributed data processing involves reorganizing the central IT function into small IT units that are placed under the control of end users. The IT units may be distributed according to business function, geographic location, or both. All or any of the IT functions may be distributed. The degree to which they are distributed will vary depending upon the philosophy and objectives of the organization’s management.
4. What are the advantages and disadvantages of distributed data processing?
Response: The advantages of DDP are:
a. cost reductions
b. improved cost control responsibility
c. improved user satisfaction
d. back up flexibility
The disadvantages (risks) are:
a. inefficient use of resources
b. destruction of audit trails
c. inadequate segregation of duties
d. difficulty acquiring qualified professionals
e. lack of standards
5. What types of tasks become redundant in a distributed data processing system?
Response: Autonomous systems development initiatives distributed throughout the firm can result in each user area reinventing the wheel rather than benefiting from the work of others. For example, application programs created by one user, which could be used with little or no change by others, will be redesigned from scratch rather than shared. Likewise, data common to many users may be recreated for each, resulting in a high level of data redundancy. This situation has implications for data accuracy and consistency.
6. Explain why certain duties that are deemed incompatible in a manual system may be combined in a CBIS computer-based information system environment. Give an example.
Response: The IT (CBIS) environment tends to consolidate activities. A single application may authorize, process, and record all aspects of a transaction. Thus, the focus of segregation control shifts from the operational level (transaction processing tasks that computers now perform) to higher-level organizational relationships within the computer services function.
7. What are the three primary CBIS functions that must be separated?
Response: The three primary CBIS functions that must be separated are as follows:
a. separate systems development from computer operations,
b. separate the database administrator from other functions , and
c. separate new systems development from maintenance.
8. What exposures do data consolidation in a CBIS environment pose?
Response: In a CBIS environment, data consolidation exposes the data to losses from natural and man-made disasters. Consolidation creates a single point of failure. The only way to back up a central computer site against disasters is to provide a second computer facility.
9. What problems may occur as a result of combining applications programming and maintenance tasks into one position?
Response: One problem that may occur is inadequate documentation. Documenting is not considered as interesting a task as designing, testing, and implementing a new system, thus a systems professional may move on to a new project rather than spend time documenting an almost complete project. Job security may be another reason a programmer may not fully document his or her work. Another problem that may occur is the increased potential for program fraud. If the original programmer generates fraudulent code during development, then this programmer, through maintenance procedures, may disable the code prior to audits. Thus, the...
Please join StudyMode to read the full document