CPE Quiz #
85
Based on Information Systems Control Journal Volume 4, 2002
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Guldentops Article1. According to a survey by the IT Governance Institute (ITGI), the top five IT issues in the public and private sectors are each governance-related.
2. One of these top five issues is value delivery. Specifically, value delivery targets knowledge and infrastructure and deals with the selective outsourcing of noncore processes to enhance the value delivery of an IT organization.
3. Another top five issue is risk management. Risk management is concerned with the safeguarding of assets and preparing for disaster. Other IT activities cited by the author that relate to risk management include security, disaster recovery, improving the SDLC process, and quality of service.
Gold Article4. The author describes four basic stages of an organization's IT function. These stages are defensive, reactive, responsive and strategy-focused. Characteristics of a reactive IT function are to focus and measure quality by systems availability; to budget IT expenditures externally, often as a percentage of revenue; and to focus on IT's impact on time to market for new products and services.
5. Most IT managers surveyed at public conferences by the author consider themselves in the responsive stage, while business unit managers consider their IT organizations to be merely reactive.
Wilkins Article6. The author draws analogies between e-mail and telephone conversations as knowledge management systems. Retention and document management systems for e-mails should therefore be considered important only for highly regulated industries.
7. The author cites a survey by the American Bar Association. In this survey, 39 percent of companies had implemented a compliance program for their record management and e-mail retention programs.
8. An example of an industry-specific record retention requirement is in financial services, where the NASDAQ mandates six-year retention of e-mails related to securities trading.
ISACA Standards Board Article9. The existence of an internal audit department at a third-party IT service provider should be considered when evaluating its internal control environment.
10. The use of third-party IT service providers, especially those with their own internal audit functions, effectively relieves an IS auditor's responsibility to assess internal controls for the systems and processes managed by the third party.
Doughty and O'Driscoll Article11. ITIL defines IT service management as the process of maintaining and gradually improving business-aligned IT service quality through the constant cycle of agreeing, monitoring, reporting and reviewing IT service achievements and through instigating actions to eradicate unacceptable levels of service.
12. ITIL service management components of particular interest to internal auditors include disaster recovery management, risk management and security management.
13. The authors used facilitated control self-assessment in combination with ITIL service management principles to decrease the resources and time needed for IT auditing at their organization by more than 35 percent.
Gorgoglione and Joseph Article14. Examples of preventative system controls associated with laser check printing include: auto-encryption, positive pay and dual login.
15. Examples of detective system controls associated with laser check printing include: paper stock security features, print logs and signature plates.
16. The authors recommend documenting all preventative and detective control features in a laser check printing system within a comprehensive audit report.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|