CISA: Domain #2, Part A: IT Governance
All documents for this subject (37)
Seller
Follow
lydiaomutho
Content preview
CISA - IT Governance
Which of the following should be of GREATEST concern to an IS auditor when reviewing an
information security policy? The policy:
A. is driven by an IT department's objectives.
B. is published, but users are not required to read the policy.
C. does not include information security procedures.
D. has not been updated in over a year. - ANS-A. is driven by an IT department's objectives.
Business objectives drive the information security policy, and the information security policy
drives the selection of IT department objectives. A policy driven by IT objectives is at risk of not
being aligned with business goals.
An IS auditor reviews an organizational chart PRIMARILY for:
A. an understanding of the complexity of the organizational structure.
B. investigating various communication channels.
C. understanding the responsibilities and authority of individuals.
D. investigating the network connected to different employees. - ANS-C. understanding the
responsibilities and authority of individuals.
An organizational chart provides information about the responsibilities and authority of
individuals in the organization
IT governance is PRIMARILY the responsibility of the:
A. chief executive officer.
B. board of directors.
C. IT steering committee.
D. audit committee. - ANS-B. board of directors.
IT governance is primarily the responsibility of the executives and shareholders (as represented
by the board of directors).
To aid management in achieving IT and business alignment, an IS auditor should recommend
the use of:
A. control self-assessments.
B. a business impact analysis.
C. an IT balanced scorecard.
D. business process reengineering. - ANS-C. an IT balanced scorecard.
This provides the bridge between IT objectives and business objectives by supplementing the
traditional financial evaluation with measures to evaluate customer satisfaction, internal
processes and the ability to innovate.
, An IS audit department is planning to minimize the risk of short-term employees. Activities
contributing to this objective are documented procedures, knowledge sharing, cross-training
and:
A. succession planning.
B. staff job evaluation.
C. responsibilities definitions.
D. employee award programs. - ANS-A. succession planning.
An IS auditor is evaluating a newly developed IT policy for an organization. Which of the
following factors does the IS auditor consider MOST important to facilitate compliance with the
policy upon its implementation?
A. Existing IT mechanisms enabling compliance
B. Alignment of the policy to the business strategy
C. Current and future technology initiatives
D. Regulatory compliance objectives defined in the policy - ANS-A. Existing IT mechanisms
enabling compliance
The organization should be able to comply with a policy when it is implemented. The most
important consideration when evaluating the new policy should be the existing mechanisms in
place that enable the organization and its employees to comply with the policy.
An IS auditor is performing a review of the software quality management process in an
organization. The FIRST step should be to:
A. verify how the organization complies with the standards.
B. identify and report the existing controls.
C. review the metrics for quality evaluation.
D. request all standards adopted by the organization. - ANS-D. request all standards adopted by
the organization.
Because an audit measures compliance with the standards of the organization, the first step of
the review of the software quality management process should be to determine the evaluation
criteria in the form of standards adopted by the organization. The evaluation of how well the
organization follows their own standards cannot be performed until the IS auditor has
determined what standards exist.
While reviewing the IT governance processes of an organization, an IS auditor discovers the
firm has recently implemented an IT balanced scorecard (BSC). The implementation is
complete; however, the IS auditor notices that performance indicators are not objectively
measurable. What is the PRIMARY risk presented by this situation?
A. Key performance indicators are not reported to management and management cannot
determine the effectiveness of the BSC.
B. IT projects could suffer from cost overruns.
C. Misleading indications of IT performance may be presented to management.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.