You are here

Review Qestions

31 August, 2015 - 09:34

1.

What are the three primary reasons that management exercises control over business processes? Explain.

2.

What are the relationships between fraud, in general, and internal control? Between computer fraud, in particular, and internal control?

3.

What is a computer virus?

4.

Explain what is meant by the control environment. What elements might comprise the control environment?

5.

Explain how business ethics relates to internal control.

6.

a.

What are the three generic control goals of the operations process and the five generic control goals of the related information process?

 

b.

Explain the difference between the following pairs of control goals: (1) ensure effectiveness of operations and ensure efficient employment of resources; (2) ensure efficient employment of resources and ensure security of resources; (3) ensure input validity and ensure input accuracy; (4) ensure input completeness and ensure input accuracy; (5) ensure input completeness and ensure update completeness; and (6) ensure input accuracy and ensure update accuracy.

7.

a.

What is the difference between a process control plan, a pervasive control plan, and an IT control process?

 

b.

Name and describe the five IT resources.

 

c.

What are the four IT control process domains?

8.

What is the purpose of the strategic IT plan?

9.

Segregation of duties consists of separating what four basic functions? Briefly define each function.

10.

What are personnel control plans? Define the plans.

11.

Name and describe the four IT control processes in the acquisition and implementation domain.

12.

Describe the four phases/storage locations through which a program under development should pass to ensure good program change control.

13.

What is the difference between a hot site and a cold site?

14.

What are the control plans for restricting access to computer facilities? What three “layers” of control do these plans represent? Explain each layer.

15.

a.

What are the control plans for restricting access to stored programs, data, and documentation? Which of these plans apply to an online environment, and which plans apply to an offline environment?

 

b.

How does a security module work?

16.

a.

What kinds of damage are included in the category of environmental hazards?

 

b.

What control plans are designed to prevent such hazards from occurring?

 

c.

What control plans are designed to limit losses resulting from such hazards or to recover from such hazards?

17.

a.

Why should an organization conduct monitoring activities?

 

b.

Who might conduct monitoring activities?