SEC 592 What is the identified risk for COBIT control objectives relating to management personnel obtaining feedback from business process users regarding the quality and usefulness of IT plans? (
Question # 00315933
Posted By:
Updated on: 06/11/2016 05:41 PM Due on: 07/11/2016
Week 4 : Ethical Issues and Due Care - Midterm
Question 1.1. (TCO A) What is the identified risk for COBIT control objectives relating to management
personnel obtaining feedback from business process users regarding the quality and usefulness of IT
plans? (Points : 4)
IT plans may not be present in the organization's long and short-range plans
IT plans may not be consistent with the organization's goals
IT plans may not be updated regularly
New business processes may conflict with current IT plans
Question 2.2. (TCO B) Planning and Organization domain control objective 9 of the COBIT standard
does not __________. (Points : 4)
provide for a business risk assessment
provide for risk identification
provide for development of a risk action plan
place the CEO in a role responsible for IT and business risk management alignment
Question 3.3. (TCO C) Delivery and Support domain control objective 3 of the COBIT
framework: __________. (Points : 4)
addresses the problems of availability and performance requirements
addresses the problems of monitoring and reporting
addresses the problems of workload forecasting
All of the above
Question 4.4. (TCO A) The three types of information system administrative controls are
__________. (Points : 4)
confidentiality, integrity, and availability
confidentiality, integrity, and access
completeness, integrity, and availability
completeness, innovation, and availability
Question 5.5. (TCO B) Which law requires organizations to keep physical control of paper documents
and control of electronic documents? (Points : 4)
Sarbanes-Oxley
HIPAA
The Federal Financial Management Improvement Act of 1986
SAS 70
Question 6.6. (TCO A) Governance does all of the following except __________. (Points : 4)
help in the creation of policy
list controls for organizations to employ
helps in organizational decision making
help with formulating strategic guidelines
Question 7.7. (TCO C) A Personal Private Information (PPI) policy does which of the following? (Points :
4)
Determines what constitutes PPI and how it must be secured and maintained
Determines categories of private information
Allows for an opt-in mechanism to remove data
Allows for the unrestricted access to personal data
Question 8.8. (TCO B) Which of the following is true regarding the COBIT domain of Planning and
Organization? (Points : 4)
Compliance controls are usually burdensome and require a lot of paperwork.
COBIT and ITIL guidelines are best suited for large company structures.
There is no one-size-fits-all template for COBIT and ITIL.
COBIT, ITIL, and SOX compliance all mean the same thing.
Question 9.9. (TCO A) On average, United States companies with a market capitalization of greater than
$75 million spend how much to comply with Section 404 of Sarbanes-Oxley? (Points : 4)
$2.01 million
$6.08 million
$2.9 million
$3.12 million
Question 10.10. (TCO C) Sections 751 and 752 of the BASEL II accord cover __________. (Points : 4)
the assessment of the control environment
the internal review process
the internal monitoring of controls
the external review of controls
Question 1.1. (TCO B) COBIT controls that include acquiring new applications or staff skill sets are part
of what COBIT domain? (Points : 4)
Planning and Organizing
Delivery and Support
Monitoring
Acquisition and Implementation
Question 2.2. (TCO A) What is the title of Section 404 of SOX? (Points : 4)
Management Review of Internal Controls
Management Policy on Internal Controls
Management Assessment of Internal Controls
Management Decision on Internal Controls
Question 3.3. (TCO C) HIPAA goals include all of the following except __________. (Points : 4)
lowering costs
improving healthcare
making administrative transactions more secure
enhancing privacy of health information
Question 4.4. (TCO B) Which of the following is not a part of compliance software that is needed to
ensure complete adherence to SOX? (Points : 4)
Internal and external auditor processes
Enforcement application and database control levels with detection, prevention, and monitoring
capabilities
Improved internal controls by improving business processes
All of the above are needed
Question 5.5. (TCO A) The three processes of risk management are __________. (Points : 4)
risk mitigation, regulatory compliance, and evaluation
risk mitigation, risk assessment, and evaluation and assessment
physical, administrative, and technical controls
risk avoidance, risk containment, and audit
Question 6.6. (TCO A) List and describe the two most important questions one should ask when deciding
which COBIT controls to use for an organization? With whom should one verify the controls
with? (Points : 20)
Question 7.7. (TCO B) How does the COBIT framework assist organizations in self-governance?
Specifically, what areas of the COBIT framework relate to governance? (Points : 20)
Question 8.8. (TCO C) Analyze and discuss how the Health Insurance Portability and Accountability Act
(HIPPA) helps to improve the U.S. healthcare industry. What are some of its challenges? (Points : 20)
Question 9.9. (TCO B) What do you think is the value of Segregation of Duties (SOD) as it pertains to
SOX? (Points : 20)
Question 1.1. (TCO A) What is the identified risk for COBIT control objectives relating to management
personnel obtaining feedback from business process users regarding the quality and usefulness of IT
plans? (Points : 4)
IT plans may not be present in the organization's long and short-range plans
IT plans may not be consistent with the organization's goals
IT plans may not be updated regularly
New business processes may conflict with current IT plans
Question 2.2. (TCO B) Planning and Organization domain control objective 9 of the COBIT standard
does not __________. (Points : 4)
provide for a business risk assessment
provide for risk identification
provide for development of a risk action plan
place the CEO in a role responsible for IT and business risk management alignment
Question 3.3. (TCO C) Delivery and Support domain control objective 3 of the COBIT
framework: __________. (Points : 4)
addresses the problems of availability and performance requirements
addresses the problems of monitoring and reporting
addresses the problems of workload forecasting
All of the above
Question 4.4. (TCO A) The three types of information system administrative controls are
__________. (Points : 4)
confidentiality, integrity, and availability
confidentiality, integrity, and access
completeness, integrity, and availability
completeness, innovation, and availability
Question 5.5. (TCO B) Which law requires organizations to keep physical control of paper documents
and control of electronic documents? (Points : 4)
Sarbanes-Oxley
HIPAA
The Federal Financial Management Improvement Act of 1986
SAS 70
Question 6.6. (TCO A) Governance does all of the following except __________. (Points : 4)
help in the creation of policy
list controls for organizations to employ
helps in organizational decision making
help with formulating strategic guidelines
Question 7.7. (TCO C) A Personal Private Information (PPI) policy does which of the following? (Points :
4)
Determines what constitutes PPI and how it must be secured and maintained
Determines categories of private information
Allows for an opt-in mechanism to remove data
Allows for the unrestricted access to personal data
Question 8.8. (TCO B) Which of the following is true regarding the COBIT domain of Planning and
Organization? (Points : 4)
Compliance controls are usually burdensome and require a lot of paperwork.
COBIT and ITIL guidelines are best suited for large company structures.
There is no one-size-fits-all template for COBIT and ITIL.
COBIT, ITIL, and SOX compliance all mean the same thing.
Question 9.9. (TCO A) On average, United States companies with a market capitalization of greater than
$75 million spend how much to comply with Section 404 of Sarbanes-Oxley? (Points : 4)
$2.01 million
$6.08 million
$2.9 million
$3.12 million
Question 10.10. (TCO C) Sections 751 and 752 of the BASEL II accord cover __________. (Points : 4)
the assessment of the control environment
the internal review process
the internal monitoring of controls
the external review of controls
Question 1.1. (TCO B) COBIT controls that include acquiring new applications or staff skill sets are part
of what COBIT domain? (Points : 4)
Planning and Organizing
Delivery and Support
Monitoring
Acquisition and Implementation
Question 2.2. (TCO A) What is the title of Section 404 of SOX? (Points : 4)
Management Review of Internal Controls
Management Policy on Internal Controls
Management Assessment of Internal Controls
Management Decision on Internal Controls
Question 3.3. (TCO C) HIPAA goals include all of the following except __________. (Points : 4)
lowering costs
improving healthcare
making administrative transactions more secure
enhancing privacy of health information
Question 4.4. (TCO B) Which of the following is not a part of compliance software that is needed to
ensure complete adherence to SOX? (Points : 4)
Internal and external auditor processes
Enforcement application and database control levels with detection, prevention, and monitoring
capabilities
Improved internal controls by improving business processes
All of the above are needed
Question 5.5. (TCO A) The three processes of risk management are __________. (Points : 4)
risk mitigation, regulatory compliance, and evaluation
risk mitigation, risk assessment, and evaluation and assessment
physical, administrative, and technical controls
risk avoidance, risk containment, and audit
Question 6.6. (TCO A) List and describe the two most important questions one should ask when deciding
which COBIT controls to use for an organization? With whom should one verify the controls
with? (Points : 20)
Question 7.7. (TCO B) How does the COBIT framework assist organizations in self-governance?
Specifically, what areas of the COBIT framework relate to governance? (Points : 20)
Question 8.8. (TCO C) Analyze and discuss how the Health Insurance Portability and Accountability Act
(HIPPA) helps to improve the U.S. healthcare industry. What are some of its challenges? (Points : 20)
Question 9.9. (TCO B) What do you think is the value of Segregation of Duties (SOD) as it pertains to
SOX? (Points : 20)
-
Rating:
/5
Solution: SEC 592 What is the identified risk for COBIT control objectives relating to management personnel obtaining feedback from business process users regarding the quality and usefulness of IT plans? (