Professional Documents
Culture Documents
TRUE/FALSE
1. IT governance is a process that ensures that the organization's IT sustains and extends the
organization's strategies and objectives.
ANS: T PTS: 1
ANS: T PTS: 1
ANS: T PTS: 1
4. The system of controls used in this text consists of the control environment, pervasive control plans, IT
general controls, and business process and application control plans.
ANS: T PTS: 1
ANS: F PTS: 1
6. The function composed of people, procedures, and equipment and is typically called the information
systems department, IS department, or the IT department is the information systems organization.
ANS: T PTS: 1
7. The IS function with the responsibility of guiding the IT organization in establishing and meeting user
information requirements is the IT steering committee.
ANS: T PTS: 1
8. The IS function with the principal responsibilities of ensuring the security of all IT resources is data
control.
ANS: F PTS: 1
9. The IS function of quality assurance conducts reviews to ensure the attainment of IT objectives.
ANS: T PTS: 1
10. The chief information officer (CIO) prioritizes and selects IT projects and resources.
ANS: F PTS: 1
11. Within the data center, the data control group is responsible for routing all work into and out of the
data center, correcting errors, and monitoring error correction.
ANS: T PTS: 1
12. The systems development function provides efficient and effective operation of the computer
equipment.
ANS: F PTS: 1
13. Within the data center, the data librarian function grants access to programs, data, and documentation.
ANS: T PTS: 1
14. Combining the functions of authorizing and executing events is a violation of the organizational
control plan known as segregation of duties.
ANS: T PTS: 1
15. Segregation of duties consists of separating the four functions of authorizing events, executing events,
recording events, and safeguarding the resources resulting from consummating the events.
ANS: T PTS: 1
ANS: F PTS: 1
17. A small organization that does not have enough personnel to adequately segregate duties must rely on
alternative controls, commonly called resource controls.
ANS: F PTS: 1
18. The functions of the security officer commonly include assigning passwords and working with human
resources to ensure proper interview practices are conducted during the hiring process.
ANS: T PTS: 1
19. Individual departments coordinate the organizational and IT strategic planning processes and reviews
and approves the strategic IT plan.
ANS: F PTS: 1
20. The policy of requiring an employee to alternate jobs periodically is known as forced vacations.
ANS: F PTS: 1
21. Forced vacations is a policy of requiring an employee to take leave from the job and substitute another
employee in his or her place.
ANS: T PTS: 1
22. A fidelity bond indemnifies a company in case it suffers losses from defalcations committed by its
employees.
ANS: T PTS: 1
23. The WebTrust family of services offers best practices and e-business solutions related exclusively to
B2B electronic commerce.
ANS: F PTS: 1
24. Data encryption is a process that codes data to make it readable to human eye.
ANS: F PTS: 1
25. Systems documentation provides an overall description of the application, including the system's
purpose; an overview of system procedures; and sample source documents, outputs, and reports.
ANS: T PTS: 1
26. Program documentation provides a description of an application program and usually includes the
program's purpose, program flowcharts, and source code listings.
ANS: T PTS: 1
27. The user manual gives detailed instructions to computer operators and to data control about a
particular application.
ANS: F PTS: 1
28. The operations run manual describes user procedures for an application and assists the user in
preparing inputs and using outputs.
ANS: F PTS: 1
29. Training materials help users learn their jobs and perform consistently in those jobs.
ANS: T PTS: 1
30. Program change controls provide assurance that all modifications to programs are authorized and
documented, and that the changes are completed, tested, and properly implemented.
ANS: T PTS: 1
31. Business continuity planning is the process that identifies events that may threaten an organization and
provide a framework whereby the organization will continue to operate when the threatened event
occurs or resume operations with a minimum of disruption.
ANS: T PTS: 1
ANS: F PTS: 1
33. With continuous data protection (CDP) all data changes are data stamped and saved to secondary
systems as the changes are happening.
ANS: T PTS: 1
34. The disaster backup and recovery technique known as electronic vaulting is a service whereby data
changes are automatically transmitted over the Internet on a continuous basis to an off-site server
maintained by a third party.
ANS: T PTS: 1
35. The disaster recovery strategy known as a cold site is a fully equipped data center that is made
available to client companies for a monthly subscriber fee.
ANS: F PTS: 1
36. A facility usually comprised of air-conditioned space with a raised floor, telephone connections, and
computer ports, into which a subscriber can move equipment, is called a hot site.
ANS: F PTS: 1
37. In a logic bomb attack, a Web site is overwhelmed by an intentional onslaught of thousands of
simultaneous messages, making it impossible for the attacked site to engage in its normal activities.
ANS: F PTS: 1
38. Biometric identification systems identify authorized personnel through some unique physical trait such
as fingers, hands, voice, eyes, face, or writing dynamics.
ANS: T PTS: 1
39. Antivirus is a technique to protect one network from another "untrusted" network.
ANS: F PTS: 1
40. The most common biometric devices perform retinal eye scans.
ANS: F PTS: 1
41. Access control software ensures that only authorized users gain access to a system through a process
of identification and authentication.
ANS: T PTS: 1
42. Threat monitoring is a technique to protect one network from another "untrusted" network.
ANS: F PTS: 1
ANS: F PTS: 1
44. An intrusion-detection systems (IDS) logs and monitors who is on or trying to access the network.
ANS: T PTS: 1
45. Intrusion-prevention systems (IPS) actively block unauthorized traffic using rules specified by the
organization.
ANS: T PTS: 1
46. Periodic cleaning, testing, and adjusting of computer equipment is referred to as preventative
maintenance.
ANS: T PTS: 1
47. Computer hacking and cracking is the intentional, unauthorized access to an organization's computer
system, accomplished by bypassing the system's access security controls.
ANS: T PTS: 1
MULTIPLE CHOICE
2. Top 10 management concerns about IT's capability to support an organization's vision and strategy
include all except the following:
a. decline in IT investments during recession
b. overall security of IT assets
c. the Internet
d. need for project management leadership
ANS: C PTS: 1
3. Top security concerns reported by IT security professionals include all the following except:
a. data breaches
b. cyber crimes and cyber attacks
c. data backup
d. workforce mobility
ANS: C PTS: 1
6. The department or function that develops and operates an organization's information systems is often
called the:
a. information systems organization
b. computer operations department
c. controller's office
d. computer technology branch
ANS: A PTS: 1
7. A policy:
a. is a plan or process put in place to guide actions and achieve goals.
b. can compel behavior and enforce penalties for failure to follow.
c. can be used to prevent fraud in an organization.
d. all of the above.
ANS: A PTS: 1
10. This IT function's key control concern is that organization and IT strategic objectives are misaligned:
a. CIO
b. quality assurance
c. IT steering committee
d. systems development manager
ANS: C PTS: 1
11. ____ can consist of many computers and related equipment connected together via a network.
a. PCs
b. Servers
c. LAN
d. Firewall
ANS: C PTS: 1
12. In an information systems organization, which of the following reporting relationships makes the least
sense?
a. The data center manager reports to the CIO.
b. The systems development manager reports to the data center manager.
c. Database administration reports to the technical services manager.
d. The data librarian reports to the data center manager.
ANS: B PTS: 1
13. In an information systems organization, all of the following functions might logically report to the data
center manager except:
a. data control
b. computer operations
c. data librarian
d. quality assurance
ANS: D PTS: 1
14. Managing functional units such as networks, CAD/CAM and systems programming typically is a
major duty of:
a. data center manager
b. systems development
c. technical services manager
d. database administrator
ANS: C PTS: 1
15. From the standpoint of achieving the operations system control goal of security of resources, which of
the following segregation of duties possibilities is least important?
a. between systems programming and computer operations
b. between data control and data preparation personnel
c. between systems development and computer operators
d. between technical services and data center
ANS: B PTS: 1
16. A key control concern is that certain people within an organization have easy access to applications
programs and data files. The people are:
a. data librarians
b. systems programmers
c. systems development
d. data center managers
ANS: B PTS: 1
17. Which of the following has the major duties of prioritizing and selecting IT projects and resources?
a. steering committee
b. security officer
c. CIO
d. systems development manager
ANS: A PTS: 1
18. Which of the following has the responsibility to ensure the security of all IT resources?
a. steering committee
b. security officer
c. CIO
d. systems development manager
ANS: B PTS: 1
19. Which of the following has the responsibility of efficient and effective operation of IT?
a. steering committee
b. security officer
c. CIO
d. systems development manager
ANS: C PTS: 1
20. In an information systems organizational structure, the function of ____ is the central point from
which to control data and is a central point of vulnerability.
a. data control
b. data entry
c. data librarian
d. database administration
ANS: D PTS: 1
21. The control concern that there will be a high risk of data conversion errors relates primarily to which
of the following information systems functions?
a. data control
b. data entry
c. data librarian
d. database administration
ANS: B PTS: 1
22. The controlled access to data, programs, and documentation is a principal responsibility of which of
the following functions?
a. data control
b. data preparation (data entry)
c. data librarian
d. computer operator
ANS: C PTS: 1
23. Which of the following is not one of COBIT's four broad IT control process domains?
a. plan and organize
b. acquire and implement
c. repair and replace
d. monitor and evaluate
ANS: C PTS: 1
25. Which one of the following personnel is not involved in safeguarding resources resulting from
consummating events?
a. security officer
b. technical service manager
c. database administrator
d. CIO
ANS: D PTS: 1
26. The segregation of duties control plan consists of separating all of the following event-processing
functions except:
a. planning events
b. authorizing events
c. executing events
d. recording events
ANS: A PTS: 1
27. A warehouse clerk manually completing an order document and forwarding it to purchasing for
approval is an example of:
a. authorizing events
b. executing events
c. recording events
d. safeguarding resources
ANS: B PTS: 1
28. Specifications for availability, reliability, performance, capacity for growth, levels of user support,
disaster recovery, security, minimal system functionality, and service charges are included in:
a. application documentation
b. service-level requirements
c. business continuity plan
d. security plan
ANS: B PTS: 1
29. Approving a customer credit purchase would be an example of which basic events processing
function?
a. authorizing events
b. executing events
c. recording events
d. safeguarding resources
ANS: A PTS: 1
31. An outside auditing firm annually supervises a physical count of the items in a retail store's shelf
inventory. This is an example of:
a. authorizing events
b. executing events
c. recording events
d. safeguarding resources
ANS: D PTS: 1
32. A warehouse supervisor prepares a sales order listing items to be shipped to a customer and then signs
it approving the removal of the items from the warehouse. The supervisor is performing which
functions?
a. authorizing events and safeguarding of resources
b. executing and recording events
c. authorizing and executing events
d. authorizing and recording events
ANS: C PTS: 1
33. A clerk receives checks and customer receipts in the mail. He endorses the checks, fills out the deposit
slip, and posts the checks to the cash receipts events data. The clerk is exercising which functions?
a. recording and executing events
b. authorizing and executing events
c. recording and authorizing events
d. safeguarding of resources and authorizing events
ANS: A PTS: 1
34. When segregation of duties cannot be effectively implemented because the organization is too small,
we may rely on a more intensive implementation of other control plans such as personnel control
plans. This is called:
a. collusion controls
b. compensatory controls
c. authorizing controls
d. inventory controls
ANS: B PTS: 1
35. COBIT 5:
a. shifts the center of attention from IT to governance.
b. can be implemented by updating from COBIT 4.1.
c. does not have the enablers used in COBIT 4.1
d. all of the above.
ANS: A PTS: 1
36. Which of the following control plans is not a retention control plan?
a. creative and challenging work opportunities
b. occasional performance evaluations
c. competitive reward structure
d. viable career paths
ANS: B PTS: 1
37. Personnel development control plans consist of each of the following except:
a. checking employment references
b. providing sufficient and timely training
c. supporting employee educational interests and pursuits
d. performing scheduled evaluations
ANS: A PTS: 1
38. The primary reasons for performing regular employee performance reviews include all of the
following except:
a. determine whether an employee is satisfying the requirements indicated by a job
description
b. assess an employee's strengths and weaknesses
c. assist management in determining salary adjustments, promotions, or terminations
d. develop a strategy for filling necessary positions
ANS: D PTS: 1
40. A control plan that is designed to detect a fraud by having one employee periodically do the job of
another employee is called:
a. segregation of duties
b. forced vacations
c. periodic audits
d. management control
ANS: B PTS: 1
41. A mechanism by which a company is reimbursed for any loss that occurs when an employee commits
fraud is called a:
a. segregation of duties
b. fidelity bond
c. personnel planning control
d. termination control plan
ANS: B PTS: 1
42. Which of the following personnel security control plans is corrective in nature as opposed to being a
preventive or detective control plan?
a. rotation of duties
b. fidelity bonding
c. forced vacations
d. performing scheduled evaluations
ANS: B PTS: 1
43. Personnel termination control plans might include all of the following except:
a. require immediate separation
b. identify the employee's reasons for leaving
c. establish a policy of forced vacations
d. collect the employee's keys, badges, etc.
ANS: C PTS: 1
44. Instructions for computer setup, required data, restart procedures, and error messages are typically
contained in a(n):
a. systems development standards manual
b. program documentation manual
c. operations run manual
d. application documentation manual
ANS: C PTS: 1
45. Application documentation that describes the application and contains instructions for preparing inputs
and using outputs is a(n):
a. operations run manual
b. user manual
c. program documentation
d. systems documentation
ANS: B PTS: 1
46. Alternative names for contingency planning include all of the following except:
a. disaster recovery planning
b. business interruption planning
c. business disaster planning
d. business continuity planning
ANS: C PTS: 1
47. A data replication strategy where all data changes are data stamped and saved to secondary systems as
the changes are happening is called:
a. mirror site
b. electronic vaulting
c. continuous data protection (CDP)
d. Dumping
ANS: C PTS: 1
48. All of the following are components of a backup and recovery strategy except:
a. echo checking
b. mirror site
c. electronic vaulting
d. hot site
ANS: A PTS: 1
49. Which of the following statements related to denial of service attacks is false?
a. Insurance is available to offset the losses suffered by denial of service attacks.
b. A denial of service attack is designed to overwhelm a Web site, making it incapable of
performing normal functions.
c. Web sites can employ filters to sense multiple messages from a single site.
d. The most effective attacks originate from a small cluster of computers in a remote
geographic region.
ANS: D PTS: 1
50. In an on-line computer system, restricting user access to programs and data files includes all of the
following except:
a. user identification
b. user authentication
c. determining user access rights
d. wearing identification badges
ANS: D PTS: 1
51. Sending out an e-mail pretending to be a legitimate business asking for information about a person's
account is called:
a. dumpster diving
b. phishing
c. smoozing
d. shoulder surfing
ANS: B PTS: 1
52. Which of the following controls restrict access to programs, data, and documentation?
a. library controls
b. password controls
c. authentication controls
d. program change controls
ANS: A PTS: 1
53. This logs and monitors who is on or trying to access an organization's network.
a. biometrics
b. electronic vaulting
c. intrusion detection systems (IDS)
d. firewall
ANS: C PTS: 1
54. Protecting resources against environmental hazards might include all of the following control plans
except:
a. fire alarms and smoke detectors
b. waterproof ceilings
c. voltage regulators
d. rotation of duties
ANS: D PTS: 1
55. Searching through rubbish for system information such as passwords is called:
a. scavenging
b. phishing
c. smoozing
d. shoulder surfing
ANS: A PTS: 1
COMPLETION
ANS: IT governance
PTS: 1
PTS: 1
PTS: 1
PTS: 1
ANS: Monitoring
PTS: 1
6. The function composed of people, procedures, and equipment and is typically called the information
systems department, IS department, or IT department is the ______________________________.
ANS:
information systems organization
IS organization
PTS: 1
PTS: 1
PTS: 1
ANS:
quality assurance
quality assurance (QA)
QA
PTS: 1
10. The ______________________________ group is responsible for routing all work in to and out of the
data center, correcting errors, and monitoring all error correction.
PTS: 1
11. The ______________________________ function provides efficient and effective operation of the
computer equipment by performing tasks such as mounting tapes, disks, and other media and
monitoring equipment operation.
PTS: 1
12. The ______________________________ maintains custody of and controls access to programs, files,
and documentation.
PTS: 1
13. Combining the functions of authorizing and executing events is a violation of the organizational
control plan known as ______________________________.
PTS: 1
14. Segregation of duties consists of separating the four functions of authorizing events,
______________________________ events, ______________________________ events, and
safeguarding the resources resulting from consummating the events.
ANS:
executing, recording
recording, executing
PTS: 1
ANS: collusion
PTS: 1
16. A small organization that does not have enough personnel to adequately segregate duties must rely on
alternative controls, commonly called ______________________________.
PTS: 1
17. The functions of the ______________________________ commonly include assigning passwords and
making sure the IT organization is secure from physical threats.
PTS: 1
ANS: integrity
PTS: 1
PTS: 1
20. ______________________________ is a policy of requiring an employee to take leave from the job
and substituting another employee in his or her place.
PTS: 1
PTS: 1
22. The ______________________________ covers the progression of information systems through the
systems development process, from birth, through implementation, to ongoing use and modification.
ANS:
system development life cycle (SDLC)
system development life cycle
SDLC
PTS: 1
23. Computer software that is used to facilitate the execution of a given business process is called
______________________________.
PTS: 1
ANS:
systems
system
PTS: 1
ANS: Program
PTS: 1
26. The ______________________________ gives detailed instructions to computer operators and to data
control about a particular application.
PTS: 1
27. The ______________________________ describes user procedures for an application and assists the
user in preparing inputs and using outputs.
PTS: 1
28. ______________________________ are documents that help users learn their jobs and perform
consistently in those jobs.
PTS: 1
ANS: Library
PTS: 1
ANS: contingency
PTS: 1
PTS: 1
32. With the data replication strategy known as ______________________________ all data changes are
data stamped and saved to secondary systems as the changes are happening.
ANS:
continuous data protection (CDP)
continuous data protection
CDP
PTS: 1
33. The disaster recovery strategy known as a(n) ______________________________ is a fully equipped
data center that is made available on a standby basis to client companies for a monthly subscriber's fee.
PTS: 1
34. A facility usually comprised of air-conditioned space with a raised floor, telephone connections, and
computer ports, into which a subscriber can move equipment, is called a(n)
______________________________.
PTS: 1
PTS: 1
ANS: Biometric
PTS: 1
ANS: firewall
PTS: 1
ANS: fingerprints
PTS: 1
PTS: 1
40. COBIT 5 has two main components: five _____________ and seven ________________.
ANS:
GEIT principles, enablers
governance of enterprise IT principles, enablers
PTS: 1
PTS: 1
ANS:
Computer hacking and cracking
Computer hacking
Computer cracking
PTS: 1
43. Copies of important stored data, programs, and documentation made periodically are called
______________________________.
ANS: backups
PTS: 1
44. The process whereby lost data is restored and operations are continued is called
______________________________.
ANS: recovery
PTS: 1
45. The site that maintains copies of a primary computing site's programs and data is a(n)
______________________________ site.
ANS: mirror
PTS: 1
46. A(n) ______________________________ uses many computers, called zombies, that unwittingly
cooperate in a denial-of-service attack by sending messages to the target Web site.
PTS: 1
47. The ______________________________ logs and monitors who is on or is trying to access the
network.
ANS:
intrusion-detection system (IDS)
intrusion-detection system
IDS
PTS: 1
48. The ______________________________ actively blocks unauthorized traffic using rules specified by
an organization.
ANS:
intrusion-prevention system (IPS)
intrusion-prevention system
IPS
PTS: 1
49. Watching a user type in passwords or user IDs or listening as they give account information over the
phone is called ______________________________.
PTS: 1
50. ______________________________ is when a hacker calls and requests a password based on some
pretext.
ANS: Smoozing
PTS: 1
51. ______________________________ helps to solve the problem posed by single key cryptography by
employing a pair of matched keys for each system user, one private (i.e., known only to the party who
possesses it) and one public.
PTS: 1
ANS: Phishing
PTS: 1
PROBLEM
1. Below is a list of ten functional titles for the information systems organization structure shown in
Chapter 8. The second list contains descriptions (some partial) of the duties and responsibilities of ten
of the functions.
Required:
On the blank line to the left of each numbered description, place the capital letter of the functional title
that best matches the duties and responsibilities described. Do not use a letter more than once.
Functional Title
A. Quality assurance F. Systems programming
B. Data control G. Technical services manager
C. Data librarian H. CIO
D. Data entry I. IT Steering committee
E. Systems development manager J. Security officer
2. Routes all work into and out of the data center, correct errors, and monitor all
error correction.
ANS:
Duties and
Responsibilities Answer
1 E
2 B
3 H
4 A
5 C
6 G
7 F
8 D
9 J
10 I
PTS: 1
2. The four events-processing functions that constitute the segregation of duties control plan are:
A. Authorizing events
B. Executing events
C. Recording events
D. Safeguarding resources
Required:
Below is a list of ten events-processing activities, five relating to the cycle of activities involved in
processing a sales event and seven relating to the cycle for a purchase event. Classify each of the
twelve activities into one of the four functional categories listed above by placing the letter A, B, C, or
D on the answer line to the left of each number. You should use only one letter for each of the
answers.
EVENT-PROCESSING ACTIVITIES
1. The order entry department instructs the shipping department to ship goods to
a customer by sending an approved document to the shipping department.
8. The purchasing department manager reviews and signs all purchase order
documents in excess of $100.
11. After being received goods are placed into the locked inventory storeroom.
ANS:
Event-Processing
Activity Answer
1 A
2 D
3 B
4 C
5 C
6 B
7 A
8 A
9 B
10 B
11 D
12 C
PTS: 1
3. Listed below are several pervasive control plans discussed in Chapter 8. On the blank line to the left of
each control plan, insert a "P" (preventive), "D" (detective), or "C" (corrective) to best classify that
control. If applicable, more than one code may be inserted for each plan.
8. IT steering committee
9. Security officer
18. Restrict entry to the computer facility through the use of security guards,
locks, badges, and identification cards
P 8. IT steering committee
P 18. Restrict entry to the computer facility through the use of security guards,
locks, badges, and identification cards
PTS: 1
4. The first list below contains 10 control plans discussed in Chapter 8. The second list describes 10
system failures that have control implications.
Required:
On the answer line to the left of each system failure, insert the capital letter from the first list of the
best control plan to prevent the system failure from occurring. If you can't find a control that will
prevent the failure, then choose a detective or a corrective plan. A letter should be used only once.
Control Plans
A. Personnel development control plans
B. Operations run manuals
C. Disaster recovery plans
D. Program change controls
E. Librarian controls
F. Segregation of systems development and programming from computer operations
G. Retention control plans
H. Restriction of physical access to computer resources
I. Segregation of recording events from safeguarding resources
J. Biometric identification system
2. Paul the programmer has modified the accounts receivable statement program
so that the receivables from his cousin Peter will be eliminated from the
accounts receivable master file upon printing of the monthly statements. Paul
made these changes to the program while he was operating the computer on a
Saturday morning.
3. When the hurricane hit the coast, Soggy Records Company lost the use of its
flooded computer room. In such cases, plans called for using an alternate
computer center 100 miles inland. However, Soggy was unable to operate in
the alternate facility because the company's programs and files were lost in
the flooded computer facility.
4. All the files were lost at the Stoughton Company when a visitor sat down at a
computer terminal, signed on using one of the passwords posted on the
computer terminals, and erased some of the data files.
5. Sally is the inventory control/warehouse clerk at Techtron Inc. She has been
stealing secret computer components from the warehouse, selling them to
foreign agents, and covering up her thefts by altering the inventory records.
7. Roger, the night-shift computer operator, has had occasion several times in
the last month to call his supervisor to receive assistance⎯over the
telephone⎯to correct a problem that he was having in operating the
computer.
8. Mary had become quite unhappy with her job at Funk, Inc. She knew that she
was going to quit soon and decided to destroy some computer files. Using her
own username and password, she found several disk packs on a table outside
the computer room and proceeded to "erase" the data with a powerful magnet.
After Mary's departure, Funk spent several months reconstructing the data
that had been on the lost files.
9. One of the inventory control programs at Excess Company has been ordering
more inventory than is required, causing an overstock condition on many
items. During an investigation of the problem, it was discovered that the
inventory ordering program had recently been changed. The changes were
approved, but the new program was never tested.
10. Sydney, the computer operator, did not want to go to work one day because
he wanted to go sailing. He gave his ID card to his cousin Vinny who went to
work for him. Even though he was a computer operator, Vinny did not know
how to operate this computer. He made mistakes and destroyed some data.
ANS:
System
Failure
Number Answer
1 G
2 F
3 C
4 H
5 I
6 A
7 B
8 E
9 D
10 J
PTS: 1
5. The first list below contains 10 control plans discussed in Chapter 8. The second list describes 10
system failures that have control implications.
Required:
On the answer line to the left of each system failure, insert the capital letter from the first list of the
best control plan to prevent the system failure from occurring. (If you can't find a control that will
prevent the failure, then choose a detective or corrective control plan). A letter should be used only
once.
Control Plans
A. Selection and hiring control plans
B. Documentation control plans
C. Personnel termination control plans
D. Segregation of duties
E. Biometric identification system
F. Fire-protection control plans
G. IT steering committee
H. Off-site storage of back up computer files
I. Program change controls
J. Continuous-data protection (CDP)
1. Peter the programmer asked for a substantial increase in salary and benefits.
When turned down, he submitted his two week notice. During those two
weeks he infected the program he was working on with a damaging computer
virus.
2. Cary enters cash receipts into the computer at Kiting Inc. For the past year she
has been pocketing customer payments. To keep herself from being
discovered, she enters credit memos into the computer, which records them as
reductions in the customers' accounts receivable records⎯as if the payment
had been made.
3. Procedures for the approval of orders have been put in place at Overstock
Company. Clyde, the new purchasing agent, was given a briefing on these
procedures when he was hired and has been applying those procedures as best
as he can remember them. Consequently, Clyde sometimes orders more
inventory than is required.
4. The new sales reporting system includes a computer printout that was
supposed to report daily sales to the V.P. of marketing. The report was never
tested and contains erroneous sales figures and is not presented in the format
required by the V.P.
5. There was a flood and all of the computers and all their data were destroyed.
6. Freida was just hired as a computer operator at Vertigo Inc. Just a few days
after being hired, she discovered that she would not be allowed to spend some
of her time writing computer programs. This was contrary to what she was
told initially, and she is now quite unhappy with her circumstances.
8. A fire at the Mitre Corporation caused the release of a poisonous gas which
contaminated the entire building. While the computer files were not destroyed
during the fire, they were contaminated and cannot be removed from the
building and personnel cannot enter the building. It took several months to
recreate the computer files.
ANS:
System
Failure
Number Answer
1 C
2 D
3 B
4 I
5 H
6 A
7 E
8 F
9 G
10 J
PTS: 1