CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 206
1. An IS auditor is reviewing a project to implement a payment system between a parent bank and a subsidiary. The IS auditor should FIRST verify that the:
A) technical platforms between the two companies are interoperable.
B) parent bank is authorized to serve as a service provider.
C) security features are in place to segregate subsidiary trades.
D) subsidiary can join as a co-owner of this payment system.
2. IT control objectives are useful to IS auditors, as they provide the basis for understanding the:
A) desired result or purpose of implementing specific control procedures.
B) best IT security control practices relevant to a specific entity.
C) techniques for securing information.
D) security policy.
3. Which of the following provides the best evidence of the adequacy of a security awareness program?
A) The number of stakeholders including employees trained at various levels
B) Coverage of training at all locations across the enterprise
C) The implementation of security devices from different vendors
D) Periodic reviews and comparison with best practices
4. The PRIMARY objective of implementing corporate governance by an organization's management is to:
A) provide strategic direction.
B) control business operations.
C) align IT with business.
D) implement best practices.
5. Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?
A) Define a balanced scorecard (BSC) for measuring performance
B) Consider user satisfaction in the key performance indicators (KPIs)
C) Select projects according to business benefits and risks
D) Modify the yearly process of defining the project portfolio
A) technical platforms between the two companies are interoperable.
B) parent bank is authorized to serve as a service provider.
C) security features are in place to segregate subsidiary trades.
D) subsidiary can join as a co-owner of this payment system.
2. IT control objectives are useful to IS auditors, as they provide the basis for understanding the:
A) desired result or purpose of implementing specific control procedures.
B) best IT security control practices relevant to a specific entity.
C) techniques for securing information.
D) security policy.
3. Which of the following provides the best evidence of the adequacy of a security awareness program?
A) The number of stakeholders including employees trained at various levels
B) Coverage of training at all locations across the enterprise
C) The implementation of security devices from different vendors
D) Periodic reviews and comparison with best practices
4. The PRIMARY objective of implementing corporate governance by an organization's management is to:
A) provide strategic direction.
B) control business operations.
C) align IT with business.
D) implement best practices.
5. Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?
A) Define a balanced scorecard (BSC) for measuring performance
B) Consider user satisfaction in the key performance indicators (KPIs)
C) Select projects according to business benefits and risks
D) Modify the yearly process of defining the project portfolio
1. Right Answer: B
Explanation: Even between parent and subsidiary companies, contractual agreement(s) should be in place to conduct shared services. This is particularly important in highly regulated organizations such as banking. Unless granted to serve as a service provider, it may not be legal for the bank to extend business to the subsidiary companies. Technical aspects should always be considered; however, this can be initiated after confirming that the parent bank can serve as a service provider.Security aspects are another important factor; however, this should be considered after confirming that the parent bank can serve as a service provider. The ownership of the payment system is not as important as the legal authorization to operate the system.
2. Right Answer: A
Explanation: An IT control objective is defined as the statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity.They provide the actual objectives for implementing controls and may or may not be the best practices. Techniques are the means of achieving an objective, and a security policy is a subset of IT control objectives.
3. Right Answer: D
Explanation: The adequacy of security awareness content can best be assessed by determining whether it is periodically reviewed and compared to industry best practices.Choices A, B and C provide metrics for measuring various aspects of a security awareness program, but do not help assess the content.
4. Right Answer: A
Explanation: Corporate governance is a set of management practices to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized. Hence, the primary objective of corporate governance is to provide strategic direction. Based on the strategic direction, business operations are directed and controlled.
5. Right Answer: C
Explanation: Prioritization of projects on the basis of their expected benefit(s) to business, and the related risks, is the best measure for achieving alignment of the project portfolio to an organization's strategic priorities. Modifying the yearly process of the projects portfolio definition might improve the situation, but only if the portfolio definition process is currently not tied to the definition of corporate strategies; however, this is unlikely since the difficulties are in maintaining the alignment, and not in setting it up initially. Measures such as balanced scorecard (BSC) and key performance indicators (KPIs) are helpful, but they do not guarantee that the projects are aligned with business strategy.
Explanation: Even between parent and subsidiary companies, contractual agreement(s) should be in place to conduct shared services. This is particularly important in highly regulated organizations such as banking. Unless granted to serve as a service provider, it may not be legal for the bank to extend business to the subsidiary companies. Technical aspects should always be considered; however, this can be initiated after confirming that the parent bank can serve as a service provider.Security aspects are another important factor; however, this should be considered after confirming that the parent bank can serve as a service provider. The ownership of the payment system is not as important as the legal authorization to operate the system.
2. Right Answer: A
Explanation: An IT control objective is defined as the statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity.They provide the actual objectives for implementing controls and may or may not be the best practices. Techniques are the means of achieving an objective, and a security policy is a subset of IT control objectives.
3. Right Answer: D
Explanation: The adequacy of security awareness content can best be assessed by determining whether it is periodically reviewed and compared to industry best practices.Choices A, B and C provide metrics for measuring various aspects of a security awareness program, but do not help assess the content.
4. Right Answer: A
Explanation: Corporate governance is a set of management practices to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized. Hence, the primary objective of corporate governance is to provide strategic direction. Based on the strategic direction, business operations are directed and controlled.
5. Right Answer: C
Explanation: Prioritization of projects on the basis of their expected benefit(s) to business, and the related risks, is the best measure for achieving alignment of the project portfolio to an organization's strategic priorities. Modifying the yearly process of the projects portfolio definition might improve the situation, but only if the portfolio definition process is currently not tied to the definition of corporate strategies; however, this is unlikely since the difficulties are in maintaining the alignment, and not in setting it up initially. Measures such as balanced scorecard (BSC) and key performance indicators (KPIs) are helpful, but they do not guarantee that the projects are aligned with business strategy.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment