CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. When reviewing an organization's strategic IT plan an IS auditor should expect to find:
A) an assessment of the fit of the organization's application portfolio with business objectives.
B) actions to reduce hardware procurement cost.
C) a listing of approved suppliers of IT contract resources.
D) a description of the technical architecture for the organization's network perimeter security.
2. The advantage of a bottom-up approach to the development of organizational policies is that the policies:
A) are developed for the organization as a whole
B) are more likely to be derived as a result of a risk assessment.
C) will not conflict with overall corporate policy.
D) ensure consistency across the organization.
3. Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
A) User management coordination does not exist.
B) Specific user accountability cannot be established.
C) Unauthorized users may have access to originate, modify or delete data.
D) Audit recommendations may not be implemented.
4. The PRIMARY objective of an audit of IT security policies is to ensure that:
A) they are distributed and available to all staff.
B) security and control policies support business and IT objectives.
C) there is a published organizational chart with functional descriptions.
D) duties are appropriately segregated.
5. The rate of change in technology increases the importance of:
A) outsourcing the IS function.
B) implementing and enforcing good processes.
C) hiring personnel willing to make a career within the organization.
D) meeting user requirements.
A) an assessment of the fit of the organization's application portfolio with business objectives.
B) actions to reduce hardware procurement cost.
C) a listing of approved suppliers of IT contract resources.
D) a description of the technical architecture for the organization's network perimeter security.
2. The advantage of a bottom-up approach to the development of organizational policies is that the policies:
A) are developed for the organization as a whole
B) are more likely to be derived as a result of a risk assessment.
C) will not conflict with overall corporate policy.
D) ensure consistency across the organization.
3. Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
A) User management coordination does not exist.
B) Specific user accountability cannot be established.
C) Unauthorized users may have access to originate, modify or delete data.
D) Audit recommendations may not be implemented.
4. The PRIMARY objective of an audit of IT security policies is to ensure that:
A) they are distributed and available to all staff.
B) security and control policies support business and IT objectives.
C) there is a published organizational chart with functional descriptions.
D) duties are appropriately segregated.
5. The rate of change in technology increases the importance of:
A) outsourcing the IS function.
B) implementing and enforcing good processes.
C) hiring personnel willing to make a career within the organization.
D) meeting user requirements.
1. Right Answer: A
Explanation: An assessment of how well an organization's application portfolio supports the organization's business objectives is a key component of the overall IT strategic planning process. This drives the demand side of IT planning and should convert into a set of strategic IT intentions. Further assessment can then be made of how well the overall IT organization, encompassing applications, infrastructure, services, management processes, etc., can support the business objectives.Operational efficiency initiatives belong to tactical planning, not strategic planning. The purpose of an IT strategic plan is to set out how IT will be used to achieve or support an organization's business objectives. A listing of approved suppliers of IT contract resources is a tactical rather than a strategic concern. An IT strategic plan would not normally include detail ofa specific technical architecture.
2. Right Answer: B
Explanation: A bottom-up approach begins by defining operational-level requirements and policies, which are derived and implemented as the result of risk assessments.Enterprise-level policies are subsequently developed based on a synthesis of existing operational policies. Choices A, C and D are advantages of a top-down approach for developing organizational policies. This approach ensures that the policies will not be in conflict with overall corporate policy and ensure consistency across the organization.
3. Right Answer: C
Explanation: Without a policy defining who has the responsibility for granting access to specific systems, there is an increased risk that one could gain (be given) system access when they should not have authorization. By assigning authority to grant access to specific users, there is a better chance that business objectives will be properly supported.
4. Right Answer: B
Explanation: Business orientation should be the main theme in implementing security. Hence, an IS audit of IT security policies should primarily focus on whether the IT and related security and control policies support business and IT objectives. Reviewing whether policies are available to all is an objective, but distribution does not ensure compliance. Availability of organizational charts with functional descriptions and segregation of duties might be included in the review, but are not the primary objective of an audit of security policies.
5. Right Answer: B
Explanation: Change requires that good change management processes be implemented and enforced. Outsourcing the IS function is not directly related to the rate of technological change. Personnel in a typical IS department are highly qualified and educated; usually they do not feel their jobs are at risk and are prepared to switch jobs frequently. Although meeting user requirements is important, it is not directly related to the rate of technological change in the IS environment.
Explanation: An assessment of how well an organization's application portfolio supports the organization's business objectives is a key component of the overall IT strategic planning process. This drives the demand side of IT planning and should convert into a set of strategic IT intentions. Further assessment can then be made of how well the overall IT organization, encompassing applications, infrastructure, services, management processes, etc., can support the business objectives.Operational efficiency initiatives belong to tactical planning, not strategic planning. The purpose of an IT strategic plan is to set out how IT will be used to achieve or support an organization's business objectives. A listing of approved suppliers of IT contract resources is a tactical rather than a strategic concern. An IT strategic plan would not normally include detail ofa specific technical architecture.
2. Right Answer: B
Explanation: A bottom-up approach begins by defining operational-level requirements and policies, which are derived and implemented as the result of risk assessments.Enterprise-level policies are subsequently developed based on a synthesis of existing operational policies. Choices A, C and D are advantages of a top-down approach for developing organizational policies. This approach ensures that the policies will not be in conflict with overall corporate policy and ensure consistency across the organization.
3. Right Answer: C
Explanation: Without a policy defining who has the responsibility for granting access to specific systems, there is an increased risk that one could gain (be given) system access when they should not have authorization. By assigning authority to grant access to specific users, there is a better chance that business objectives will be properly supported.
4. Right Answer: B
Explanation: Business orientation should be the main theme in implementing security. Hence, an IS audit of IT security policies should primarily focus on whether the IT and related security and control policies support business and IT objectives. Reviewing whether policies are available to all is an objective, but distribution does not ensure compliance. Availability of organizational charts with functional descriptions and segregation of duties might be included in the review, but are not the primary objective of an audit of security policies.
5. Right Answer: B
Explanation: Change requires that good change management processes be implemented and enforced. Outsourcing the IS function is not directly related to the rate of technological change. Personnel in a typical IS department are highly qualified and educated; usually they do not feel their jobs are at risk and are prepared to switch jobs frequently. Although meeting user requirements is important, it is not directly related to the rate of technological change in the IS environment.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
