Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISA - Doshi - Domain 2 - Governance > 3.a: Quiz IT Alignment > Flashcards

3.a: Quiz IT Alignment Flashcards

1
Q

(1)The prime objective of review of information systems by IT steering committee should be to
assess:

A. alignment of IT processes as per business requirement.
B. alignment of business process as per IT requirement.
C. the capacity of existing software.
D. the capacity of installed technology.

A

Answer: A. alignment of IT processes as per business requirement.

Explanation:
(A)IT steering committee must determine that IT processes are designed as per business
requirement and that whether IS processes support the business requirement. The role of an IT
steering committee is to ensure that the IS objectives are in line with business objectives.
(B)In no case business process should be defined as per IT requirement.
(C)Capacity of existing software and installed technology are important consideration. However
prime objective should be to assess alignment of IT processes as per business requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(2) An IS auditor is reviewing an organization’s IT strategic plan. He should FIRST review:

A. alignment of IT processes as per business requirement.
B. the business plan.
C. the capacity of installed technology.
D. latest technology trends.

A

Answer: B. the business plan.

Explanation:
(A)The very first step in reviewing an organization’s IT strategic plan is to review/understand the
business plan. Without understanding the context in which business operates and its expansion
plan, review of strategic plan may not be that effective. To evaluate the IT strategic plan, the IS
auditor would first need to familiarize him/herself with the business plan.
(B)Alignment of IT processes as per business is an important consideration. However, first one
needs to understand the business.
(C)Impact and capacity of technology depends on nature of business and business plan. Hence
understanding of business plan should be first step.
(

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

(3) Information security governance requires strategic alignment in terms of:

A. enterprise requirements are the basis for security requirements.
B. security requirements are the basis for enterprise requirements.
C. current technology trend.
D. benchmarking with industry standards.

A

Answer: A. enterprise requirements are the basis for security requirements.

Explanation:
(1)Information security to be effective should be in line with enterprise requirements. Hence
enterprise requirements should form the basis of security requirements. Other options are not
relevant.
(2)Security requirements should not form the basis for enterprise requirements. It should be other
way round.
(3)Current technology and benchmarking are important consideration though prime consideration
should be alignment of security requirements in terms of enterprise objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

(4)As a part of effective IT governance, IT Plan should be consistent with the organization’s:

A. business plan.
B. information security plan.
C. business continuity plan.
D. risk management plan

A

Answer: A. business plan.

Explanation:
To govern IT effectively, IT and business should be moving in the same direction, requiring that the
IT plans are aligned with an organization’s business plans. Information security, business
continuity and risk management should be considered while developing IT plan, but all this will
add value only if IT plan is in line with business plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(5)Best way to determine that whether IS functions support the organization’s business objective is
to ensure that:

A. IS has latest available equipments.
B. IS plans are designed as per business objectives.
C. all resources are utilized effectively and efficiently.
D. IS has proper control over outsourcing partners.

A

Answer: B. IS plans are designed as per business objectives.

Explanation:
To govern IT effectively, IT and business should be moving in the same direction, requiring that the
IT plans are aligned with an organization’s business plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

(6) To improve the IS alignment with business, which of the following is the best practice:

A. Outsourcing risks are managed.
B. Use of latest technology to operate business.
C. Structured way of sharing of business information.
D. Involvement of top management to mediate between business and information system.

A

Answer: D. Involvement of top management to mediate between business and information system.

Explanation:
(1)Strategic alignment can be best assured by involvement of top management. Top management
who are very well aware of business objectives can derive maximum benefit from information
system by way of structure alignment.
(2)Management of outsourcing risk is a good practice however it does not necessarily ensures IS
alignment with business.
(3)Use of latest technology and structured way of information sharing may not be effective in
absence of mandate from top management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

(7)An IS auditor is evaluating an organization’s IS strategy. Which of the following would be the
MOST important consideration?

A. Organizations IS strategy has been approved by CIO.
B. Organization’s IS strategy is designed as per IS department’s budget.
C. Organization’s IS strategy is considered on the basis of latest technology available in the market.
D. Organization’s IS strategy supports the business objectives of the organization.

A

Answer: D. Organization’s IS strategy supports the business objectives of the organization.

Explanation:
It must be noted that IS function will not effective if same does not supports the business objectives
of the organization. Other factors are important consideration but they can be meaningless in
absence of IS alignment with business objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

(8) An IS auditor is evaluating an organization’s IT security policy. The PRIMARY objective is to
ensure that:

A. IT security policy is available with all the users.
B. IT security policy support business and IT objectives.
C. IT security policy is considered on the basis of latest technology available in the market.
D. IT security policy is approved by top management

A

Answer: IT security policy support business and IT objectives.

Explanation:
It must be noted that IT security function will not effective if same does not supports the business
objectives of the organization. Other factors are important consideration but they can be
meaningless in absence of proper alignment of IT security with business and IT objectives. Even if
top management approves the policy which is not in line with business objective, same should be
questionable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(9) IT governance to be effective requires that:

A. the business strategies and objectives supports the IT strategy.
B. the business strategy is derived from an IT strategy.
C. Cost effective IT governance.
D. the IT strategy supports the business strategies and objectives.

A

Answer: D. the IT strategy supports the business strategies and objectives.

Explanation:
Effective IT governance need to manage two dimensions of governance. First and primary,
governance is a decision-making framework that reflects the organization’s goals and priorities,
and how the organization intends to achieve them. Second, governance processes, covers the
structures and methods the organization uses to execute and institutionalize the governance
framework. In essence, the framework is what the organization has decided, while the process is
how the organization will institutionalize those decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

(10)IS auditor is reviewing software development process. Which of the following is best way to
ensure that business requirements are met during software development?

A. Proper training to developer.
B. Programmers with good business knowledge.
C. Adequate documentation.
D. user engagement in development process.

A

Answer: D. user engagement in development process.

Explanation:
Though other factors are important to ensure all the requirements have been considered, best way
is to ensure that users are frequently engaged from early stage of software development. End users anchor the value stream. Most software requirements techniques start by asking users what they
want or need the system to do.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

(11) An IS auditor is reviewing an organization’s IS strategy. Which among below is the most
important criteria for such review?

A. It includes a mission statement.
B. It includes usage of latest technology.
C. It includes best security practices.
D. It supports the business objectives

A

Answer: D It supports the business objectives.

Explanation:
The correct answer is D. Other factors are important consideration but if IS strategy is not in line
with business objectives, IS strategy will not add value to the business.
54

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISA - Doshi - Domain 2 - Governance (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions