Chapter 9

Question 1

Archetype

Answer 1

Archetype: A pattern resulting from decision rights allocation.

Question 2

Centralized IS Organizations

Answer 2

Centralized IS organization: The organization structure that brings together all power, staff, hardware, software,
data, and processing into a single location/position

Question 3

Control Objectives for Information and Related Technology)

Answer 3

Control Objectives for Information and Related Technology (COBIT): The IT governance framework
for decision controls that is consistent with the Committee of Sponsoring Organizations of the Treadway
Commission (COSO) and that provides systematic rigor needed for the strong internal controls and Sarbanes–
Oxley compliance.

Question 4

Consumerization

Answer 4

Consumerization of IT: The drive to port applications to personal devices and the ensuing issues involved in making them work in business organizations.

Question 5

Decentralized IS Organizations

Answer 5

Decentralized IS organization: The IS organization structure that scatters power, hardware, software, networks,
and data components in different locations/positions to address local business needs

Question 6

Digital Ecosystem

Answer 6

Members of the ecosystem contribute their strengths,
giving the whole ecosystem a complete set of capabilities
that can impact decision making and operations.

Question 7

Federalism

Answer 7

Federalism: The organization structuring approach that distributes power, hardware, software, data, and personnel
between a central IS group and IS in business units.

Question 8

Governance

Answer 8

Governance (in the context of business enterprises): The established process of making decisions, defining
expectations, granting power, or verifying performance.

Question 9

Information Technology Infrastructure Library (ITIL)

Answer 9

Information Technology Infrastructure Library (ITIL): The control framework that offers a set of concepts
and techniques for managing information technology infrastructure, development, and operations that was developed in United Kingdom.

Question 10

IT Governance

Answer 10

Information technology (IT) governance: The established decision rights and accountability framework to 
encourage desirable behavior in using IT.

Question 11

Review Board

Answer 11

Review board: A committee that is formally designated to approve, monitor, and review specific topics related to
the IS department and systems.

Question 12

Sarbanes-Oxley Act (SoX)

Answer 12

Sarbanes–Oxley (SoX) Act of 2002: The U.S. act to increase regulatory visibility and accountability of public
companies and their financial health.

Question 13

Steering Committee

Answer 13

Steering committee: An IT governance mechanism that calls for joint participation of IT and business leaders in
making decisions about IT as a group

Question 14

1. This is an IT governance framework that is consistent with COSO controls.
   a) HIPPA
   b) COBIT
   c) SoX
   d) ISACA
   e) ISO

Answer 14

b) COBIT

Question 15

2. The Sarbanes-Oxley Act of 2002 was primarily aimed at which functional unit of a corporation?
   a) Marketing
   b) Production
   c) Sales
   d) IT
   e) Finance

Answer 15

e) Finance

Question 16

3. All of the following are frameworks for implementing Sarbanes-Oxley compliance EXCEPT:
   a) COSO
   b) BCP
   c) COBIT
   d) ITIL
   e) Committee for Sponsoring Organization of the Treadway Commission

Answer 16

b) BCP

Question 17

4. All of the following are mechanisms that can be created to ensure good IT governance EXCEPT:
   a) Policies
   b) Review boards
   c) Steering Committees
   d) Consultants
   e) IT Governance Council

Answer 17

d) Consultants

Question 18

5. After Intel faced strong shifts in technologies, such as cloud services, social networking, mobile devices, etc., Intel realized that it needed to establish better governance, creating a _______________.
   a) Employee boards
   b) Customer boards
   c) Security committees
   d) Information governance boards
   e) Higher control framework

Answer 18

d) Information governance boards

Question 19

6. This is a balanced approach to managing a company’s IT organization.
   a) Centralization
   b) Decentralization
   c) Federalism
   d) Joint-Control
   e) Business Centricity

Answer 19

c) Federalism

Question 20

7. This type of organization management is where IT controls most of its IT infrastructure in one location.
   a) Distributed IS organization
   b) Decentralized IS organization
   c) Federalism
   d) Joint-Control IS organization
   e) Centralized IS organization

Answer 20

e) Centralized IS organization

Question 21

8. Most companies would like to obtain the advantages derived from both centralized and decentralized organizational paradigms. What type of IT governance model would best help them to achieve this goal?
   a) Distributed Control
   b) Decentralized
   c) Federalism
   d) Joint-Control
   e) Centralized

Answer 21

c) Federalism

Question 22

9. IT organizations implement powerful information systems like ERP and SCM that provide centralized data repositories. In addition, business units have tools for their particular units that individuals can use to report on and analyze collected data. This IT governance approach is best described as: ________.

Answer 22

c) Federalism

Question 23

10. ________ of the 1960’s dictated a centralized approach to IT governance.
    a) Servers
    b) Mainframes
    c) Networks
    d) PCs
    e) The WWW

Answer 23

b) Mainframes

Question 24

11. ________ of the 1980’s allowed computing power to spread and gave rise to a decentralized approach to IT governance.
    a) Servers
    b) Mainframes
    c) Networks
    d) PCs
    e) The WWW

Answer 24

d) PCs

Question 25

12. ______________ organizations scatter IT components in different locations to address local business needs. a) Distributed Control b) Decentralized c) Federalism d) Joint-Control e) Centralized

Answer 25

b) Decentralized

Question 26

13. The IT Governance Council reports directly to the board of directors or the ________. a) CIO b) CTO c) CEO d) COO e) CFO

Answer 26

c) CEO

Question 27

14. IT governance has two major components: the assignment of decision-making authority and responsibility, and the __________________________. a) cost considerations b) decision rights c) business plan d) capability maturity model e) decision-making mechanisms

Answer 27

e) decision-making mechanisms

Question 28

15. The archetype that is represented by a group of business executives that might or might not include the CIO is: a) IT monarchy b) Feudal c) Federal d) Business monarchy e) IT duopoly

Answer 28

d) Business monarchy

Question 29

16. The archetype that is represented by IT executives and one other group is: a) IT monarchy b) Feudal c) Federal d) Business monarchy e) IT duopoly

Answer 29

e) IT duopoly

Question 30

17. IT decisions have been categorized by Peter Weill and Jeanne Ross. These categories include all of the following EXCEPT: a) IT principles b) IT architecture c) IT infrastructure d) Business application needs e) IT security

Answer 30

e) IT security

Question 31

18. The decision about approval and justification of new technologies would fall into which one of the five major IT decision categories? a) IT principles b) IT architecture c) IT infrastructure d) Business application needs e) IT investment and prioritization

Answer 31

e) IT investment and prioritization

Question 32

19. The decisions that determine how IT assets are structured fall into which one of the five major IT decision categories? a) IT principles b) IT architecture c) IT infrastructure d) Business application needs e) IT investment and prioritization

Answer 32

b) IT architecture

Question 32

19. The decisions that determine how IT assets are structured fall into which one of the five major IT decision categories? a) IT principles b) IT architecture c) IT infrastructure d) Business application needs e) IT investment and prioritization

Answer 32

b) IT architecture

Question 33

20. This IT governance archetype consists of IT individuals or groups of IT executives. a) Business monarchy b) IT monarchy c) Feudal d) Federal e) IT Duopoly

Answer 33

b) IT monarchy

Question 34

21. This IT governance archetype consists of C-level executives and at least one other business group. An IT executive may be an additional participant. a) Business monarchy b) IT monarchy c) Feudal d) Federal e) IT Duopoly

Answer 34

d) Federal

Question 35

22. A steering committee works especially well with this particular IT governance archetype. a) Business monarchy b) IT monarchy c) Feudal d) Federal e) IT Duopoly

Answer 35

d) Federal

Question 36

23. A steering committee is geared only towards the highest level of the organization and reports directly to the board of directors or the CEO. tf

Answer 36

F

Question 37

24. As a result of Sarbanes-Oxley, IT managers are now required to manage the level of controls needed to mitigate risk in business processes.

Answer 37

Ans: True (Medium)

Question 38

25. The global nature of business today makes complete centralization impossible.

Answer 38

T

Question 39

26. IT plays a major role in ensuring the accuracy of financial data.

Answer 39

T

Question 40

27. As a result of Sarbanes-Oxley Act, the CEO, CFO and CIO must certify financial accounting records.

Answer 40

F

Question 41

28. There were pressures for centralizing IT back when mainframes ruled, but today’s use of “consumerized” technologies have provided strong pressure, by IT people, for decentralization.

Answer 41

F

Question 42

29. Federal IT provides for strong centralization, like the U.S. Federal Government.

Answer 42

F