IT Governance and Management Flashcards Preview

BEC Flash Cards > IT Governance and Management > Flashcards

Flashcards in IT Governance and Management Deck (30):

List six risks that are greater in an automated than in manual systems.

Reliance on faulty programs, unauthorized access, unauthorized changes, failure to update systems, inappropriate manual intervention, data loss.


Do automated systems increase or decrease the potential for data analytics compared with manual accounting systems?

ncrease since they are designed to include data and text analytic subsystems (e.g., expert systems, DSS, executive support systems).


How does segregation of duties differ in an automated, compared to a manual, accounting system?

Segregated functions are often combined in automated systems, with automated processes then used as a compensating control.


How does the audit trail differ in an automated, compared to a manual, accounting system?

In automated systems, audit trails are often in imaged or other electronic forms. In manual systems, they were paper.


Describe the control objectives for information and related technology (COBIT) framework.

A widely used international standard for identifying best practices in IT security and control. Provides management with an information technology (IT) governance model that helps in delivering value from IT processes and in understanding and managing the IT related risks.


What are the three major components of the COBIT model?

1. Domains and processes,
2. information criteria,
3. IT resources.


According to the COBIT model, what are the four IT domains?

1. Planning and organization,
2. acquisition and implementation,
3. delivery and support, and
4. monitoring and evaluating


According to the COBIT model, what are the seven criteria or properties that information should possess?

1. Effectiveness,
2. efficiency,
3. confidentiality,
4. integrity,
5. availability,
6. compliance, and
7. reliability


According to the COBIT model, what are the five physical resources that, together, comprise an IT system?

1. People,
2. applications,
3. technology,
4. facilities, and
5. data.


What are enterprise resource planning systems (ERPs) ?

These systems provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ERPs attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions.


Define online transaction processing system (OLTP)

This system incorporates data warehouse and data mining capabilities into an ERP system.


What is an online analytical processing system (OLAP)?

This system incorporates data warehouse and data mining capabilities into an ERP system.


What is a cloud-based system?

A cloud-based system is a virtual data pool that is created by contracting with a third-party data storage provider.


Define Infrastructure as a Service (IaaS).

Use of the cloud to access virtual hardware, such as computers and storage. Examples include Amazon Web Services and Carbonite.


Define Platform as a Service (PaaS).

Creating cloud-based software and programs's is an example of PaaS.


Define Software as a Service (SaaS).

Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS. Also Google Docs.


Define Scalability.

The capacity of a system to grow with the information processing needs of an organization.


Define BCM/BCP.

Business (or organizational) continuity management (sometimes abbreviated BCM) is the process of planning for disasters and embedding this plan in an organization's culture. This is sometimes also called business continuity planning (BCP).


What is DRP?

DRPs (disaster recovery plans) enable organizations to plan for, and recover from, disasters. DRP processes include maintaining program and data files, and enabling transaction processing facilities. In addition to backup data files, DRPs must identify mission-critical tasks and ensure uninterrupted processing for these tasks.


Define cold site (empty shell).

An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization.


Define warm site.

A location to which the business can relocate after a disaster. The location is already stocked with computer hardware similar to that of the original site, but does not contain backed up copies of data and information.


Define hot site.

An off-site location that is completely equipped to immediately take over the company's data processing. All equipment plus backup copies of essential data files and programs are also usually maintained at this location. It enables the business to relocate with minimal losses to normal operations - typically within a few hours. A hot site is one of the most expensive facilities to maintain.


Define Mirrored Site

Fully redundant, fully staffed, and fully equipped site with real-time data replication of mission critical systems (ex: credit card processing).


What is a business impact analysis (BIA)?

Identifies the maximum tolerable interruption periods of an organization by function and activity as a part of assessing risk importance and consequences.


List the three main functional areas within an information technology department.

1. Applications Development
2. Systems Administration and Programming
3. Computer Operations


Describe the responsibilities of application programmers.

They work under the direction of the systems analyst to write the actual programs that process data and produce reports


Which department is responsible for developing new systems?

Applications development.


Describe the responsibilities of the computer operations department.

Responsible for the day-to-day operations of the computer system


What personnel in an organization should have access to computer operations ("live data")?

Computer operators (and systems programmers, though their access should be limited to times when they need to update systems hardware or software).


What are the duties of the file librarian.

Responsible for controlling IT-related files, checking them in and out only as necessary to support scheduled jobs. Should not have access to live operating equipment or data.