Module 3: System Interfaces and End-user Computing, Data Governance

Question 1

What is the difference between a system and system interface?

Answer 1

• A system is a set of elements (software and hardware) that work together to run one or more computers
• A systems interface is a way through which data is transferred from one application to another with little to no human interference.

Question 2

What do you call interfaces that have human interaction?

Answer 2

User interfaces

Question 3

What are the main characteristics of System Interfaces?

Answer 3

1. It shares data
2. It disregards programming language dependency
3. It offers flexibility in application selection

Question 4

Categories of System Interfaces: occur when data is transferred between two systems,

Answer 4

System to system interfaces

Question 5

Categories of System Interfaces: system to system interfaces are made internally only (T or F)

Answer 5

False. It can be internally or externally

Question 6

Categories of System Interfaces: Which category of system interfaces is closely related to data mining?

Answer 6

System to System interfaces

Question 7

Categories of System Interfaces: two
partners are continuously transferring data back and forth across agreed-upon systems

Answer 7

Partner to Partner Interface

Question 8

Categories of System Interfaces: What is the defining characteristic of partner to partner interface?

Answer 8

The transfer of data between individuals are done on a regular basis.

Question 9

Categories of System Interfaces: What is the most unnoticed and unmanaged?

Answer 9

Person to person transfers

Question 10

Risk associated with system interfaces: What is the current solution of organizations to the growth of system interfaces?

Answer 10

1. Centralized methodology for tracking and managing
2. Proper documentation and audit trail

Question 11

Risk associated with system interfaces: What are the risks with unmanaged system interfaces?

Answer 11

1. Data Privacy
2. Data Security
3. Error

Question 12

Risk associated with system interfaces: What is the most critical consideration with regard to system interfaces and why?

Answer 12

Data Integrity. This is because the data is used to generate management reports and for decision making

Question 13

Risk associated with system interfaces: Beyond an effect on business value, even a small error can invoke ___ ____ ___ ___

Answer 13

Potential legal compliance liability

Question 14

Security Issues with System Interfaces: What are system interfaces’ primary and secondary objectives?

Answer 14

Primary: Maintain security of data being transferred through system interfaces
Secondary: To prevent unauthorized access to the data

Question 15

Security Issues with System Interfaces: Unavailability of system interfaces can also affect the?

Answer 15

Reliability of data

Question 16

Controls associated with System Interfaces: What should the IS auditor ensure with regards to System Interfaces?

Answer 16

That there is a program that tracks all system interfaces and transfers of data, both internal and external.

Question 17

Controls associated with System Interfaces: What do you call programs that organizations use to track SIs

Answer 17

Managed File Transfer System

Question 18

Controls associated with System Interfaces: What function should MFT have whether it is commercial or custom?

Answer 18

The ability to see all the transfers made, including ad hoc

Question 19

Controls associated with System Interfaces:
* ___ ___ ___ transfer mechanisms.
* Use ___ ___.
* Automatically __ __ ___ __ __ __ data files.
* ___ ____ data files.
* Connect to __ __ __
* Send and retrieve files __ __ __ __ __ __

Answer 19

1. Manage multiple files
2. multiple protocols
3. encrypt, decrypt and electronically sign
4. Compress/decompress
5. common database servers.
6. via email and secure email

Question 20

Controls associated with System Interfaces:
* Automatically schedule __ ___ __
* Analyze, track and report any ___ of the data being transferred.
* Ensure compliance with __ __ __ __ __.
* Offer a ___ __ __capability for interruptions.
* Integrate with ___ __ __ to automate data transfers as much
as feasible.

Answer 20

1. regular data transfers.
2. attributes
3. appropriate regulatory laws and mandates
4. checkpoint or restart
5. back-office applications

Question 21

Controls associated with System Interfaces: Example of manual controls for system interfaces?

Answer 21

Manual reconciliation done by a qualified person

Question 22

Controls associated with System Interfaces: What should be used when industrial espionage, identity theft, etc. are likely to happen?

Answer 22

Encryption should be used when unauthorized access is relatively high

Question 23

Controls associated with System Interfaces: What might be required in the transfer process and data files

Answer 23

Process: High access and authentication controls
Files: Password protected

Question 24

Controls associated with System Interfaces: What information must be captured to ensure an audit trail?

Answer 24

( 2 Whos 2 Whens 1 What)
1. Who sent and received
2. When sent and received
3. What is the data structure

Question 25

Controls associated with System Interfaces: automated logs must be especially assessed if?

Answer 25

It has gone to an external system

Question 26

End-user computing: What are the characteristics of end user computing?

Answer 26

1. From end users
2. Created own application
3. Made by non programmers

Question 27

End-user computing: Who is the liaison between the IT department and end users?

Answer 27

End-user support manager

Question 28

End-user computing: What are the advantages of end user computing?

Answer 28

1. Lessens the stress on IT department
2. rapidly addressing shifting marketplaces, regulations and consumer interests

Question 29

End-user computing: What are the main disadvantages of end user computing?

Answer 29

1. It does not go through an independent review
2. It did not follow a formal development methodology

Question 30

End-user computing: In what aspects does EUC lead to security risk?

Answer 30

1. Authorization
2. Authentication
3. Audit Logging
4. Encryption

Question 31

End-user computing: management should define __ ___to determine the criticality of the application. These
applications should also be subject to ___ ___,

Answer 31

Risk Criteria; Data classification

Question 32

End-user computing: More often than not, EUC applications post risks to organization (T or F)

Answer 32

False because they dont usually pose a great risk to the org

Question 33

End-user computing: What should the organization do to EUC applications that are critical

Answer 33

Be subjected to the same controls as any other application

Question 34

Data Governance: Data governance reflects the practice of ___ ___ and ___ ___ ___ ___ over data and information so that users have access to that data and can trust and rely on it.

Answer 34

evaluating requirements; bringing direction and control

Question 35

Data governance: Data governance also involves __ __ __ __ __ __, specifically those areas that relate to data and its availability, integrity and confidentiality

Answer 35

monitoring the performance of IT operations

Question 36

Data Management: What is the meaning of DMBOK

Answer 36

Data Management Body of Knowledge

Question 37

Data Management: What is the key to data management?

Answer 37

Data Quality

Question 38

Data Management: What are the three subdimensions of data quality?

Answer 38

1. Intrinsic
2. Contextual
3. Security/Accessibility

Question 39

Data Management: What should the IS auditor ensure?

Answer 39

1. quality of data is able to meet the strategic objectives of the organization
2. The applications is in line with organizational objectives