Week 4 : Ethical Issues and Due Care - Midterm Question 1.1. (TCO A) What is the identified risk for COBIT control objectives relating to management personnel obtaining feedback from business process users regarding the quality and usefulness of IT plans? (Points : 4) IT plans may not be present in the organization's long and short-range plans IT plans may not be consistent with the organization's goals IT plans may not be updated regularly New business processes may conflict with current IT plans Question 2.2. (TCO B) Planning and Organization domain control objective 9 of the COBIT standard does not __________. (Points : 4) provide for a business risk assessment provide for risk identification provide for development of a risk action plan place the CEO in a role responsible for IT and business risk management alignment Question 3.3. (TCO C) Delivery and Support domain control objective 3 of the COBIT framework: __________. (Points : 4) addresses the problems of availability and performance requirements addresses the problems of monitoring and reporting addresses the problems of workload forecasting All of the above Question 4.4. (TCO A) The three types of information system administrative controls are __________. (Points : 4) confidentiality, integrity, and availability confidentiality, integrity, and access completeness, integrity, and availability completeness, innovation, and availability Question 5.5. (TCO B) Which law requires organizations to keep physical control of paper documents and control of electronic documents? (Points : 4) Sarbanes-Oxley HIPAA The Federal Financial Management Improvement Act of 1986 SAS 70 Question 6.6. (TCO A) Governance does all of the following except __________. (Points : 4) help in the creation of policy list controls for organizations to employ helps in organizational decision making help with formulating strategic guidelines Question 7.7. (TCO C) A Personal Private Information (PPI) policy does which of the following? (Points : 4) Determines what constitutes PPI and how it must be secured and maintained Determines categories of private information Allows for an opt-in mechanism to remove data Allows for the unrestricted access to personal data Question 8.8. (TCO B) Which of the following is true regarding the COBIT domain of Planning and Organization? (Points : 4) Compliance controls are usually burdensome and require a lot of paperwork. COBIT and ITIL guidelines are best suited for large company structures. There is no one-size-fits-all template for COBIT and ITIL. COBIT, ITIL, and SOX compliance all mean the same thing. Question 9.9. (TCO A) On average, United States companies with a market capitalization of greater than $75 million spend how much to comply with Section 404 of Sarbanes-Oxley? (Points : 4) $2.01 million $6.08 million $2.9 million $3.12 million Question 10.10. (TCO C) Sections 751 and 752 of the BASEL II accord cover __________. (Points : 4) the assessment of the control environment the internal review process the internal monitoring of controls the external review of controls Question 1.1. (TCO B) COBIT controls that include acquiring new applications or staff skill sets are part of what COBIT domain? (Points : 4) Planning and Organizing Delivery and Support Monitoring Acquisition and Implementation Question 2.2. (TCO A) What is the title of Section 404 of SOX? (Points : 4) Management Review of Internal Controls Management Policy on Internal Controls Management Assessment of Internal Controls Management Decision on Internal Controls Question 3.3. (TCO C) HIPAA goals include all of the following except __________. (Points : 4) lowering costs improving healthcare making administrative transactions more secure enhancing privacy of health information Question 4.4. (TCO B) Which of the following is not a part of compliance software that is needed to ensure complete adherence to SOX? (Points : 4) Internal and external auditor processes Enforcement application and database control levels with detection, prevention, and monitoring capabilities Improved internal controls by improving business processes All of the above are needed Question 5.5. (TCO A) The three processes of risk management are __________. (Points : 4) risk mitigation, regulatory compliance, and evaluation risk mitigation, risk assessment, and evaluation and assessment physical, administrative, and technical controls risk avoidance, risk containment, and audit Question 6.6. (TCO A) List and describe the two most important questions one should ask when deciding which COBIT controls to use for an organization? With whom should one verify the controls with? (Points : 20) Question 7.7. (TCO B) How does the COBIT framework assist organizations in self-governance? Specifically, what areas of the COBIT framework relate to governance? (Points : 20) Question 8.8. (TCO C) Analyze and discuss how the Health Insurance Portability and Accountability Act (HIPPA) helps to improve the U.S. healthcare industry. What are some of its challenges? (Points : 20) Question 9.9. (TCO B) What do you think is the value of Segregation of Duties (SOD) as it pertains to SOX? (Points : 20)