Ch.5 It Governance Test Questions & Answers 3rd Edition

ACCOUNTING INFORMATION SYSTEMS/3e

TURNER / WEICKGENANNT/COPELAND

Test Bank: CHAPTER 5: IT Governance

NOTE: All new or adjusted questions are in red. New questions are identified by the letter A as part of the question number; adjusted questions are identified by the letter X as part of the question number.

End of Chapter Questions:

1. IT governance includes all but which of the following responsibilities?
2. Aligning IT strategy with the business strategy
3. Writing programming code for IT systems
4. Insisting that an IT control framework be adopted and implemented
5. Measuring IT’s performance
6. Which phase of the system development life cycle includes determining user needs of the IT system?
7. Systems planning
8. Systems analysis
9. Systems design
10. Systems implementation
11. Which of the following is not part of the system design phase of the SDLC?
12. Conceptual design
13. Evaluation and selection
14. Parallel operation
15. Detailed design
16. Which of the following feasibility aspects is an evaluation of whether the technology exists to meet the need identified in the proposed change to the IT system?
17. Technical feasibility
18. Operational feasibility
19. Economic feasibility
20. Schedule feasibility
21. The purpose of the feasibility study is to assist in
22. Selecting software
23. Designing internal controls
24. Designing reports for the IT system
25. Prioritizing IT requested changes
26. Within the systems analysis phase of the SDLC, which of the following data collection methods does not involve any feedback from users of the IT system?
27. Documentation review
28. Interviews using structured questions
29. Interviews using unstructured questions
30. Questionnaires
31. A request for proposal (RFP) is used during the
32. Phase-in period
33. Purchase of software
34. Feasibility study
35. In-house design
36. Which of the following steps within the systems implementation phase could not occur concurrently with other steps, but would occur at the end?
37. Employee training
38. Data conversion
39. Software programming
40. Post-implementation review

1. Each of the following are methods for implementing a new application system except:
2. Direct cutover
3. Parallel
4. Pilot
5. Test
6. A retail store chain is developing a new integrated computer system for sales and inventories in its store locations. Which of the following implementation methods would involve the most risk?
7. Direct cutover
8. Phased-in implementation
9. Parallel running
10. Pilot testing
11. The use of the SDLC for IT system changes is important for several reasons. Which of the following is not part of the purposes of the SDLC processes?
12. As a part of strategic management of the organization
13. As part of the internal control structure of the organization
14. As part of the audit of an IT system
15. As partial fulfillment of management’s ethical obligations
16. Confidentiality of information is an ethical consideration for which of the following party or parties?
17. Management
18. Employees
19. Consultants
20. All of the above

TEST BANK - CHAPTER 5 - MULTIPLE CHOICE

1. The process of determining the strategic vision for the organization, developing the long-term objectives, creating the strategies that will achieve the vision and objections, and implementing those strategies is referred to as:
2. IT Governance
3. Strategic Governance
4. Strategic Management
5. IT Management
6. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes is called:
7. IT Governance
8. Strategic Governance
9. Strategic Management
10. IT Management
11. To fulfill the management obligations that are an integral part of IT governance, management need not focus on:
12. Aligning IT strategy with the business strategy
13. Hiring an acceptable IT manager
14. Measuring IT’s performance
15. Insisting that an IT control framework be adopted and implemented
16. Which of the following is not one of the approaches used to achieve the management of an IT control framework?
17. Information Systems Audit and Control Association control objectives for IT
18. The International Organization for Standardization 17799, Code of Practice for Information Security Management
19. The Information Technology Infrastructure Library
20. Sarbanes-Oxley Act section on IT Controls
21. OBIT is an acronym for which of the following?
22. Control Objectives for Business and Information Technology
23. Control Objectives for Information and related Technology
24. Center of Business and Informative Technology
25. Control Operations for Information Technology
26. A group of senior managers selected to oversee the strategic management of IT is called:
27. IT Strategic Committee
28. IT Governance Committee
29. Chief Information Officer (CIO)
30. IT Management
31. The formal process that many organizations use to select, design, and implement IT systems is the:
32. Systems Development Life Cycle
33. Control Objectives for IT
34. Practice for Security Management
35. Information Technology Development
36. The IT governance committee is made up of many different individuals within the organization. Which of the following would not be one of those individuals?
37. Chief Information Officer
38. Chief External Auditor
39. Chief Executive Officer
40. Top Managers from User Departments
41. The evaluation of long-term, strategic objectives and prioritization of the IT systems in order to assist the organizations in achieving its objectives is called:
42. Systems Planning
43. Systems Analysis
44. Systems Design
45. Systems Implementation
46. The phases of the SDLC include all of the following except:
47. Systems Planning
48. Systems Implementation
49. Systems Analysis
50. Systems Purchasing
51. This phase of SDLC involves the planning and continuing oversight of the design, implementation, and use of the IT systems.
52. Systems Analysis
53. Systems Implementation
54. Systems Planning
55. Systems Design
56. Which is the correct flow of the SDLC?
57. Systems Planning, Systems Design, Systems Analysis, Operation and Maintenance, Systems Implementation
58. Systems Planning, Systems Analysis, Systems Design, Systems Implementation, Operation and Maintenance
59. Systems Design, Systems Analysis, Systems Planning, Systems Implementation, Operation and Maintenance
60. Systems Design, Systems Planning, Systems Implementation, Operation and Maintenance, Systems Analysis
61. The decision to buy or design software directly follows which step in the system design flowchart?
62. Conceptual Design
63. Systems Analysis
64. Evaluation and Selection
65. Systems Planning
66. The study of the current system to determine the strengths and weaknesses and the user needs of that system is called:
67. Systems Analysis
68. Systems Design
69. Systems Planning
70. Systems Implementation
71. This phase of SDLC requires the collection of data about the system and the careful scrutiny of those data to determine areas of the system that can be improved.
72. Systems Planning
73. Systems Implementation
74. Systems Analysis
75. Systems Purchasing
76. The creation of the system that meets user needs and incorporates the improvements identified by the systems analysis phase is called:
77. Systems Planning
78. Systems Design
79. Systems Analysis
80. Operation and Maintenance
81. The set of steps undertaken to program, test, and activate the IT system as designed in the system design phase is called:
82. Systems Planning
83. Systems Implementation
84. Systems Design
85. Systems Analysis
86. The most common way to test software is to use which of the following?
87. Test Data
88. Parallel Testing
89. Process Conversion Testing
90. process testing
91. The regular, ongoing, functioning of the IT system and the processes to fix smaller problems, or bugs, in the IT system is called:
92. Systems Analysis
93. Systems Planning
94. Operation and Maintenance
95. Systems Implementation
96. During this phase of the SDLC, management should request and receive ongoing reports about the performance of the IT system.
97. Operation and Maintenance
98. System Analysis
99. Systems Design
100. Systems Planning
101. Software Programming involves all of the following except:
102. Training Employees
103. Software Testing
104. Data Conversion
105. Documenting the System
106. The expanded SDLC presented in the textbook expands the processes within the system design phase. This is necessary because:
107. It necessary for most companies to create their own software.
108. The design phase needs to include the programming activities of self-created software.
109. There is usually more than one software or system type that will meet the needs of the organization.
110. Many organizations require a change in the type of operating system along with any changes in software.
111. The Evaluation and Selection cycle of the expanded SDLC would not include which of the following steps?
112. Design or buy the system selected.
113. Identify the alternative system approaches.
114. Evaluate the fit of each of the alternatives to company needs.
115. Implement the alternative selected.
116. The process of matching alternatives system models to the needs identified in the system analysis phase is called:
117. Conceptual Design
118. Systems Analysis
119. Systems Planning
120. Evaluation and Selection
121. All of the following steps come after the evaluation of RFPs and Software in the system design process except:
122. Selecting Software
123. Purchasing software
124. Determining modifications to software
125. Hiring a consultant
126. The process of assessing the feasibility and fit of each of the alternative conceptual approaches and selecting the one that best meets the organization’s needs is termed:
127. Conceptual Design
128. Evaluation and Selection
129. Systems Analysis
130. Systems Implementation
131. The process of designing the outputs, inputs, user interfaces, databases, manual procedures, security and controls, and documentation of the new system is referred to as:
132. Conceptual Design
133. Software Selection
134. Systems Design
135. Detailed Design
136. When attempting to prioritize IT projects, the IT governance committee needs to consider:
137. The assessment of IT systems and their match to strategic organizational objectives.
138. The feasibility of each of the requested modifications or upgrades.
139. Both of the above
140. None of the above
141. A company has stated that the main strategic objective is to improve the accounts payable function within the organization. There are limited resources for IT upgrades and modifications. The IT governance committee has received IT update requests from the public relations department, human services, and vendor satisfaction department. Given this information, which would likely be the first upgrade implemented?
142. Public relations would be first because it would include all areas of the business - vendors, employees, and customers.
143. Vendor satisfaction would be first because it would be most in line with the strategic objective of the company.
144. Human services would be the first because the employees are the ones who are most affected by changes in the IT departments.
145. It is not possible to make a decision without further information.
146. The need to match IT systems to organizational objectives emphasizes the need for the IT governance committee to include top management as its members because:
147. These managers establish strategic objectives and are in the best position to assess the fit of the IT systems to those objectives.
148. These managers are in a position to allocate resources and or time to the projects.
149. Both of the above
150. None of the above
151. The realistic possibility of affording, implementing, and using the IT systems being considered is referred to as:
152. Feasibility
153. Rationality
154. Sequentiality
155. Ranking

1. The assessment of the realism of the possibility that technology exists to meet the need identified in the proposed change to the IT system is called:
2. Operational Feasibility
3. Economic Feasibility
4. Schedule Feasibility
5. Technical Feasibility
6. The assessment of the realism of the possibility that the current employees will be able to operate the proposed IT system is referred to as:
7. Operational Feasibility
8. Economic Feasibility
9. Schedule Feasibility
10. Technical Feasibility
11. The assessment of the costs and benefits associated with the proposed IT system is referred to as:
12. Operational Feasibility
13. Economic Feasibility
14. Schedule Feasibility
15. Technical Feasibility
16. The assessment of the realistic possibility that the proposed IT system can be implemented within a reasonable amount of time is called:
17. Operational Feasibility
18. Economic Feasibility
19. Schedule Feasibility
20. Technical Feasibility
21. Typical steps within the systems analysis phase of the SDLC would not include which of the following?
22. Preliminary Investigation
23. Survey of the Current System
24. Economic Feasibility
25. Determination of User Information Needs
26. The purpose of this step in the systems analysis phase is to determine whether the problem or deficiency in the current system really exists and to make a “go” or a “no-go” decision.
27. Survey of the Current System
28. Determination of User Information Needs
29. Business Process Reengineering
30. Preliminary Investigation
31. A detailed study of the current system to identify weaknesses to improve upon and strengths that should be maintained is referred to as:
32. Preliminary Investigation
33. System Survey
34. Process Reengineering
35. Determination of User Information Needs
36. Watching the steps that employees take as they process transactions in the system is referred to as:
37. Investigation
38. Interrogation
39. Observation
40. Interview
41. The detailed examination of documentation that exists about the system to gain an understanding of the system under study is called a(n):
42. Documentation Review
43. Systems Audit
44. System Survey
45. Records Observation
46. Face-to-face, verbal questioning of users of an IT system to determine facts or beliefs about the system are called:
47. Interrogation
48. User Review
49. Interviews
50. System Survey
51. Structured Question
52. Oral Question
53. Unstructured Question
54. Range Question
55. Structured Question
56. Oral Question
57. Unstructured Question
58. Range Question
59. A written, rather than an oral, form or questioning of users to determine facts or beliefs about a system is referred to as a(n):
60. Interview
61. Questionnaire
62. Interrogation
63. System Survey
64. The purpose of this phase is to question the current approaches in the system and to think about better ways to carry out the steps and processes of the system.
65. Systems Analysis
66. Systems Survey
67. Analysis of Systems Survey
68. Preliminary Investigation
69. The fundamental rethinking and radical redesign of business processes to bring about dramatic improvements in performance is called:
70. Business Process Reengineering
71. Process Redesign
72. Business Analysis and Design
73. Business Process Design and Analysis
74. The many sets of activities within the organization performed to accomplish the functions necessary to continue the daily operations are referred to as:
75. Business Systems
76. Business Processes
77. Business Activities
78. Business Functions
79. The systems analysis report, which is sent to the IT governance committee, will inform the committee of all of the following, except:
80. The results of the systems survey
81. User needs determination
82. Detailed design
83. Recommendations regarding the continuation of the project
84. This document is sent to each software vendor offering a software package that meets the user and system needs and is sent to solicit proposals.
85. Requested Software Package
86. Request for Proposal
87. System Software Request
88. Software Vendor Needs
89. When a vendor returns a request for proposal, it will include all of the following, except:
90. Match of the system and user needs
91. Description of the software
92. The technical support it intends to provide
93. Prices for the software
94. After all of the RFPs have been received, either the IT governance committee or the project team will evaluate the proposals in order to select the best software package. Things that must be considered would include:
95. The match of the system and the user needs to the features of the software
96. Testimonials from other customers who use the software
97. Reputation and reliability of the vendor
98. All of the above
99. This phase of the systems design for in-house development of software involves the identifying the alternative approaches to systems that will meet the needs identified in the system analysis phase.
100. Request for proposal
101. Conceptual design
102. Systems concept
103. Systems analysis
104. The process of assessing the feasibility and fit of each of the alternative conceptual approaches and selecting the one that best fits the organization’s needs is called:
105. Conceptual Design
106. Systems Design
107. Evaluation and Selection
108. Systems Implementation
109. During this process, the project team must consider the number of employees, their capabilities and expertise, and any supporting systems necessary to operate each alternative design.
110. Operational feasibility
111. Technical feasibility
112. Economic feasibility
113. Schedule feasibility
114. The purpose of this analysis is to determine which of the alternative designs is the most cost effective.
115. Operational feasibility
116. Technical feasibility
117. Economic feasibility
118. Schedule feasibility
119. In this feasibility, the project team must estimate the total amount of time necessary to implement the each alternative design.
120. Operational feasibility
121. Technical feasibility
122. Economic feasibility
123. Schedule feasibility
124. Which of the following is NOT one of the approaches to cloud computing?
125. Software as a Service
126. Internet Clouds
127. Platform as a Service
128. Private Clouds
129. All of the following are issues with cloud computing except for:
130. Decreased physical security protocols
131. Increased Accessibility
132. Increased reliance on 3rd party providers
133. Increased risk of hackers
134. Considerations related to adopting or increasing cloud computing usage, include:
135. The customer support provided by the cloud vendor
136. The service level agreement with the cloud provider
137. The manner of monitoring the could service usage
138. All of the above
139. The purpose of this phase of systems design is to create the entire set of specifications necessary to build and implement the system.
140. Detailed design
141. Evaluation and selection
142. Operational design
143. Detailed analysis
144. In the detailed design stage of systems design it is necessary that the various parts of the system be designed. The parts of the system to be designed at this point would include all of the following, except:
145. Outputs
146. Inputs
147. Program Code
148. Data Storage
149. Reports and documents, such as income statements, aged accounts receivable reports, checks, and invoices are referred to as:
150. Outputs of the system
151. Data storage
152. Internal controls
153. Inputs of the system
154. The forms, documents, screens, or electronic means used to put data into the accounting system are called:
155. Outputs of the system
156. Data storage
157. Internal controls
158. Inputs of the system
159. Which of the following is not a method of data input?
160. Keying in data with a keyboard from data on a paper form
161. Electronic data interchange
162. Bar code scanning
163. Viewed on the screen
164. There are many different types of documentation necessary to operate and maintain an accounting system. These types of documentation include all of the following, except:
165. Flowcharts
166. Operator Manuals
167. Output Examples
168. Entity Relationship Diagrams
169. A system conversion method in which the old and the new systems are operated simultaneously for a short time.
170. Direct cutover conversion
171. Phase-in conversion
172. Pilot conversion
173. Parallel conversion
174. A system conversion method in which on a chose date the old system operation is terminated and all processing begins on the new system.
175. Direct cutover conversion
176. Phase-in conversion
177. Pilot conversion
178. Parallel conversion

1. A system conversion method in which the system is broken into modules, or parts, which are phased in incrementally and over a longer period.
2. Direct cutover conversion
3. Phase-in conversion
4. Pilot conversion
5. Parallel conversion
6. A system conversion method in which the system is operated in only one or a few sub-units of the organization.
7. Direct cutover conversion
8. Phase-in conversion
9. Pilot conversion
10. Parallel conversion
11. When the manager of the primary users of the system is satisfied with the system, an acceptance agreement will be signed , the enforce of which makes it much more likely that project teams will seek user input and that the project team will work hard to meet user needs.
12. System Conversion
13. Post-Implementation Acceptance
14. Usr Review
15. User Acceptance
16. A review of the feasibility assessments and other estimates made during the projects, the purpose of which is to help the organization learn from any mistakes that were made and help the company avoid those same errors in the future.
17. System Design Life Cycle
18. Post-Implementation Review
19. User Acceptance
20. System Conversion Review
21. During the operation of an IT system, it is necessary that regular reports are received by management to monitor the performance of the system. These reports would include all of the following, except:
22. IT Security and Number of Security Problems
23. IT Customer Satisfaction
24. Downtime of IT System
25. User Acceptance of the IT System
26. Which of the following is not a part of IT performance?
27. IT load usage and excess capacity
28. Downtime of IT systems
29. Maintenance hours on IT systems
30. IT security and breach issues
31. Which of the following is not a major purpose served by the continual and proper use of the IT governance committee and the SDLC?
32. The fulfillment of ethical obligations
33. The strategic management process of the organization
34. The conversion of the system
35. The internal control structure of the organization
36. The careful and responsible oversight and use by management of the assets entrusted to management is called:
37. IT Governance
38. Stewardship
39. Fiduciary Control
40. System Access
41. Employee Ethical considerations, related to IT governance, would include which of the following?
42. Maintain a set of processes and procedures that assure accurate and complete records.
43. Confidentiality for those who serve on the project teams.
44. Not to disclose proprietary information from the company to clients.
45. Carefully consider the impact of system changes and to be ethical in the manner in which the changes are processed.
46. When an organization hires consultants to assist with any phase or any phases of the SDLC, there are at least four ethical obligations. Which of the following is not one of those obligations?
47. Bid the engagement fairly, and completely disclose the terms of potential cost increases.
48. Bill time accurately to the client and do not inflate time billed.
49. Do not oversell unnecessary services or systems to the client.
50. Make an honest effort to participate, learn the new system processes, and properly use the new system.
51. Which of the following relationships would be allowed for a CPA firm?
52. Offering IT consulting services and completing the external audit.
53. Completing the external audit and maintaining the bookkeeping work.
54. Internal audit outsourcing and financial information systems design and implementation.
55. Providing fairness opinions and completing the external audit.

TEST BANK - CHAPTER 5 - TRUE /

1. IT governance is an issue for executives and top management. Lower level managers and the board of directors are outsiders in the process.
2. In order to meets it obligation of corporate governance, the board of directors must oversee IT.
3. In order to match company strategy to IT systems, the company needs to have an IT governance committee and a formal process to select, design, and implement IT systems.
4. Either the IT governance or the system development life cycle is necessary in the strategic management of IT systems.
5. Once the system development life cycle has determined the priority it places on IT systems, the IT governance committee will manage the development, implementation, and use of the systems.
6. The IT governance committee should constantly assess the long-term strategy of the company and determine the type of IT systems to purchase, develop and use.
7. The systems development life cycle is responsible for the oversight and management of the IT governance committee.
8. Accounting software was often not available in the early days of computers which required that the organization would develop, program, and implement their in-house accounting software.
9. Once the systems development life cycle (SDLC) is complete, it is not necessary to restart the cycle unless something is brought to the attention of the IT governance committee to indicate that another cycle is required.
10. It is likely that the IT governance committee will go back through the phases of the SDLC to design new and improved IT systems.
11. In the modern IT environment, it is necessary for an organization to follow each of the steps in the SDLC in the order presented.
12. The exact steps in the SDLC and/or their sequence are not as important as is the need to formalize and conduct those steps completely and consistently.
13. The IT governance committee will be constantly monitoring the IT system to look for fraud and system abuse.
14. If the operational feasibility determines that the operation will require new training of employees, then the proposed upgrade or modification should be rejected.
15. When the IT governance committee uses both the strategic match and the feasibility study, they will be better able to prioritize proposed changes to the IT systems.
16. When the IT governance committee has made the decision as to which IT upgrades and/or modifications are to be made, their job is complete.
17. Data collection in the system survey step of systems analysis involves documentation review only.
18. The purpose of observation in the system survey is to enable the project team to gain an understanding of the processing steps within the system.
19. During a documentation review, the team would examine only relevant documentation of the proposed upgrade or modification.
20. In order to gain a complete understanding of the system under study, the project team should seek the opinions and thoughts of those who use the system in addition to observation and documentation review.
21. The face-to-face nature of an interview is advantageous due to the fact that the interviewer can clear up any misunderstandings as they occur and can follow up with more questions, depending on the response of the interviewee.
22. One advantage of the interview process is efficiency.
23. One advantage to the use of questionnaires is that they an be answered anonymously, which allows the respondent to be more truthful without fear of negative consequences.
24. The determination of user requirements is often discovered through the use of observation and documentation review.
25. The analysis phase is the critical-thinking stage of systems analysis.
26. IT and business process reengineering have mutually enhancing relationships. The business processes should be supported by the IT capabilities.
27. Business process reengineering takes place at the systems design stage of the SDLC.
28. The last step of the systems analysis phase is to prepare a systems analysis report that will be delivered to the IT governance committee.
29. The steps within the design phase of the SDLC are the same, whether the organization intends to purchase software or to design the software in-house.
30. In general, purchased software is more costly but more reliable than software designed in-house.
31. While it is not necessary to hire a consulting firm, many organizations find that the special expertise of consulting firms is most beneficial in the design and implementation of accounting system software.
32. When in the systems design phase and creating an in-house accounting software, the feasibility aspect is the same as in the systems planning stage.
33. In general, designs that require more complex technology have a higher feasibility than designs with less complex technology.
34. When a company is revising systems, there are intangible benefits that are difficult to estimate in dollars. These intangible benefits should be included in the project team’s report.
35. The incorporation of cloud computing requires a careful, controlled approach to system design related to the costs and benefits. Other issues are not important.
36. Cloud computing results in greater availability, but also requires greater security and processing integrity.
37. The cost of cloud computing is normally related to a period of time, and not to the use of the service.
38. Because the users of reports need the reports on an ongoing basis as part of their jobs, it is critical to have user feedback in the design of the details of the output reports.
39. In general, the manual input method is less error prone that the electronic methods.
40. In the detailed design phase, all of the individual steps within a process must be identified and designed.
41. The internal controls within a system must be designed in the implementation stage.
42. It would not be necessary for the programming staff to have interaction with the accounting staff during the systems implementation process, as all systems design was previously completed.
43. Software should never be implemented before it is tested.
44. It is essential that accountants oversee the data conversion from the old system to the new system to make sure that all accounting data is completely and correctly converted.
45. The file or database storage for the new accounting system is always be different from the old system.
46. The longest and most costly part of the SDLC is the operation and maintenance.
47. During the operation phase of the IT system, it is necessary that management receive regular reports that will enable management to determine whether IT is aligned with business strategy and meeting the objectives of the IT system.
48. Once the SDLC has identified which types of IT systems are appropriate for the company, the IT governance committee becomes the mechanism to properly manage the development, acquisition, and implementation of the IT system.
49. Each organization may approach IT governance in a different manner, but each organization should establish procedures for IT governance.
50. The AICPA Trust Principles failed to include any reference to the internal control structure of the IT systems.
51. Diligent adherence to the SDLC process, by management, is part of fulfilling its ethical obligations of stewardship and fraud prevention.
52. As the result of the passage of the Sarbanes-Oxley Act, CPA firms have unlimited ability to provide non-audit services to their audit clients.

1. SO 1 Management obligations in IT governance

Describe the activities that IT management should focus on when working to fulfill the obligations that are inherent in IT governance.

1. SO 2 Systems Development Life Cycle

List and briefly describe each of the five stages in the Systems Development Life Cycle (SDLC)