1. List and describe the two most important questions one should ask when deciding which COBIT controls to use for an organization? With whom should one verify the controls with?
2. How does the COBIT framework assist organizations in self-governance? Specifically, what areas of the COBIT framework relate to governance?
3. Analyze and discuss how the Health Insurance Portability and Accountability Act (HIPPA) helps to improve the U.S. healthcare industry. What are some of its challenges?
4. What do you think is the value of Segregation of Duties (SOD) as it pertains to SOX?
Multiple choice questions
|
Question 2.2. (TCO B) Planning and Organization domain control objective 9 of the COBIT standard does not __________. |
provide for a business risk assessment
provide for risk identification
provide for development of a risk action plan
place the CEO in a role responsible for IT and business risk management alignment
|
Question 5.5. (TCO B) Which law requires organizations to keep physical control of paper documents and control of electronic documents? (Points : 4) |
Sarbanes-Oxley
HIPAA
The Federal Financial Management Improvement Act of 1986
SAS 70
|
Question 6.6. (TCO A) Governance does all of the following except __________. (Points : 4) |
help in the creation of policy
list controls for organizations to employ
helps in organizational decision making
help with formulating strategic guidelines
|
Question 7.7. (TCO C) A Personal Private Information (PPI) policy does which of the following? (Points : 4) |
Determines what constitutes PPI and how it must be secured and maintained
Determines categories of private information
Allows for an opt-in mechanism to remove data
Allows for the unrestricted access to personal data
|
Question 8.8. (TCO B) Which of the following is true regarding the COBIT domain of Planning and Organization? (Points : 4) |
Compliance controls are usually burdensome and require a lot of paperwork.
COBIT and ITIL guidelines are best suited for large company structures.
There is no one-size-fits-all template for COBIT and ITIL.
COBIT, ITIL, and SOX compliance all mean the same thing.
|
Question 8.8. (TCO B) Which of the following is true regarding the COBIT domain of Planning and Organization? (Points : 4) |
Compliance controls are usually burdensome and require a lot of paperwork.
COBIT and ITIL guidelines are best suited for large company structures.
There is no one-size-fits-all template for COBIT and ITIL.
COBIT, ITIL, and SOX compliance all mean the same thing.
|
Question 9.9. (TCO A) On average, United States companies with a market capitalization of greater than $75 million spend how much to comply with Section 404 of Sarbanes-Oxley?(Points : 4) |
$2.01 million
$6.08 million
$2.9 million
$3.12 million
|
Question 10.10. (TCO C) Sections 751 and 752 of the BASEL II accord cover __________. (Points : 4) |
the assessment of the control environment
the internal review process
the internal monitoring of controls
the external review of controls
|
Question 1.1. (TCO B) COBIT controls that include acquiring new applications or staff skill sets are part of what COBIT domain? (Points : 4) |
Planning and Organizing
Delivery and Support
Monitoring
Acquisition and Implementation
|
Question 4.4. (TCO B) Which of the following is not a part of compliance software that is needed to ensure complete adherence to SOX? (Points : 4) |
Internal and external auditor processes
Enforcement application and database control levels with detection, prevention, and monitoring capabilities
Improved internal controls by improving business processes
All of the above are needed
