CPE Quiz

Prepared by Kamal Khan, CISA, CISSP, CITP, MbCS

Take the quiz online: Quiz #145

beLLeHuMeur Ar TICLe

1. Documentation enables organizations to mitigate their risk across several strategic areas, including loss of intellectual capital, data and IT operations, clarity and momentum.

2. With documentation, there appear to be four distinct buckets into which IT departments tend to fall: no documentation, little and sporadic documentation, average documentation, and overdocumentation.

3. IT departments do not know how to document. Documentation does not mean writing everything down. It is actually a strategic process that consists of capturing, structuring, presenting, communicating and storing written information. IT professionals tend to struggle with structuring, presenting and communicating.

4. Moving the team and department to the optimized documentation bucket is a three-step process consisting of adopting a strategic process, having the right people, and building a culture of accountability and best practices around effective documentation.

gOLDberg Ar TICLe

5. The Institute of Internal Auditors (IIA) standards regarding risk assessment state:

2020.A3: The internal audit activity’s plan of engagements must be based on a documented risk assessment, undertaken at least annually. The input of senior management and the board must be considered in this process.

2040.A5: The auditor must identify and consider the expectations of senior management, the board and other stakeholders for internal audit opinions and other conclusions.

6. Internal audit can assist management and the board/audit committee in the ERM process by monitoring, examining, recommending improvements, evaluating and reporting.

7. Without performing a risk assessment, IA is at risk of losing its relevance. IA has a role in helping the organization understand and prepare for the associated risk implications of entering new markets, leveraging new technologies (e.g., social media, cloud) or expanding its business portfolio organically or inorganically.

8. Many internal auditors perform the annual risk assessment and carry out work based on the actual risk to the organization rather than reproduce the work from the prior year or budget hours based on man-hours available.

9. Many organizations, through audit activities, identify and evaluate companywide risk levels by examining trends and comparisons within a single process or system throughout the year.

rAVAL Ar TICLe

10. Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives.

11. The accountability for the creation of business value (BV) is easier to identify than the accountability for IT resources and processes.

12. Roughly, COBIT leans toward the resources and processes focus and Val IT leans toward the BV focus.

HAMIDOVICH Ar TICLe

13. In most jurisdictions and organizations, digital evidence is governed by three fundamental principles: relevance, reliability and confidentiality, and all three are important for the digital evidence to be admissible in a court of law, as stated in ISO/IEC 13403789.

14. Code of Practice for the Implementation of BS 10008 is structured according to a set of five principles of good practice, including understanding the legal issues and executing duty-of-care responsibilities.

eSPIn Ar TICLe

15. A hash is the result of processing a block of data, such as a password, through a procedure or algorithm that returns a fixed number of characters.

16. To address the risk of inappropriate access to the SAP systems, consideration should be given to identifying and securing sensitive data and performing a comprehensive SAP security assessment.