INMT final exam Questions and
Answers Fully Solved
Governance, Risk and Compliance - answerG- internal, CIO, IT (business issue)
R- what can go wrong
C- external, government rules, laws and regulations
compliance- FERPA - answerprotects educational records
compliance- HIPAA - answerprotects medical records and what you discuss (doesn't
protect that you WENT to the dr)
compliance- J SOX - answerall public companies have to be audited (IT CONTROLS
MUST BE AUDITED TOO)
compliance- PCI DSS - answerchip encrypts the data in the company database (except
if you swipe)
compliance- GDPR - answerEUROPEAN can't keep data unless they are using it to run
their business (right to be forgotten form)
USA they can use ur data
California consumer privacy act - answerin California you can complete a form to not
use your data
risk - answermeasure of potential for loss or damage when a threat exploits a
vulnerability HAS TO HAVE A MEASUREABLE LOSS TO BE A RISK
internal and external
where do professionals find guidance about governing IT (including staying compliant
and managing risks) - answerrefer to standards, frameworks, and compliance guidance
controls - answerprevent risks from happening
standards - answervery specific certification (ISO 12312-2)
framework - answergeneral guidance- best practices for industry
vulernability - answera weakness or flaw that can be explotied in an information system
, lack of user knowledge, new system
threat - answerare entities that can pose a threat. an event or condition
risk = - answerthreat * vulnerability
IT application controls:
1- input controls
2- processing controls
3-output controls - answer1. complete, accurate and valid data entered
2. accomplishes correct task
3. results meet expectations
4. data are maintained
input controls in excel - answerput in only so many controls of data
test authorization - answerof a user (application and IT level)
source documents/data entry form - answerturnaround document- remittance advice to
keep up to date
batch totals - answerhash total- sum of non financial data
error reporting and error handling - answerhandling- error when you input data wrong
processing controls - answerensure the reliability of application program processing,
including
• the completeness and accuracy of accumulated data
• that data in a file/database remain complete and accurate until changed as a result of
authorized processing or modification routines.
placement of logic - answer-during creation of database
-using procedures leased from others
-code into the application logic
controls - answerput in front of risk- mitigate the risks
objectives of controls - answer-accuracy
-authentication (are you say who you are) BIGGEST OBJ
-authorization (allowed to do after you authenticate), -availability
-completeness
-compliance
- confidentiality (you should be the only person with access)
-privacy (keep it internal, no people on the outside)
-efficiency
Answers Fully Solved
Governance, Risk and Compliance - answerG- internal, CIO, IT (business issue)
R- what can go wrong
C- external, government rules, laws and regulations
compliance- FERPA - answerprotects educational records
compliance- HIPAA - answerprotects medical records and what you discuss (doesn't
protect that you WENT to the dr)
compliance- J SOX - answerall public companies have to be audited (IT CONTROLS
MUST BE AUDITED TOO)
compliance- PCI DSS - answerchip encrypts the data in the company database (except
if you swipe)
compliance- GDPR - answerEUROPEAN can't keep data unless they are using it to run
their business (right to be forgotten form)
USA they can use ur data
California consumer privacy act - answerin California you can complete a form to not
use your data
risk - answermeasure of potential for loss or damage when a threat exploits a
vulnerability HAS TO HAVE A MEASUREABLE LOSS TO BE A RISK
internal and external
where do professionals find guidance about governing IT (including staying compliant
and managing risks) - answerrefer to standards, frameworks, and compliance guidance
controls - answerprevent risks from happening
standards - answervery specific certification (ISO 12312-2)
framework - answergeneral guidance- best practices for industry
vulernability - answera weakness or flaw that can be explotied in an information system
, lack of user knowledge, new system
threat - answerare entities that can pose a threat. an event or condition
risk = - answerthreat * vulnerability
IT application controls:
1- input controls
2- processing controls
3-output controls - answer1. complete, accurate and valid data entered
2. accomplishes correct task
3. results meet expectations
4. data are maintained
input controls in excel - answerput in only so many controls of data
test authorization - answerof a user (application and IT level)
source documents/data entry form - answerturnaround document- remittance advice to
keep up to date
batch totals - answerhash total- sum of non financial data
error reporting and error handling - answerhandling- error when you input data wrong
processing controls - answerensure the reliability of application program processing,
including
• the completeness and accuracy of accumulated data
• that data in a file/database remain complete and accurate until changed as a result of
authorized processing or modification routines.
placement of logic - answer-during creation of database
-using procedures leased from others
-code into the application logic
controls - answerput in front of risk- mitigate the risks
objectives of controls - answer-accuracy
-authentication (are you say who you are) BIGGEST OBJ
-authorization (allowed to do after you authenticate), -availability
-completeness
-compliance
- confidentiality (you should be the only person with access)
-privacy (keep it internal, no people on the outside)
-efficiency
