ACCT 307 CH14 EXAM QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS
What are enterprise controls?
Enterprise controls that affect the entire organization and influence the effectiveness of
other controls.
Which standard provides the enterprise controls framework?
Auditing Standard 5 (AS5)
What do we mean when we say that an organization has an "integrated security
policy"?
Merge physical and logical security across an organization.
What are general controls?
General controls protect the IT infrastructure, major components of the IT systems, and
data.
Control activities for "access to computer files"
Involves controlling logical access to data and software.
Control activities for "personnel policies"
Separation of duties.
It is critically important to separate the programming function from the operations
function.
All new programs or modifications to programs must be properly authorized and
thoroughly tested before their usage.
, Control activities for "disaster recovery"
Describes procedures to be followed in an emergency, the rule of each member of the
team and assignment of responsibilities.
Designation of a recovery site
Hot site: a location that includes a computer system configured similarly to the system
used at the main data processing center.
Flying-start site: capable of assuming full data processing operations with in seconds or
minutes.
Cold site: a location where power and space are available to install processing
equipment on short notice.
Control activities for "fault tolerant system"
Designed to tolerate computer errors and keep functioning.
Systems can be made fault-tolerant with "consensus-based protocols" and "Watchdog
processor"
Disks can be made fault-tolerant by a process called "disk mirroring"
Control activities for "Backup"
COMPLETE SOLUTIONS
What are enterprise controls?
Enterprise controls that affect the entire organization and influence the effectiveness of
other controls.
Which standard provides the enterprise controls framework?
Auditing Standard 5 (AS5)
What do we mean when we say that an organization has an "integrated security
policy"?
Merge physical and logical security across an organization.
What are general controls?
General controls protect the IT infrastructure, major components of the IT systems, and
data.
Control activities for "access to computer files"
Involves controlling logical access to data and software.
Control activities for "personnel policies"
Separation of duties.
It is critically important to separate the programming function from the operations
function.
All new programs or modifications to programs must be properly authorized and
thoroughly tested before their usage.
, Control activities for "disaster recovery"
Describes procedures to be followed in an emergency, the rule of each member of the
team and assignment of responsibilities.
Designation of a recovery site
Hot site: a location that includes a computer system configured similarly to the system
used at the main data processing center.
Flying-start site: capable of assuming full data processing operations with in seconds or
minutes.
Cold site: a location where power and space are available to install processing
equipment on short notice.
Control activities for "fault tolerant system"
Designed to tolerate computer errors and keep functioning.
Systems can be made fault-tolerant with "consensus-based protocols" and "Watchdog
processor"
Disks can be made fault-tolerant by a process called "disk mirroring"
Control activities for "Backup"
