8. From a control perspective, the key element in job descriptions is that they:A.provide instructions on how to do the job and define authority. B.are current, documented and readily available to the employee. C.communicate management's specific job performance expectations. D.establish responsibility and accountability for the employee's actions. You answered B. The correct answer is D. - Please provide additional clarification From a control perspective, a job description should establish responsibility and accountability. This will aid in ensuring that users are given system access in accordance with their defined job responsibilities. The other choices are not directly related to controls. Providing instructions on how to do the job and defining authority addresses the managerial and procedural aspects of the job. It is important that job descriptions are current, documented and readily available to the employee, but this in itself is not a control. Communication of management's specific expectations for job performance outlines the standard of performance and would not necessarily include controls Jay: Purpose of control is to mitigate risk. D is the only answer that mitigates risk. Rest are for value delivery.
9 9 9. To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:You answered B. The correct answer is C. - Please refresh us on the BSC vs the BIAAn IT BSC provides the bridge between IT objectives and business objectives by supplementing the traditional financial evaluation with measures to evaluate customer satisfaction, internal processes and the ability to innovate. CSA, BIA and BPR are insufficient to align IT with organizational objectives. Jay: BIA is to determine critical business processes from BC perspective. Purpose of BSC is to determine if IT is delivering value to business. Prerequisite of value delivery is IT alignment with business. Hence, BSC is the correct answer.
10 10 10. Which of the following goals would you expect to find in an organization's strategic plan?You answered B. The correct answer is D. - Please provide additional clarification. Strategic planning sets corporate or departmental objectives into motion. Comprehensive planning helps ensure an effective and efficient organization. Strategic planning is time- and project-oriented, but also must address and help determine priorities to meet business needs. Long- and short-range plans should be consistent with the organization's broader plans for attaining their goals. Choice D represents a business objective that is intended to focus the overall direction of the business and would thus be a part of the organization's strategic plan. The