Question

1) Which of the following components of IT contingency planning is most important?

a. Verification of systems routines

b. Security over the contingency site

c. Documentation of the plan

2) Which of the following is the best answer regarding differences between the COSO and ERM frameworks;

i) Monitoring

ii)Information

iii)Risk Response

iv) Strategical Objectives

v) Control Activities

Group of answer choices

a. i, iii, & v only

b. ii & v only

c. iii & iv only

d. i, ii & v only

d. Integration of the IT disaster recovery plans with the business plans.

3) Recommendations should be included in final audit communication to:

a. Provide management with options for addressing audit observations

b. Ensure that problems are resolved in the manner suggest by the auditor

c. Minimize the amount of time required to correct audit observations.

d. Guarantee that audit observations are addressed.

Answer 1

1) b. Security over the contingency site

A contingency plan is a course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen. A contingency plan is sometimes referred to as "Plan B," because it can be also used as an alternative for action if expected results fail to materialize. It is very important for the IT organisation to have security over their site if anything goes wrong in the organisation.

2)b. ii & v only

The following five elements help the fulfillment of the task, objectives and associated strategic priorities of a organization through an efficient internal management structure.

• Control Environment. Integrity and Ethical Values.
• Risk Assessment. Company-wide Objectives.
• Control Activities.
• Information and Communication.
• Monitoring.

3)d. Guarantee that audit observations are addressed.

The audit report recommendations outline steps that are intended to increase the efficiency of the company as carried out. An significant aspect of achieving the maximum value of an audit is the effective and prompt execution of audit recommendations decided to by management.