Deck 5: Corporate Governance and IT

Acquisition of the COBIT framework,including tools and templates,is relatively expensive,but the tools are considered a good investment.

IT-related initiatives are generally simple and straightforward.

One good approach to backing up data in case of a disaster is to have employees take backup copies of vital data home at the end of the work day.

Interest in corporate governance has grown due to recent accounting scandals resulting in bankruptcies at companies such as Arthur Andersen,Enron,Global Crossing,Tyco,and Worldcom.

Today IT is viewed simply as a support function that is separate and distinct from a business.

ITIL and COBIT are competing frameworks.

A key to the successful introduction and adoption of more effective internal controls is ensuring that managers understand why they need to care about improved internal controls.

COBIT is an internationally accepted standard for IT governance and control practices.

The primary people involved in corporate governance only include the board of directors and the CEO.

COBIT is a set of decades-old standards that are highly regarded by auditors because they provide specific guidelines and are completely independent of any computer hardware or software platforms.

Organizations are in a constant state of change,so the plan must be continually updated to account for changes.

The Plan-Do-Check-Act (PDCA)model is a tried and proven method that can be applied to general processes that have been identified for improvement.

For all AAA priority business functions,document all the resources needed to recover the business function within the recovery time objective: number of people,phones,files,desks,office space,faxes,computers,software,printers,and so on.

Enlightened organizations recognize that IT governance is not the responsibility of IT management but of executive management,including the board of directors.

Many organizations combine the use of PDCA and an ITIL governance framework to get excellent results in their process improvement projects.

An organization's executives are the only ones responsible for governance.

The COBIT process known as "Effective Continuous Service" describes how to create an effective disaster recovery plan.

The ITIL or COBIT governance frameworks provide an excellent set of best practices for various IT-related processes.

One internal control might be that a company's purchasing department,accounts payable department,and IT systems not allowing the same person to authorize a major purchase and then approve its payment.

In the ____________________ step of the Plan-Do-Check-Act model,the change decided in the Plan step is implemented,often on a pilot or limited basis to assess the potential impact of the proposed change(s).

____________________ includes defining the decision-making process itself,as well as defining who makes the decisions,who is held accountable for results,and how the results of decisions are communicated,measured,and monitored.

An organization's executives and board of directors carry out governance through ____________________ that oversee critical areas such as audits,compensation,and acquisitions.

Floor ____________________ receive additional training in crowd control,first aid,CPR,operation of defibrillators,and helping handicapped workers evacuate.

Identify five issues that corporate governance addresses.

Discuss the responsibilities of floor wardens.

The business continuity plan needs to be ____________________ to ensure that it is effective and that people can execute it.

An effective business continuity plan can be developed only after an organization's unique ___________________ are identified.

Internal controls play a key role in preventing and detecting ____________________ and protecting the organization's resources.

____________________ procedures define the steps to be taken during a disaster and immediately following it.

A(n)____________________ is an unplanned interruption of normal business operations for an unacceptable period of time.

___________________ is the effort made by an ordinarily prudent or reasonable party to avoid harm to another party.Failure to make this effort may be considered negligence.

Section ____________________ of the Sarbanes-Oxley Act requires a signed statement by the CEO and CFO attesting that the information in any of their firm's SEC filings is accurate,with stiff penalties for false attestation.

List the specific features to consider for inclusion in the recovery of a AAA priority business function.

The time within which a business function must be recovered before an organization suffers serious damage is called the __________________ objective.

What does the team do in the Act step of the Plan-Do-Check-Act model?

A(n)___________________ plan is a subset of the business continuity plan,and focuses on keeping components of the IT infrastructure functioning during a disaster or recovering them quickly afterward.

Good ____________________ controls and management accountability must be embedded in the organization to avoid IT-related risks.

A(n)____________________ business function is critical to the operation of the firm and cannot be unavailable more than a few hours without causing severe problems.

Discuss several reasons why Harley-Davidson decided to convert to the COBIT control framework.