Here are the answers to the questions in Chapter 7:
Corporate governance can best be described as
A formal process of implementing controls across the system
A process that ensures that all risks have controls associated with them
The guiding principles and policies of the organization
The process for ensuring that all risks and accountabilities are managed within a business
The correct answer is D. Corporate governance can best be described in terms of responsibility and accountability for governing the actions and behavior of the corporation. Implementing controls (A) is only part of the business management process implied by corporate governance. Corporate governance may provide risk and control management (B), but that also is only part of the answer. Guiding principles and overall policy also is part of the overall management of risk and accountability process implied by corporate governance, but ensuring that all of these things are managed well best describes what corporate governance is all about.
When reviewing a corporate governance system, an IS auditor would be most concerned to find which of the following deficiencies in the process?
Gaps in the handing down of the authority necessary to carry out the responsibilities given to unit management
Lack of an enforcement and disciplinary process for ensuring that governance and direction is in effect
Unit level goals that do not tie directly to the overall mission ...