By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
The exam asks this topic to assess the learner's ability to identify and evaluate the effectiveness of IT controls, understand the differences between general and application controls, and apply professional judgment to mitigate IT-related risks.
ITGC is a critical component of an organization's internal control framework, ensuring the security, integrity, and reliability of IT systems and data. This topic is essential for CPAs to understand, as it directly impacts an organization's financial reporting and compliance with regulatory requirements.
Frequency: High Difficulty Rating: Intermediate Question Type or Real-World Task Type: Multiple-choice questions, case studies, and scenario-based questions
Intermediate
The most common trap is failing to recognize the importance of ITGC in mitigating operational risks and ensuring compliance with regulatory requirements.
What is the primary purpose of ITGC? a) To ensure financial reporting accuracy b) To mitigate operational risks c) To ensure IT system security d) To improve IT system efficiency
Correct Answer: b) To mitigate operational risks Explanation: ITGC is designed to mitigate operational risks associated with IT systems.
What is the difference between general controls and application controls? a) General controls are only relevant for financial systems b) Application controls are only relevant for IT systems c) General controls are broad controls that apply to all IT systems d) Application controls are specific controls that apply to individual IT systems
Correct Answer: c) General controls are broad controls that apply to all IT systems Explanation: General controls are broad controls that apply to all IT systems, while application controls are specific controls that apply to individual IT systems.
Describe the COBIT 2019 framework for IT governance and management. (Answer should include the framework's components, such as IT service management, IT security management, and IT risk management.)
An organization has identified a weakness in its ITGC procedures for password management. What steps should the organization take to address this weakness? (Answer should include steps such as assessing the risk, developing and implementing new procedures, and training IT staff.)
Compare ITGC with IT security controls. ITGC is a broader concept that encompasses all IT controls, including security controls. IT security controls are a specific subset of ITGC that focuses on ensuring the security of IT systems and data.
When assessing ITGC weaknesses and risks, use the following recognition trick: Look for areas where IT systems and data flows are not properly segregated or where access controls are weak.
An organization has implemented a new IT system for financial reporting. What ITGC procedures should the organization develop to ensure the security and integrity of the system? (Answer should include procedures such as access controls, data backup and recovery, and audit trails.)
An organization has implemented a cloud-based IT system for financial reporting. What ITGC procedures should the organization develop to ensure the security and integrity of the system? (Answer should include procedures such as access controls, data backup and recovery, and audit trails, as well as considerations specific to cloud-based systems, such as data sovereignty and vendor management.)
What is the COBIT 2019 framework for IT governance and management? a) A framework for IT service management b) A framework for IT security management c) A framework for IT risk management d) A framework for IT governance and management that includes IT service management, IT security management, and IT risk management
Correct Answer: d) A framework for IT governance and management that includes IT service management, IT security management, and IT risk management Explanation: COBIT 2019 is a comprehensive framework for IT governance and management that includes IT service management, IT security management, and IT risk management.
What is the primary benefit of implementing ITGC procedures for password management? a) Improved IT system security b) Enhanced IT system efficiency c) Reduced IT system downtime d) Improved IT system compliance with regulatory requirements
Correct Answer: d) Improved IT system compliance with regulatory requirements Explanation: ITGC procedures for password management are critical for ensuring compliance with regulatory requirements, such as SOX.
What is the most common trap when assessing ITGC weaknesses and risks? a) Failing to identify ITGC weaknesses and risks b) Not understanding the impact of ITGC on financial reporting c) Not documenting ITGC procedures and controls d) Not training IT staff on ITGC procedures and controls
Correct Answer: a) Failing to identify ITGC weaknesses and risks Explanation: The most common trap is failing to recognize the importance of ITGC in mitigating operational risks and ensuring compliance with regulatory requirements.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.