Free CPA ISC (Information Systems & Controls) Information Systems and Data Management Practice Questions
Information systems and data management on the CPA ISC discipline exam cover IT governance frameworks (COBIT), database management concepts, data analytics, cloud computing models, and enterprise resource planning (ERP) systems.
Sample Questions
Question 1
Easy
Which of the following BEST describes metadata in the context of data governance?
Solution
A is correct.
Metadata is data about data. It includes information such as data definitions (what each field means), data types and formats, source system origins, transformation rules applied during ETL, data lineage (how data flows and changes through systems), and ownership information. Metadata is foundational to data governance because it enables users to find, understand, trust, and properly use the organization's data assets.
Metadata is data about data. It includes information such as data definitions (what each field means), data types and formats, source system origins, transformation rules applied during ETL, data lineage (how data flows and changes through systems), and ownership information. Metadata is foundational to data governance because it enables users to find, understand, trust, and properly use the organization's data assets.
Question 2
Medium
An internal audit team discovers that a programmer who developed several critical financial reporting modules also has the ability to promote code changes directly to the production environment. Which IT general control deficiency does this represent?
Solution
C is correct.
This is a segregation of duties violation within change management controls. A fundamental principle of IT general controls is that the person who develops or modifies code should not be the same person who promotes that code to production. This separation prevents a developer from introducing unauthorized or malicious changes without independent review and approval. When one person can both write and deploy code, the risk of unauthorized changes to financial reporting systems increases significantly.
This is a segregation of duties violation within change management controls. A fundamental principle of IT general controls is that the person who develops or modifies code should not be the same person who promotes that code to production. This separation prevents a developer from introducing unauthorized or malicious changes without independent review and approval. When one person can both write and deploy code, the risk of unauthorized changes to financial reporting systems increases significantly.
Question 3
Hard
A company is migrating its on-premises data warehouse to a cloud-based solution. The data warehouse contains 10 years of financial transaction data subject to SOX compliance requirements. The ETL (Extract, Transform, Load) processes must be redesigned for the cloud environment. Which combination of controls is MOST critical to ensure data integrity and regulatory compliance during and after this migration?
Solution
B is correct.
A data warehouse migration involving SOX-regulated financial data requires multiple layers of controls: (1) reconciliation controls (record counts, hash values, control totals) at each migration stage verify that no data is lost, added, or altered during transfer; (2) parallel-run testing confirms that redesigned ETL processes produce the same results as legacy processes, ensuring that transformation logic is faithfully replicated; (3) a complete audit trail documents the migration process, supporting SOX compliance documentation; (4) access control validation ensures the cloud environment maintains the segregation of duties and access restrictions required under SOX.
A data warehouse migration involving SOX-regulated financial data requires multiple layers of controls: (1) reconciliation controls (record counts, hash values, control totals) at each migration stage verify that no data is lost, added, or altered during transfer; (2) parallel-run testing confirms that redesigned ETL processes produce the same results as legacy processes, ensuring that transformation logic is faithfully replicated; (3) a complete audit trail documents the migration process, supporting SOX compliance documentation; (4) access control validation ensures the cloud environment maintains the segregation of duties and access restrictions required under SOX.