QUESTION 8 To what degree should ITprofessionals consider points regulatory acts

Question

QUESTION 8 To what degree should ITprofessionals consider points regulatory acts such as HTECH HPAA and sorbanes odey when deveropngsystemst a. They should be ignored because it is the job of the legal department to worry about complance after the system has gone live. b. They should be considered althroughout the systems development process because they have alarge mpact on how business processes are performed. c. They should be considered near the end of the systems development process, because at the beginning there are many more considerations that require attention. d. They should be ignored because IT professionals only need to womy about intemal compliance standards, not external ones. 4 points Save Answer QUESTION 9 Knowledge Management includes which of the following? a Capturing Knowledge b. Developing Knowledge O c. Using Knowledge Effectively O d. All of the above

Explanation / Answer

QUESTION 8

ANSWER-B

EXPLANATON-

Information technology has become a core enabler of business processes within the organizations today. As a result, companies are required to audit and validate their relevant IT systems to ensure that their business processes and underlying records comply with regulations such as the Sarbanes-Oxley Act of 2002 or Healthcare Insurance Portability and Accountability Act (HIPAA) or 21 CFR Part 11 (FDA).

The Sarbanes-Oxley takes corporate governance, disclosure and financial accounting to new heights. The crux of the legislation - aimed squarely at public companies - centers on ensuring the accuracy, consistency, transparency, and timeliness of financial results and disclosures. Establishing and maintaining an adequate internal control structure and procedures for financial reporting is at the core of compliance with section 404 of Sarbanes-Oxley Act. However, there is a strong linkage between the enhanced internal controls that the act demands and the information systems that manage data, implement workflows, and automate business processes. In fact, the accuracy and timeliness of financial reporting is heavily dependent on a well-controlled IT environment. PCAOB Auditing Standard No. 2 discusses the importance of IT in the context of internal control. In particular, it states: “The nature and characteristics of a company’s use of information technology in its information system affect the company’s internal control over financial reporting."

Many companies are using the COSO framework for internal controls - where the importance of IT controls is embedded in the framework. These companies are then applying the C OBIT model ofIT Governance to ensure that the right level of IT controls are implemented (see figure 1). Compliance with Sarbanes-Oxley Act requires that financial systems used in the preparation of required financial statements be controlled and validated to prove the accuracy and timeliness of certain financial data.

HIPAA (Healthcare Insurance Portability and Accountability Act, passed in 1996) presents the health care industry with extensive regulations that significantly impact the technical and operational aspects of health care information systems and embedded health care systems. It includes standards for electronic exchange of administrative and financial healthcare transactions between health care providers and insurance providers and includes privacy rules to protect the confidentiality and security of health data being transmitted. Companies have rushed to make appropriate changes to their software to comply with the regulation. However, the challenge now is to ensure that the systems infrastructure continues to be validated on an ongoing basis to stay compliant with the HIPAA requirements.

IT system validation is the process of verifying all the system functions in writing and ensuring that the performance of those functions meets system specifications and data integrity. To successfully manage compliance, each regulated system must be proven to operate in accordance with its intended use and design, and in certain organizations such as those regulated by FDA, all documentation supporting that evidence must be in a form acceptable to the regulatory body upon audit.

QUESTION 9

ANSWER - D

EXPLANATION-

Knowledge management (KM) is the process of creating, sharing, using and managing the knowledge and information of an organisation.[1] It refers to a multidisciplinary approach to achieving organisational objectives by making the best use of knowledge.[2]

An established discipline since 1991, KM includes courses taught in the fields of business administration, information systems, management, library, and information sciences.[3][4] Other fields may contribute to KM research, including information and media, computer science, public health and public policy.[5] Several universities offer dedicated master's degrees in knowledge management.

Many large companies, public institutions and non-profit organisations have resources dedicated to internal KM efforts, often as a part of their business strategy, IT, or human resource management departments.[6] Several consulting companies provide advice regarding KM to these organisations.[6]

Knowledge management efforts typically focus on organisational objectives such as improved performance, competitive advantage, innovation, the sharing of lessons learned, integration and continuous improvement of the organisation.[7] These efforts overlap with organisational learning and may be distinguished from that by a greater focus on the management of knowledge as a strategic asset and on encouraging the sharing of knowledge.[2][8] KM is an enabler of organisational learning.

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.