Question

Which of the following statements is true regarding internal control objective of information systems?

a. primary responsibility of viable internal control rests with the internal audit division
b. a secure system may have inherent risks due to management's analysis of trade-offs identified by cost-benefit studies
c. control objectives primarily emphasis output distribution issues
d. an entity's corporate culture is irrelevant to the objectives

Answer 1

The statement acknowledging that (b) a secure information system may still contain inherent risks due to management's cost-benefit analysis trade-offs is true. Internal controls must weigh security against reasonableness of costs, and corporate culture is significant in enforcing these controls.

Step-by-step explanation:

This acknowledges that while security is crucial, there are always inherent risks in any system; these are sometimes accepted because the cost of mitigating these risks may outweigh the benefits.

The effectiveness of internal control systems involves evaluating these trade-offs to achieve the most secure system within reasonable costs. A strong internal control framework addresses a broad range of objectives beyond just output distribution issues, and corporate culture plays a significant role in how those objectives are implemented and enforced.