1. "The ‘monitor operations' activity in IT process 10 must be performed by an independent function such as a CPA or a security firm." Do you agree? Why or why not?
2. Your boss was heard to say, "If we implemented every control plan discussed in this chapter, we'd never get any work done around here." Do you agree? Why or why not?