Skip to content

Quiz: The Role of IS in Organizations

Test your understanding of how IS earns its seat at the strategy table through alignment, governance, and the people who run it.

1. What does "strategic alignment" mean in an IS context?

  1. Ensuring all IS staff are seated near the executives during meetings
  2. Ensuring every meaningful IS investment visibly serves the organization's competitive strategy
  3. Aligning servers and networks for maximum throughput
  4. Picking the same software vendor as the company's largest competitor
Show Answer

The correct answer is B. Strategic alignment is the discipline of ensuring that IS investments — projects, systems, vendor contracts — serve the organization's strategy. It is one of the most heavily studied predictors of IS effectiveness. The other options confuse alignment with seating, hardware tuning, or competitor mimicry, none of which describe the strategic alignment concept.

Concept Tested: Strategic Alignment

2. Porter's value chain divides organizational activities into which two layers?

  1. Internal activities and external activities
  2. Manual activities and automated activities
  3. Primary activities and support activities
  4. Strategic activities and tactical activities
Show Answer

The correct answer is C. Porter's value chain separates primary activities (those that touch the product directly: inbound logistics, operations, outbound logistics, marketing/sales, service) from support activities (firm infrastructure, HR management, technology development, procurement). Information systems show up in every link of both layers, which is why the value chain is a useful map for prioritizing IS investments.

Concept Tested: Value Chain

3. Which of the following is one of Porter's Five Forces?

  1. Threat of new entrants
  2. Cost of cloud computing
  3. Speed of regulatory change
  4. Quality of executive leadership
Show Answer

The correct answer is A. Porter's Five Forces are: threat of new entrants, bargaining power of suppliers, bargaining power of buyers, threat of substitutes, and rivalry among existing competitors. The other options are real factors that affect organizations, but they are not part of Porter's framework. Each of the five forces has an information-systems angle, since IS is increasingly the medium through which competitive position is built and defended.

Concept Tested: Porter Five Forces

4. A "business capability" is best described as:

  1. A specific software product the organization owns
  2. The number of years an employee has worked at the company
  3. The maximum throughput of the data center
  4. What the organization is able to do, expressed independently of how it does it
Show Answer

The correct answer is D. A business capability describes what an organization can do — for example, "detect fraud" or "onboard a customer" — independent of which technology, process, or team currently delivers it. This abstraction allows leadership to evaluate, compare, and invest in capabilities without immediately arguing about specific products. Capabilities performed better than competitors are sources of advantage; those performed worse are liabilities.

Concept Tested: Business Capability

5. COBIT and ITIL are best described as:

  1. Two competing programming languages for IS work
  2. Complementary frameworks: COBIT for governance and ITIL for service management
  3. Cloud platforms commonly used in regulated industries
  4. Regulatory laws that all U.S. companies must follow
Show Answer

The correct answer is B. COBIT (published by ISACA) defines what good IT governance looks like in concrete, auditable terms, while ITIL (in its fourth edition) defines practices for delivering and supporting IT services. They coexist comfortably — COBIT operates at the steering-committee level, ITIL at the help-desk and operations level. Neither is a programming language, cloud platform, or law.

Concept Tested: COBIT Framework

6. In ITIL, which statement correctly distinguishes an "incident" from a "problem"?

  1. An incident is a security event; a problem is a performance event
  2. An incident is something going wrong now; a problem is the underlying cause of recurring incidents
  3. An incident affects one user; a problem affects many users
  4. An incident is logged in the help desk; a problem is logged in the change-management system
Show Answer

The correct answer is B. Incident management restores service quickly when something is broken right now (the email server is down). Problem management investigates the underlying cause to prevent recurrence (why does the email server crash every Tuesday?). Confusing the two is a common pathology — firefighting feels productive while root-cause work feels slow, so problems quietly compound.

Concept Tested: ITIL Framework

7. Which executive owns the organization's overall information systems portfolio, alignment with business strategy, and the major IS vendor relationships?

  1. CTO
  2. CDO
  3. CISO
  4. CIO
Show Answer

The correct answer is D. The Chief Information Officer (CIO) is responsible for the overall IS portfolio, strategic alignment, IS budget, major vendor relationships, and ultimately the success or failure of large IS initiatives. The CTO typically owns technology platforms or product engineering, the CDO owns data and increasingly AI strategy, and the CISO owns information security and risk posture.

Concept Tested: CIO Role

8. Highly regulated organizations sometimes have the CISO report independently to the CEO or audit committee rather than to the CIO. What is the systems-thinking justification for this structural choice?

  1. It saves money on the security budget
  2. It ensures the CISO has access to a corner office
  3. It avoids a conflict of interest where the same leader is asked to ship features fast and certify them as safe
  4. It reduces the number of executives required at strategy meetings
Show Answer

The correct answer is C. When the same person owns "ship the system" and "verify the system is safe," the verification function loses every argument with the shipping function. Splitting the reporting line is a separation-of-duties fix — a structural defense against a predictable failure mode. The other options are unrelated to the governance rationale that drives this org-design choice.

Concept Tested: CISO Role

9. Which professional role is formally accountable for the quality, definitions, and stewardship of data within a specific business domain (such as customers or products)?

  1. Data Steward
  2. Enterprise Architect
  3. Business Analyst
  4. Database Administrator
Show Answer

The correct answer is A. A data steward is a domain expert formally accountable for the quality, meaning, and stewardship of the data in their domain. They answer questions like "What exactly is a 'customer' for purposes of this report?" Enterprise architects own the systems landscape, business analysts translate between users and systems, and DBAs run the physical databases — but none of them owns the meaning of the data the way a data steward does.

Concept Tested: Data Steward Role

10. An IS team is asked to deploy a recommender system that improves average performance but produces measurably worse outcomes for one demographic group. From the chapter's perspective, this is best framed as:

  1. A simple bug to be patched in the next release
  2. An ethical tradeoff between accuracy and fairness that must be made explicit
  3. A vendor-management problem
  4. A pure marketing decision unrelated to IS responsibility
Show Answer

The correct answer is B. The chapter identifies "accuracy versus fairness" as a recurring ethical tripwire: a model that is most accurate on average can be measurably less accurate for some groups, and the tradeoff has to be made explicit rather than papered over. IS ethics happens in murky middle cases like this, not at obvious edges. Treating it as just a bug, a vendor issue, or a marketing concern dodges professional responsibility.

Concept Tested: IS Ethics