Accounting Information Systems Pre-Assessment
What is an inherent risk? a) a risk that a company cannot anticipate b) a risk that remains after internal controls are installed c) a risk that a company has successfully avoided d) a risk that exists before internal controls are installed
D
What is the formula to calculate expected loss? a) risk x cost b) risk x likelihood c) impact x cost d) impact x likelihood
D
How can information sharing between customers and suppliers contribute to information system failures? a) customers and suppliers having access to each other's systems and data can lead to breaches in confidentiality b) accessing another company's system requires external access points, which are more vulnerable to attack than internal access points c) information sharing creates software compatibility issues, reducing the ability to implement security measures d) distributed computer networks between customers and suppliers rely on internet connections, which are difficult to secure
A
How does an audit trail work in an accounting information system? a) by capturing a transaction's path through the data processing system b) by reviewing the chart of accounts c) by recording large numbers of reoccurring transactions for a specific category d) by organizing data in the data storage process
A
What does an attacker do when scanning and mapping a target information system? a) identifies computers that can be remotely accessed b) researches software vulnerabilities c) conducts initial reconnaissance d) executes the attack on the information system
A
What is a benefit of a well-designed computer input screen? a) it reduces data entry errors and omissions b) it results in well-designed data outputs c) it ensures that data is in compatible formats d) it makes program modules easy to read
A
What is one purpose of COBIT framework? a) to provide assurance that data produced by an information system is reliable b) to provide structure to define smart business practices c) to provide a wide range of controls for a company's business d) to provide management with the tools necessary to create efficient data processes
A
Which action is a function of an enterprise resource planning system? a) integrating a company's business processes with a traditional accounting information system b) eliminating the need to create interfaces between the accounting system and other systems c) providing flexible software that is quickly and inexpensively adaptable to existing company processes d) creating multiple databases so that data processing and storage can be distributed among them
A
Which action is an example of social engineering technique? a) calling a newly hired assistant and pretending to be an employee who needs help obtaining files b) creating "back doors" to obtain access in case the initial method of entry is blocked c) identifying company computers that can be remotely accessed d) finding and exploiting vulnerabilities in the software the company is running
A
Which preventive control is designed to stop an attacker from installing a hardware-based keystroke logging device on a computer? a) a physical access control b) a user access control c) a vulnerability scanner d) a network access control
A
Which task do information system auditors perform when they audit transaction processing? a) testing the accuracy of data edit routines b) testing the disposition of source data input c) discussing programming procedures with users d) checking for unauthorized use of programa
A
Which tool is an example of a preventive information security control? a) network access passwords b) analysis of network system logs c) security testing of network systems d) patch management procedures
A
Why is data in an Internet-based system sometimes not protected as well as data in a centralized computer system? a) companies believe that Internet-based providers deliver equivalent security for the data in their systems b) companies fail to completely understand the control and protection implications of moving to an internet-based system c) companies think that data in an internet-based system is less vulnerable because the data is stored in multiple locations d) companies believe that internet-based systems have a higher reliability history than centralized computer systems
A
What are two traits of useful information? a) accessibility b) reliability c) measurability d) quantifiability
A & B
When employees start working at a company, they are given a formal job description and a policy and procedures manual. The manual includes the company's vision statement and code of conduct and explains the expected business practices and procedures used at the company. The job description and manual communicate components of this company's internal environment. Which components do they communicate? a) methods of assigning authority and responsibility b) banking relationship with the local credit union c) commitment to integrity, ethical values, and compliance d) shipping policy for international shipments
A C
Which two security controls detect intrusions? a) log analysis b) user access controls c) patch management d) security testing
A D
Which two tools are project development and acquisition controls? a) a strategic master plan b) an information systems library c) a data control group d) system performance measurements
A D
Match each description to its corresponding framework. a) It uses a three-dimensional model b) it contains only five components c) it consolidates control standards from 36 sources into a single framework 1) COSO's enterprise risk management framework 2) COSO's internal control framework 3) COBIT framework
A) 1 B) 2 C) 3
What are advantages of purchasing or renting an accounting information system? a) the company can test-drive the system b) software upgrades are automated c) the company avoids spending time planning d) it is easy to customize the system
A, B
Which two methods improve the accuracy and completeness of data that is entered into an accounting information system (AIS)? a) using pull-down menus on the data input screen b) using preprinted vendor forms to enter order quantities c) using manually prepared source documents d) using point-of-sale scanners to capture machine-readable data
A, D
A company has a policy that all purchase orders $100,000 or greater be approved by the controller prior to being entered into the accounting system. Which category does this control procedure relate to? a) independent checks on performance b) proper authorization of transactions and activities c) commitment to integrity, ethical values, and competence d) change management controls
B
A database contains data that can be used by many authorized users. Which benefit of a database does this example describe? a) data independence b) data sharing c) cross-functional analysis d) minimal data redundancy
B
A patio furniture store uses its accounting information system to allow salespeople to check the inventory level of an item at the main warehouse. How does this functionality add value to the patio furniture store? a) by improving the quality of products b) by improving knowledge sharing c) by improving the internal control structure d) by improving strategic planning
B
How can an accounting information system be used for the value chain activity of operations? a) by providing accounting, legal, and general administrative functions b) by transforming inputs into final products or services c) by receiving, storing, and distributing materials used to create products d) by distributing finished products or services to customers
B
How is cross-functional analysis a database benefit? a) it allows multiple authorized users simultaneously to research a problem and obtain information b) it allows data relationships to be defined so that management reports can be easily prepared c) it allows data and programs to be independent so that one can be changed without changing the other d) it allows a data item to be stored only once, reducing the incidence of inconsistent data
B
What is the function of a corrective control? a) to ensure that an organization's information system is secure b) remedy problems after they occur in an information system c) to identify problems after the data enters an information system d) to prevent problems before they arise in an information system
B
What is the purpose of information rights management software? a) it helps recover a system from a security breach b) it controls access to sensitive data c) it tests security controls d) it analyzes system logs for potential intrusions
B
Which action improves data accuracy during the data input process? a) capturing system-generated sequence codes b) using pre-numbered source data c) beginning an audit trail d) using coding techniques
B
Which step does an attacker perform when conducting research for the purpose of penetrating an information system? a) attempts to trick someone into granting the attacker access to the system b) finds out the vulnerabilities of the software that the company is using c) plants a trojan horse program that enables the attacker to access the system d) sends a spear phishing e-mail to someone who works at the company
B
Which step in the data processing cycle relies on coding techniques, such as sequence codes and block codes, to organize data in ledgers? a) data input b) data storing c) data processing d) information output
B
Which task is part of the selecting and training personnel step of implementing an accounting information system? a) determining installation steps and expected completion dates b) experimenting with the new system in a controlled environment c) performing a step-by-step review of procedures and program logic d) processing test data to see whether the system performs as designed
B
Which tool shows the flow of bills of lading and packing slips between the shipping department and the accounts receivable department? a) a data flow diagram b) a document flowchart c) a system flowchart d) a program flowchart
B
Which type of accounting information system output is a gross margin analysis by product line? a) a document b) a report c) a query d) an invoice
B
Who designs and implements procedures that prevent attackers from penetrating a company's accounting information system? a) the internal audit team b) the chief information security officer c) the chief operating officer d) the computer incident response team
B
Which types of functions do internal controls provide? a) pervasive b) detective c) corrective d) subjective
B C
Which issues do information system auditors look for when they audit security provisions? a) correct reconciliation of batch totals b) proper procedures for assigning user IDs c) efficient program development d) effective use of data encryption
B D
Which recommendations are included in a post-implementation review report? a) improvements to the physical design b) improvements to the new system c) improvements to processing flows d) improvements to the development process
B D
Which two activities occur during the accounts receivable file updating process? a) creating a record for a new customer b) adding a transaction amount to a customer's account balance c) comparing the customer's new balance to the customer's credit limit d) deleting a record for an inactive customer
B, C
In which two ways does an accounting information system (AIS) safeguard assets? a) by preventing employees from using company devices to access the Internet b) by requiring a correct password to be entered to access the company network c) by restricting access to paper files, network servers, and other physical assets d) by providing tools to alert managers when an unauthorized user attempts to use the assets
B, D
Which guidelines result in a better coding system for storing data in an accounting information system (AIS)? a) the coding system should be created by non-accounting personnel b) the coding system should be consistent with the company's organizational structure c) the coding system should be created to conform to external reporting requirements d) the coding system should take into consideration expected company growth
B, D
Which three actions are part of the revenue cycle? a) requesting raw material be purchased b) receiving and answering customer inquiries c) recruiting sales order staff d) approving credit sales of finished goods e) initiating back orders for finished goods that are out of stock f) updating accounts payable
B, D, E
A company has a procedure that installs updates to all of its security programs and operating systems on a monthly basis. Which type of corrective control does this scenario describe? a) intrusion detection system b) physical access restriction c) patch management d) cloud computing
C
What are cost-effective controls? a) controls that offer a risk reduction benefit without regard for costs b) controls that provide a variable risk reduction benefit at a low cost c) controls that offer a higher risk reduction benefit than the control costs d) controls that are implemented to determine at a moderate cost
C
What is the difference between a conceptual-level schema and an internal-level schema? a) a conceptual-level schema demonstrates how an individual understands and or organizes data, and an internal-level schema is a group of subschemas b) a conceptual-level schema is an individual's user's view of the database, and an internal-level schema is how data is physically arranged in the database c) a conceptual-level schema is a high-level view of the entire database, and an internal-level schema is a low-level, more detailed view of the database d) a conceptual-level schema contains field security constraints, and an internal-level schema contains information about the structure of the database
C
What is the difference between a primary key and a foreign key in a database? a) a primary key lists authorized users of a table, whereas a foreign key indicates data stored in a logical view b) a primary key identifies which row in a table is most important, whereas a foreign key is a substitute name for the field c) a primary key uniquely identifies a specific row in a table, whereas a foreign key is a primary key in another table and is used to link the two tables d) a primary key specifies the first row of a table, whereas a foreign key indicates the end of the table
C
Which tool is used to identify system vulnerabilities? a) network access controls b) employee training c) security testing d) patch management
C
Which tool is useful when analyzing internal control procedures? a) data flow diagram b) program flowchart c) document flowchart d) system flowchart
C
Why is system documentation created? a) to help the company decide which system to build b) to help the system function correctly after it is developed c) to help during transitions of information technology employees d) to help met system hardware and software requirements
C
Which two tasks are part of the process of auditing computer-based information systems? a) producing financial statements for shareholders b) performing analytical reviews for management c) evaluating evidence in a systematic manner d) providing recommendations for improvement
C D
Which events are part of the revenue cycle? a) hiring employees, preparing payroll, and paying taxes b) purchasing raw materials, manufacturing products, and storing finished products c) forecasting cash needs, borrowing money from lenders, and selling stock to investors d) taking orders from customers, shipping finished goods, and depositing payments in the bank
D
Businesses must pay a variety of taxes. Match each item of information to the type of tax that requires it. Answer options may be used more than once or not at all. a) point-of-purchase rate tables b) total wage expense c) total sales 1) sales tax 2) payroll tax
a) 1 b) 2 c) 1
Match each function of an accounting information system with the type of improvement it provides. a) a function that informs a supervisor when manufacturing production performance falls below standards b) a function that checks payroll entries for mistakes that would cause overpayment or underpayment of employees c) a function that provides up-to-the-minute information about inventory items that are low in stock 1) improves the effectiveness of the supply chain 2) improves the internal control structure 3) improves the quality and reduces the costs of products of services
a) 1 b) 2 c) 3
What is the first step in the data processing cycle? a) data input b) data processing c) data storage d) information output
data input