AIS Chapters 5,6 and 7 (12,13 and 14)
With respect to COBIT 5, which of the following is true:
COBIT 5 articulates a series of enablers that facilitate the achievement of organizational objectives.
to achieve appropriate, effective IT governance, senior managers of an organization will typically use which of the following:
COBIT and VAL IT
The database of an ERP system is best described as:
Centralized
The 2013 COSO Report identifies five components for an effective internal control system. These are:
Control procedures, risk assessment, control activities, information and communication, and monitoring
Those control procedures that are designed to remedy problems discovered through detective controls are called:
Corrective controls
The output from a company's ERP system displays graphs and charts depicting sales by different regions of the country is often called a:
Dashboard
A company's management is concerned about computer data eavesdropping and wants to maintain the confidentiality of its information as it is transmitted. The company should utilize:
Data encryption
According to PCAob standard no. 5, which of the following is an example of an entity level control?
Effectiveness of the board of directors
An effective control for maintaining the privacy of data stored on a large, networked server would be:
Encryption
Categories of application controls include all of the following except
Encryption
The acronym ERP stands for:
Enterprise resource planning
____ is defined as "the culture, capabilities, and practices, integrated with strategy and execution, that organizations rely on to manage risk in creating, preserving and realizing value."
Enterprise risk management
A ______ site is a disaster recovery site that includes a computer system similar to the one the company regularly uses, software, and up-t0-date data so the company can resume full data processing operations within seconds or minutes.
Flying start
If _____ controls are ineffective, this can cause ____ controls to be unreliable.
IT general, application
___ controls help ensure the validity, accuracy and completeness of data entered into an AIS.
Input
Which of the following is a distinguishing characteristic of an enterprise-wide (ERP) system?
Integration of business functions
This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization.
Internal control
Which of the following fundamental concepts is stressed by the 2013 COSO Report?
Internal control is a process
Which of the following is not a computer facility control?
Limit access to the data processing center to all employees of the company
A web page that uses graphs and other tools to visually display data from both an ERP system and from external sources is also called a:
Mashup
Mid-level accounting software:
May be purchased in modules that match various business processes
Which of the following is the best DRP choice if minimal downtime is the primary deciding factor?
Mirrored site
Which of the following accounting software programs would be appropriate for a small business (e.g., a sole proprietorship with 20 employees)?
NetSuite
An internal control system should consist of five components. Which of the following is not one of those five components?
Performance evaluation
Assume that a company designs and implements a control procedure whereby the accountant that is responsible for recording cash receipts transactions does not have access to the cash itself. This control procedure is an example of a:
Predictive Control
Which of the following is not one of the four objectives of an internal control system?
Promote firm profitability
Which of the following accounting software programs would be appropriate for a small business (e.g., a sole proprietorship with 20 employees)?
QuickBooks
The purpose of a/n __ edit check is to ensure that an input field does not exceed expected norms, i.e., someone doesn't enter more than 24 hours worked in a day.
Reasonableness
Separation of duties is an important control activity. If possible, managers should assign which of the following three functions to different employees?
Recording, authorizing, custody
All of the following are benefits of ERP systems except:
Reduced employee turnover
Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of:
Redundancy
The purpose of ________________ is to identify organizational risks, analyze their potential in terms of costs and likelihood of occurrence, and install those controls whose projected benefits outweigh their costs.
Risk assessment
Which of the following is not one of the five components of Enterprise Risk Management from the COSO 2017 report?
Risk response
A _____ is a comprehensive plan that helps protect the enterprise from internal and external threats.
Security policy
If the same employee is responsible for authorizing a business transaction and recording the transaction in the accounting records, this indicates a weakness in which element of a company's internal control system?
Separation of duties
Which one of the following would most compromise the use of backups as protection against loss or damage of master files?
Sorting of all files in one location
Within the context of accounting packages for small businesses, the term "scalability" refers to:
The ability of the system to grow with a business
Disaster recovery plans may not be of much use if:
They are not tested and revised when necessary
A ______ is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, hand-held devices.
VPN
In entering the billing address for a new client in Emil Company's computerized database, a clerk erroneously entered a nonexistent zip code. As a result, the first month's bill mailed to the new client was returned to Emil Company. Which one of the following would most likely have led to discovery of the error at the time of entry into Emil Company's Computerized database?
Validity test
Components of an ERP's architecture typically include:
a centralized database and application interfaces
Within the context of ERP systems, a mashup is:
a web page that can combine data from two or more external sources
In selecting a new AIS, a company's management should:
always consult with your accountant during the decision process
segregation of duties is a fundamental concept in an effective system of internal control. but, the internal auditor must be aware that this safeguard can be compromised through:
collusion among employees
Which of the following is a distinguishing characteristic of an enterprise-wide (ERP) system?
integration of business functions
This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization.
internet control
An organization will always need to upgrade to a new AIS if:
none of the above are necessarily reasons to buy new accounting software
which of these is not one of the 3 major types of controls?
objective
which one of the following forms of audit is most likely to involve a review of an entity's performance of specific activities in comparison to organizational specific objectives?
operational audit
an internal control system should consist of five components. which of the following is not one of those five components?
performance evaluation
which of the following is not one of the four objectives of an internal control system?
promote firm profitability
Low-end accounting software is increasingly complex and sophisticated. However, software costing only a few hundred dollars is not likely to:
provide all the info needed to optimize customer and supplier relationships
separation of duties is an important control activity. if possible, managers should assign which of the following three functions to different employees?
recording, authorizing, custody
which of the flowing is not one for he three additional components that was added in the 2004 COSO report?
risk assessment
which of the following would a manager mostly likely use to organize and evaluate corporate governance structure?
the 1992 COSO report
which of the following would a manager most likely use for risk assessment across the organization?
the 2004 COSO report
which management of the sales department has the opportunity to override the system of internal controls of the accounting department, a weakness exists in:
the control environment
Accounting and enterprise software can be expensive. Which of the following is likely to be the highest cost associated with a new AIS?
the cost of implementing and maintaining a new system
section 404 affirms that management is responsible for establishing and maintaining an adequate internal control structure. this section may be found in which of the following?
the sarbanes-oxley act of 2002
All of the following are examples of authenticating based on something you know except
token
COSO recommends that firms ______ to determine whether they should implement a specific control
use cost benefit analysis
Components of an ERP's architecture typically include:
A centralized database and application interfaces
Enterprise controls:
Affect many general and application controls
Which of the following is considered an integrated software system?
All of the Above (MRP I, MRP II, ERP)
Successful implementation of ERP systems typically involves:
All of the Above (Substantial Planning, Review of Business Processes, Support from Mgt.)
Which of the following reasons might explain why a small business owner would hire a CPA firm or a software consultant to help select accounting software?
All of the Above (train employees to use software, identify useful reports for decision making, help w/rescue efforts in event of disaster)
Organizations use _____ controls to prevent, detect, and correct errors and irregularities in transactions that are processed.
Application
___ controls prevent, detect, and correct errors and irregularities in processing transactions.
Application
A _____ identifies and inventories mission critical business processes and supporting information systems, as well as establishes timelines and priorities for resuming processing capabilities.
Business Impact Analysis