1-15 ais study guide questions
Which of the following can be used to detect whether confidential information has been disclosed? A digital watermark Information rights management (IRM) software Data loss prevention (DLP) software None of the above
A digital watermark
The Sarbanes Oxley Act is the most important business-oriented legislation in the past 80 years. Which of the following are elements of the Sarbanes Oxley Act? the establishment of the Public Company Accounting Oversight Board. the prohibition against auditors performing certain services for their audit clients such as bookkeeping and human resource functions. audit committee members must be independent of the audited company. All of the above. None of the above.
All of the above.
The credit approval process involves which of the following? Establishing a credit limit Investigating the credit history of the customer Verifying the customer order does not exceed an authorized limit All of the above.
All of the above.
Threats to system availability include: hardware and software failures. natural disasters. human error. All of the above.
All of the above.
What are the typical expenditure cycle functions? Verify the accuracy of vendor invoices Select the appropriate vendors from whom to order Decide if appropriate discounts have been taken Monitor cash flow needed to pay obligations All of the above.
All of the above.
Information can improve decision making in what way? It identifies situations requiring management action. It provides a basis for choosing among alternative actions. Provides valuable feedback that can be used to improve future decisions. All of the above.
All of the above
Steps to reduce the risk of inventory theft include: inventory is kept in a secure location, with limited physical access. all inventory transfers within the company are documented. inventory is released only upon approved sales orders. All of the above.
All of the above
The scope of the data revolution includes which of the following four V's of big data? Volume Veracity Variety Velocity All of the above
All of the above
To understand predictive analytics better, which of the following steps should be considered? Select a targeted outcome Find and prepare the appropriate data Create and validate the model All of the above
All of the above
What are the characteristics of a master file? Is conceptually similar to a ledger in a manual AIS Are permanent Contain individual records which are frequently changed May have records which are added to it All of the above
All of the above
What criteria contribute to systems reliability? Developing and documenting policies Effectively communicating policies to all authorized users Designing appropriate control procedures Monitoring the system and taking corrective action All of the above None of the above.
All of the above
Which of the following are requirements of a relational database? All nonkey (primary and foreign) attributes must describe a quality of the item identified by the primary key. Primary keys cannot be null or empty. Foreign keys (if not empty) must be a primary key in another table. All of the above. None of the above.
All of the above
Which of the following is a method of controlling remote access? Border Routers Firewalls Intrusion Prevention Systems All of the above None of the above
All of the above
Which of the following is a source document associated with the revenue cycle? Sales order Deposit slip Credit memo Bill of lading All of the above
All of the above
Which of the following is NOT a factor that can influence encryption strength? Encryption algorithm Key length Policies for managing cryptographic keys All of the above affect encryption strength
All of the above affect encryption strength
When loading data to be used in data analytics, the data may be placed into a schema including, for example, which of the following? A relational set of tables XBRL JSON All of the above are correct.
All of the above are correct.
Which of the following are internal control functions? Preventive controls Detective controls. Corrective controls. All of the above are internal control functions.
All of the above are internal control functions.
Which of the following is NOT one of the five major business processes or transaction cycles? Expenditure Production Human Resource & Payroll Revenue Financing All of the above are major cycles.
All of the above are major cycles.
Identity theft can be prevented by: monitoring credit reports regularly. sending personal information in encrypted form. immediately cancelling missing credit cards. shredding all personal documents after they are used. All of the above.
All of the above.
Spyware infections came from: worms/viruses. drive-by downloads. file-sharing programs. All of the above.
All of the above.
What control procedures reduce the risk of paying the same invoice twice? Invoices are approved for payment only when accompanied by a complete voucher packet. Only the original invoice copy should be paid. Paid invoices should be marked "paid". Payment should never be made on an invoice copy. All of the above.
All of the above.
What is (are) a principle(s) behind enterprise risk management (ERM)? Uncertainty can result in opportunity. The ERM framework can help management manage uncertainty. Uncertainty results in risk. All of the above. None of the above.
All of the above.
Which functions should be segregated? Authorization and recording Authorization and custody Recording and custody All of the above. None of the above.
All of the above.
A person using robotic process automation (RPA) software designs which of the following, which is an autonomous computer program designed to perform a specific task? Data swamps Dark data A data dashboard A bot
Abot
If the information is inaccurate or incomplete on a sales order: a. inefficiencies are created in the processing of the sales order. b. negatively affect customer perceptions. c. Both answers a and b are correct. d. None of the above is correct.
Both answers a and b are correct.
Which of the following items are considered detective controls? Log analysis Intrusion detection systems Both log analysis and Intrusion Detection Systems None of the above
Both log analysis and Intrusion Detection Systems
Which of the following is a major privacy-related concern? Spam Identity theft Both spam and identity theft Neither spam nor identity theft
Both spam and identity theft
Access controls include the following: a. require employee logouts when the workstations are left unattended. b. prohibitions against visitors roaming the building in which computers are stored. c. Both a and b. d. Neither a nor b.
C
Which of the following are internationally recognized best practices for protecting the privacy of customers' personal information. Organizations should explain the choices available and obtain their consent to the collection of customer data prior to its collection. Use and retention of customer information as described by their privacy policy. Disclosure to third parties only according to their privacy policy. All of the above.
All of the above.
Which of the following is (are) a component(s) of COSO's internal control model? Control activities Risk assessment Monitoring All of the above.
All of the above.
What is data? All of the facts that are collected, stored, and processed by an information system All of the debit and credit information about each transaction The output which results from the input of information The same thing as information
All of the facts that are collected
A network of computers used in a denial-of-service (DoS) attack is called a (an): a. Worm. b. Botnet. c. Rootkit. d. Splog.
B
Which of the following represents an organization that issues documentation as to the validity and authenticity of the owner of a public key? Symmetric Key Infrastructure Digital Clearing House Certificate Authority Digital Signature Repository
Certificate Authority
Which of the following controls checks the accuracy of input data by using it to retrieve and display other related information? Prompting Validity check Closed-loop verification All of the above.
Closed-loop verification
There are many threats to accounting information systems. Which of the following is an example of an Intentional Act. War and attack by terrorists Hardware or software failure Computer fraud Logic errors
Computer fraud
Which function does the rectangle symbol represent in a flowchart? Online keying Display Computer processing Manual operation
Computer processing
What type of data analysis tests a hypothesis and provides statistical measures of the likelihood that the data supports or refutes a particular hypothesis? a. Confirmatory b. Visualization c. Predictive d. Prescriptive
Confirmatory
The process of analyzing data and removing two or more records containing identical information is referred to as what type of data? Dirty data Data cleaning Data de-duplication All of the above
Data de-duplication
The process of removing records or fields of information from a data source is referred to as: Data cleaning Data de-duplication Dirty data Data filtering
Data filtering
The process of replacing a null or missing data value with a substituted value is referred to as: Data imputation Data contradiction error Data threshold violation Data entry error
Data imputation
Cryptic data values are: Data items having no apparent meaning without understanding the underlying coding scheme Data items having an assumed meaning including understanding the underlying coding scheme Data items combined from two or more fields into a single field None of the above.
Data items having no apparent meaning without understanding the underlying coding scheme
Which method of gathering business intelligence uses sophisticated statistical analysis and neural networks to aid in decision making? Data Warehousing Semantic data modeling Data mining None of the above.
Data mining
Separating data from a single field into multiple fields when performing data standardization is referred to as: Data parsing Data concatenation Data pivoting All of the above
Data parsing
Data errors that occur when a particular data value falls outside of a specified, allowable level are referred to as: Dirty filtering Misguided data values Data threshold violations Violated attribute dependencies
Data threshold violations
Analyzing data before, during and while finalizing the data transformation process is called: Violated attribute dependencies Data validation Data de-duplication Misfielded data values
Data validation
Which of the following is the use of a graphical representation of data to convey meaning to the stakeholders? Data storytelling Data visualization Data dashboard Diagnostic data
Data visualization
Attributes of high-quality data include accurate data. Which of the following is the definition of accurate data? Data not omitting aspects of events or activities Data which is correct and free of errors Data presented in the same format, time after time Data which measures what is intended to measure None of the above
Data which is correct and free of errors
Skills recommended by two of the Big 4 accounting firms for what the average accountant should know about data analytics include gaining familiarity with which of the following analytics tools? Database tools such as SAP, Microsoft, and Oracle Query languages such as SQL ACL and IDEA
Database tools such as SAP, Microsoft, and Oracle
Which of the following is a major activity for the revenue cycle? Receive items Forecast production Record time spent on specific jobs Deliver or ship order
Deliver or ship order
What type of analytics is built on examination of the data and tries to answer the question 'why did this happen?" Descriptive analytics Diagnostic analytics Predictive analytics Prescriptive analytics
Diagnostic analytics
Which of the following system(s) compares actual performance with planned performance? Boundary system Belief system Diagnostic control system Interactive control system None of the above.
Diagnostic control system
10. Examples of data visualization types comparing how two numeric variables fluctuate with each other include: A. Heatmaps B. Line charts C. Scatterplots D. Answers a and c
D
An entity is something about which information is stored. What is the term for the characteristics of interest that are stored about an entity such as a pay rate or an address? a. Field b. File c. Record d. Attribute
D
An example of a data field containing only two different responses, typically 0 or 1, is referred to as: A. A dummy variable B. A dichotomous variable C. Misfielded data values D. Answers a and b E. None of the above
D
Examples of data structuring include which of the following? A. Data pivoting B. Data joining C.Data parsing D. Answers a and b only
D
Trend evaluation charts showing changes over an ordered variable, most often a measurement over time, include: A. Line charts B. Area charts C. Bullet charts D. Answers a and b only E. Answers a and c only
D
A text file that contains data from multiple tables or sources and merges that data into a single row is known as a: Flat file Data owner file Delimiter file Text qualifier file
Flat file
Which of the following creates an environment where computer fraud is less likely to occur? Hire employees without adequate security and criminal checks. Assume that corporate security policies are understood by all employees. Increase the penalties for committing fraud. None of the above.
Increase the penalties for committing fraud.
Which of the following actions are used to reduce a fraud loss after a fraud occurs? Implement a fraud hotline. Conduct periodic external and internal audits. Maintain adequate insurance. Develop a strong system of internal controls.
Maintain adequate insurance.
Which documentation technique illustrates the flow of documents and information among areas of responsibility within an organization? Data Flow Diagram Document flowchart Process flowchart System flowchart
Document flowchart
Data structuring: a. Describes the way data is stored b. Describes the relationships between different fields in the data c. Is the process of changing the organization and relationships among data fields d. Answers a and c only e. Answers a, b, and c
E
Examples of data visualization types comparing data across categories or groups include: A. A bar chart B. A correlation chart C. A bullet chart D. Answers a and b E. Answers a and c
E
What are the benefits associated with database technology? A.Data sharing B.Data integration C.Data independence D.Answers a and b only E.Answers a, b, and c
E
What is (are) the component(s) of a data dictionary? a. Field length b.Field type c.Authorized users d.Data location e.Answers a, b, and c are correct.
E
Which of the following is NOT a characteristic of useful information? a. Relevant b. Verifiable c. Timely d. Accessible e. Cost-effective
E
A computer fraud and abuse technique that steals information, trade secrets, and intellectual property. Cyber-extortion. Data diddling. Economic espionage. Skimming.
Economic espionage.
Which of the following is a fundamental control for protecting privacy? Information rights management (IRM) software Training Encryption None of the above
Encryption
Which of the following statements is true? Hashing is reversible, but encryption is not. Encryption is reversible, but hashing is not. Both encryption and hashing are reversible. Neither hashing nor encryption are reversible.
Encryption is reversible, but hashing is not.
A single or a few data points lying outside the normal values in a particular data set are called: Median data Mean data Outlier data Data overfitting
Outlier data
In order for an act to be legally considered fraud it must be all of the following except: A material fact. Justifiable reliance. A false statement. No intent to deceive. An injury or loss suffered by the victim.
No intent to deceive.
Which of the following is considered a financial pressure (as opposed to emotional or lifestyle pressures) that can lead to employee fraud? Gambling habit. Greed. Poor credit ratings. Job dissatisfaction.
Poor credit ratings.
Which of the following maintains two copies of a database in two separate data centers at all times and updating both copies in real-time as each transaction occurs. Real-time mirroring Full backups Incremental backups Archiving
Real-time mirroring
Which step would a computer incident response team (CIRT) team take first in the incident response process? Containment of the problem Recovery Follow up Recognition that the problem exists
Recognition that the problem exists
All of the following are classifications of computer fraud except: Input fraud. Reconciliation fraud. Computer instructions fraud. Processor fraud. Output fraud.
Reconciliation fraud.
Which of the following would be an activity associated with the human resources/payroll cycle? Deposit cash receipts Adjust customer account Pay for items Record time worked by employees
Record time worked by employees
A foreign key imposes a specific kind of integrity to related tables. What is the name of this integrity? Schema Referential Independence Data None of the above
Referential
Which of the following is a method used to embezzle money a small amount at a time from many different accounts? Data diddling. Pretexting. Spoofing. Salami technique.
Salami technique.
Which of the following devices should NOT be placed in the demilitarized zone (DMZ)? Web server Sales department server Mail server Remote access server
Sales department server
Which of the following is NOT one of the support activities in the value chain of an organization? Service Purchasing Firm Infrastructure Technology Human Resources
Service
Which of the following is NOT a control for mitigating the risk of posting errors in accounts receivable? Data entry controls. Set proper credit limits. Reconciliation of batch totals. Mailing monthly statements to customers.
Set proper credit limits.
The ERM model includes an element called Risk Response. According to that element, which of the following is an appropriate way to respond to risk? Implement a system to effectively monitor risk. Estimate material risk assessments. Share the risk with another. All of the above.
Share the risk with another.
Which type of network filtering screens individual IP packets based solely on the information in that packet's header fields? Static packet filtering Stateful packet filtering Deep packet filtering None of the above
Static packet filtering
Which of the following is NOT a typical Enterprise Resource Planning system module? Financial Strategic Planning Manufacturing. Project Management
Strategic planning
What type of data refers to data that is highly organized and fits into fixed fields? Unstructured data Semi-structured data Structured data Data marts
Structured data
The same key is used to encrypt and decrypt in which type of encryption systems? Symmetric encryption systems Asymmetric encryption systems Neither of the above
Symmetric encryption systems
"Get me the date attribute of the third tuple in the sales order relation." What is being requested? The person wants the value in the date field of the third table that is related to sales order. The person wants the value in the date field in the third row of the sales order item table. The person wants the value in the date field of the third sales order that is related to the sales order item table. The person wants the value in the date field of the third record in the sales order table. None of the above.
The person wants the value in the date field of the third record in the sales order table.
Which of the following is a threat to the Sales Order Entry activity of the Revenue Cycle? Uncollectible accounts. Failure to bill. Billing errors. Theft of inventory.
Uncollectible accounts.
The first step in transforming data is to: Standardize, structure, and clean the data Validate data quality and achievement of data requirements Understand the data and the desired outcome Document the transformation process
Understand the data and the desired outcome
When the same, non-key, data element is stored multiple times in table it creates an anomaly known as the: Delete Anomaly. Update Anomaly. Insert Anomaly. None of the above.
Update Anomaly.
Data manipulation language is used to do which of the following? Updating the database Creating the database Querying the database All of the above
Updating the database
Which of the following uses encryption to create a secure pathway to transmit data? Encryption tunnel Virtual Private Network (VPN) Demilitarized Zone None of the above.
Virtual Private Network (VPN)
Prescriptive analytics answer which of the following questions? "What should be done?" "What is likely to happen in the future?" "Why did this happen?" "What happened?"
What should be done?"
The time based model of security does not include which factor to evaluate the effectiveness of an entity's security controls The time it takes an attacker to break through the entity's preventative controls. The time it takes to determine that an attack is in progress. The time it takes to respond to an attack. The time it takes to evaluate the financial consequences from an attack.
The time it takes to evaluate the financial consequences from an attack.
Which of the following is not a characteristic of computer viruses? They can lie dormant for a time without doing damage. They can mutate which increases their ability to do damage. They can hinder system performance. They are easy to detect and destroy.
They are easy to detect and destroy.
Which of the following is considered a disadvantage of an Enterprise Resource Planning (ERP) system? Data input is captured once Time required for implementation Customer relationship management Increased productivity
Time required for implementation
What is a method that companies use to minimize the risk of inferior quality products? Tracking and monitoring product quality by supplier. Using encryption techniques Providing adequate storage All of the above.
Tracking and monitoring product quality by supplier.
The control known as closed loop verification is associated with: accuracy of updating customer accounts. preventing the theft of cash. encryption controls. separation of billing and shipping functions.
accuracy of updating customer accounts.
In order for an accounting information system to meet the needs of systems users, one must take into account the types of decisions that are made. Decisions vary from repetitive and routine to nonrecurring and non-routine. How would you classify a decision where no framework or model exists for the decision? a. Structured b. Semi-structured c. Unstructured
c
Defense in depth utilizes what techniques to assure security? a. Employs multiple layers of controls b. Provides redundancy of controls c. Utilizes overlapping and complementary controls d.All of the above e. None of the above
d
The open invoice method involves which of the following activities? customers pay from a balance on a monthly statement. remittances are applied against a total account balance. customers pay specific invoices. None of the above.
customers pay specific invoices.
Time bombs are most likely planted in an information system by: advertisers. spammers. disgruntled computer programmers. customers who have read-only access.
disgruntled computer programmers.
AIS adds value to an organization by: a.Improving efficiency. b. Sharing knowledge. c.Improving the internal control structure. d. Answers a and b only. e. Answers a, b, and c.
e
High-quality data include which of the following attributes? a. Accurate b. Timely c. Complete d. Answers a and b only e. Answers a, b, and c
e
Online processing data entry controls include: A. prompting. B. closed loop verification. C. trailer record. D. echo check. E. Answers A and B only.
e
The billing cycle includes the following: a. invoicing. b. shipping. c. updating accounts receivable. d. Making bank deposits. e. Answers a and c.
e
Which of the following are included in the ETL Process? A.Loading data B. Transforming data C. Analyzing data D. Extracting data E. a, b, and d only above.
e
an example of a data input would be a(n) payroll check. tax payment. tax report. employee change form.
employee change form.
The practice of allowing kickbacks: improves the position of the company. results in higher quality purchases. impairs the objectivity of the purchaser. provides quantity discounts.
impairs the objectivity of the purchaser.
A document flowchart is particularly useful in identifying the inputs that enter the system. in analyzing the adequacy of control procedures. in identifying the sequence of logical operations performed by the computer. in system analysis.
in analyzing the adequacy of control procedures.
Which inventory system attempts to minimize inventory costs by only purchasing goods required for actual sales orders? Material requirements planning (MRP) Economic order quantity (EOQ) Just-in-time (JIT) Reorder point
just-in-time (JIT)
The least expensive and least effective option for replacing computer equipment lost in a disaster is: leasing a cold site. real-time mirroring creating a hot site. All of the above are ineffective options in disaster recovery.
leasing a cold site.
After the Sarbanes-Oxley Act (SOX) was passed, the Securities and Exchange Commission (SEC) required management to do which of the following: use the same audit firm for at least two consecutive audit years. report material internal control weaknesses. disclose all weaknesses regardless of materiality. conduct 100% substantive testing of all internal controls.
report material internal control weaknesses.
Online processing controls include validity checks on the customer item numbers. sign checks on inventory-on-hand balances. limit checks. All of the above.
sign checks on inventory-on-hand balances.
When a non-null value for the primary key indicates that a specific object exists and can be identified by reference to its primary key value, it is referred to as the referential integrity rule. the relational database rule. the entity integrity rule. None of the above.
the entity integrity rule.
Hackers use all of the following techniques except: war dialing. war driving. war chalking. war walking.
war driving.
Which of the following pressures are classified as Management Characteristics that can lead to financial statement fraud? High management and/or employee turnover Declining industry New regulatory requirements that impair financial stability or profitability Intense pressure to meet or exceed earnings expectations
High management and/or employee turnover
Using colors, contrasts, call-outs, labeling, and any other technique that brings attention or emphasis to an item in a visualization presentation is called: Weighting Data ordering Highlighting Orientation
Highlighting
A facility that is not only pre-wired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities. Archive Checkpoint Cold site Hot site
Hot site
Which of the following does not influence the design of an Accounting Information System (AIS)? Organizational culture Information Technology Business strategy Legal environment
Legal Enviorment
Which of the following is an example of a corrective control? Authentication controls Encryption Log analysis Patch management
Patch management
What type of security controls are authorization controls? Corrective controls Detective controls Preventive controls
Preventive control
Which of the following cannot be blank (null)? Foreign key Secondary key Connecting key Primary key None of the above can be null. Two of the above cannot be null.
Primary key
Which of the following is NOT a common data coding technique discussed in the chapter? a. Mnemonic b. Group c. Sequence d. Block e. Sorted
Sorted
Which of the following is NOT a method that is used for identity theft? Dumpster diving Phishing Shoulder surfing Spamming
Spamming
Two errors are possible when specifying a null and alternative hypothesis concerning certain data. A type II error is: The incorrect rejection of a true null hypothesis The correct rejection of a true null hypothesis The failure to reject a false null hypothesis The correct rejection of a false null hypothesis
The failure to reject a false null hypothesis
A type I error in hypothesis testing is: The incorrect rejection of a true null hypothesis The correct rejection of a true null hypothesis The failure to reject a false null hypothesis The correct rejection of a false null hypothesis Answers a, b, and c
The incorrect rejection of a true null hypothesis
What is an assumption underlying the valuation of internal controls? Costs are more difficult to quantify than revenues. The primary cost analyzed is overhead. The internal control should at least provide reasonable assurance that control problems do not develop. d. None of the above.
The internal control should at least provide reasonable assurance that control problems do not develop.
Which of the following provides the low-level view of the database? Conceptual-level schema External-level schema The internal-level schema None of the above
The internal-level schema
What is one unusual feature of an imprest petty cash fund? The threat of misappropriation of assets. The lack of segregation of duties involved in administering the account. It has an audit trail. The account is reviewed periodically by internal auditors.
The lack of segregation of duties involved in administering the account.
The objective of approving and paying vendor invoices is to ensure: company pays only for goods and service ordered. company pays only for goods and service received. company pays only for goods and service ordered and received. None of the above.
company pays only for goods and service ordered and received.
Data entry controls do NOT include field checks. sign checks. parity checks. range checks.
parity checks.
A computer crime that involves attacking phone lines is: data diddling. phreaking. phishing. pharming.
phreaking.
An effective method of reducing the risk of theft is an annual inventory count. proper segregation of duties. requiring the employee who maintains custody of inventory to also record inventory transactions. All of the above. None of the above.
proper segregation of duties.
A collection of structured, semi-structured, and unstructured data stored in a single location is called: A data lake A data mart A data swamp None of the above
A data lake
Which of the following provide useful information for evaluating current credit policies and for deciding whether to increase the credit limit for specific customers? Cash budget Profitability analysis reports Sales analysis reports Accounts receivable aging schedule
Accounts receivable aging schedule
According to Statement on Auditing Standards No. 99 (SAS 99) an auditor should do all of the following during an audit except: Incorporate a technology focus. Identify, assess, and respond to risks. Acquire malpractice insurance in case the auditor does not detect an actual fraud during the audit. Document and communicate findings.
Acquire malpractice insurance in case the auditor does not detect an actual fraud during the audit.
Which of the following is not part of the fraud triangle? a Pressure Opportunity Rationalization All are part of the fraud triangle.
All are part of the fraud triangle.
Accounting Information Systems (AIS) is most likely applicable to which area of accounting? Tax accounting Public Accounting Management consulting All of the above are applicable to AIS. None of the above.
All of the above
An audit trail consists of which of the following items? Sales invoice Sales Journal Accounts Receivable Ledger All of the above
All of the above
An electronic lockbox has which of the following functions? Safeguards cash Improves cash management Minimizes the time customer checks are in the mail All of the above.
All of the above
General authorization is different from specific authorization. With general authorization an employee in the proper functional area can: authorize typical purchases of inventory items. approve purchases within normal customer credit limits. endorse checks for deposit. approve sales returns and allowances. approve vendor invoices for payment. All of the above.
All of the above
High-quality data visualizations follow which of the following important design presentation principles? Simplification Emphasis Ethical All of the above
All of the above
Which of the following is known as a zero-day attack? An attack between the time a new software vulnerability is discovered and the time a patch for fixing the problem is released. An attack on the first day a software program is released. An attack on New Year's Day since it is a holiday and most people are not at work. None of the above.
An attack between the time a new software vulnerability is discovered and the time a patch for fixing the problem is released.
According to sound internal control concepts, which of the following systems duties should be segregated? Programming and Systems Administration Computer operations and programming Custody and record keeping. Answers 1 and 2 are correct.
Answers 1 and 2 are correct.
The threat of inaccurate inventory records can be mitigated by which of the following controls? Bar coding or RFID tags Review of purchase orders Verification of invoice accuracy Supplier audits None of the above.
Bar coding or RFID tags
What is the term that companies use to describe the massive amounts of data they now capture, store, and analyze for their daily operations? Big data Data veracity Structured data Data Lake None of the above
Big data
Which of the following best describes the sequence of the supply chain? a.Retailer, distributor, manufacturer, raw materials supplier, and consumer b.Manufacturer, distributor, raw materials supplier, retailer, and consumer c.Raw materials supplier, manufacturer, distributor, retailer, and consumer d.Raw materials supplier, manufacturer, retailer, distributor, and consumer
C
Which of the following is NOT an element of data processing? a. Create b. Update c. Reconcile d. Delete
C
According to the opportunity part of the fraud triangle, a person may do all of the following acts except: Convert the theft or misrepresentation for personal gain. Control the fraud. Commit the fraud. Conceal the fraud.
Control the fraud.
Which of the following is a guideline for preparing flowcharts? a. Flowchart only the normal flow of operations. b. Assume that the reader will know the direction of the flow. c. Identify the entities to be flowcharted. d. Show final disposition of all documents. e. Include data stores where appropriate. f. Answers to a, c, and d
F
This type of key is used to link rows from one table to the rows in another table. Primary key Foreign key Encryption key Public key
Foreign key
Which of the following is NOT a "primary activity" that directly provides value to the customer? Inbound logistics Operations Human resources Outbound Logistics
Human resources
What is the first step in protecting the confidentiality of intellectual property and other sensitive business information? Encrypt the data. Install information rights management software. Employ deep packet inspection techniques on all incoming packets. Identify where confidential data resides and who has access to it.
Identify where confidential data resides and who has access to it.
Social engineering is most likely to facilitate what type of computer fraud? Click fraud Identity theft Spoofing Dictionary attacks
Identity theft
Ordering unnecessary items can result from: Competitive bidding. Inaccurate perpetual inventory records. Require receiving employees to sign the receiving report. None of the above.
Inaccurate perpetual inventory records.
Reliability refers to the characteristic of information whereby Uncertainty is reduced. Information is free from error or bias. Timely. Verifiable.
Information is free from error or bias
A scheme where the perpetrator steals the cash or check that customer A mails in to pay its accounts receivable, then the perpetrator takes the funds from customer B to later cover that account. And so on with Customer C. Computer fraud Employee fraud Kiting Lapping
Lapping
Which of the following is not a principle applicable to project development and acquisition controls? Strategic master plan Project controls Steering committee Network management
Network management
A chart of accounts: is a list of all accounts in the organization with each account identified by a three- or four-digit code. is used to summarize each customer's current balance. provides an audit trail. is a list of all permanent accounts in the organization. Temporary accounts, such as revenue and expense accounts, are not included in the chart of accounts. None of the above.
None of the above
Which of the following backup procedures copies all changes made since the last full backup? Incremental backup Differential backup Archive backup None of the above.
None of the above.
Which of the following statements is true regarding authorization controls? Permits access to all aspects of an entity's operating system Permits the user to engage in all operating actions Permits the user unlimited ability to change information All of the above. None of the above.
None of the above.
Which of the following data analysis techniques is the most complex AND provides the most value added to an organization when performed properly? Descriptive Predictive Prescriptive Diagnostic None of the above
Prescriptive
Which of the following is NOT a major business cycle? The production cycle The revenue cycle The financing cycle The cash receipts cycle The payroll cycle
The cash receipts cycle
What is the most effective technique used to minimize the risk of an inaccurate inventory counts? Quick visual comparison of amounts received and those indicated on the packing slip Using the Economic Order Quantity model The use of a bar-coding or radio frequency identification tag (RFID) system The use of just-in-time (JIT) accounting systems.
The use of a bar-coding or radio frequency identification tag (RFID) system
Which of the following is NOT a threat associated with billing and accounts receivable? Failure to bill customers An error in billing Posting errors in updating accounts receivable Theft of cash
Theft of cash
A flowchart is an analytical technique used to describe the data flows and sources and destinations and data stores of a system. an analytical technique used to describe some aspect of an information system in a clear, concise, and logical manner. a piece of hard plastic used to draw symbols. a graphical description of the flow of data within an organization and the processes performed on that data, as well as the sources and destinations of data.
an analytical technique used to describe some aspect of an information system in a clear, concise, and logical manner.
Disaster recovery and testing plans should be done: only when a disaster seems imminent. only immediately after disaster recovery is designed. at least annually. only if determined to be necessary.
at least annually.
Why are documentation tools important? a.They show how a system works. b.They can be used to evaluate internal control systems. c.Both answers a and b are correct. d. Neither answer a nor b is correct.
c
The computer crime of piggybacking can involve the clandestine use of another user's WIFI. usually results from spamming. requires the permission of another user to gain access. None of the above.
can involve the clandestine use of another user's WIFI.
The risk of receiving unordered goods is prevented most effectively by surprise audits. recalculation of invoice prices. instruct the receiving department to accept deliveries only those goods where there is an approved copy of the purchase order. All of the above..
instruct the receiving department to accept deliveries only those goods where there is an approved copy of the purchase order.
Kiting is a scheme in which: insufficient funds are covered up by deposits made at one bank by checks drawn at another bank. a computer system is infiltrated under false pretenses. an external user impersonates an internal user. None of the above.
insufficient funds are covered up by deposits made at one bank by checks drawn at another bank.
A credit memo is issued by the customer. is issued by the cashier. is issued by the credit manager. increases accounts receivable.
is issued by the credit manager.