ACC 535 Final Question Bank
Insurance on a computer installation is an example of a(n) ____ cost.
Tangible
Which of the following benefits can be reasonably quantified?
Tangible benefits
An important segment of the outsourcing market is the application service provider (ASP), which hosts, manages, and provides access to hardware and software over the Internet to multiple users.
True
An intangible cost is one that cannot be reasonably quantified, such as productivity losses caused by low employee morale.
True
An intrusion-detection systems (IDS) logs and monitors who is on or trying to access the network.
True
As a user, the accountant might initiate the AIS acquisition.
True
As an analyst, the accountant could be the development team member who conducts a preliminary survey.
True
As data from the existing system are mapped into the new system, exception-reporting situations must be devised to ensure that the data are converted accurately.
True
Batch control plans regulate information processing by calculating control totals at various points in a processing run and subsequently comparing those totals.
True
Biometric identification systems identify authorized personnel through some unique physical trait such as fingers, hands, voice, eyes, face, or writing dynamics.
True
Business continuity planning is the process that identifies events that may threaten an organization and provide a framework whereby the organization will continue to operate when the threatened event occurs or resume operations with a minimum of disruption.
True
Collaborative processes across the supply chain using a set of processes and technology models are called Collaborative Planning, Forecasting, and Replenishment (CPFR).
True
Combining the functions of authorizing and executing events is a violation of the organizational control plan known as segregation of duties.
True
Computer hacking and cracking is the intentional, unauthorized access to an organization's computer system, accomplished by bypassing the system's access security controls.
True
Confirm input acceptance is a control that helps ensure input completeness by informing the user that the input has been accepted for processing.
True
Control redundancy addresses whether too many control plans are directed toward the same control goal.
True
Digital signatures allow the vendor to determine that the sender of the message has the authority to send it and thus prevents an unauthorized purchase.
True
Document/record counts are simple counts of the number of documents entered.
True
Dollar totals are a summarization of the dollar value of items in the batch.
True
E-procurement is the use of information technology to automate significant portions of the procurement process.
True
EOQ is a technique of analyzing all incremental costs associated with acquiring and carrying particular items of inventory.
True
Enterprise systems are often implemented using the direct approach.
True
Evaluated receipt settlement (ERS) is a process by which an organization pays for a purchase on the basis of the goods receipt.
True
Forced vacations is a policy of requiring an employee to take leave from the job and substitute another employee in his or her place.
True
IT governance is a process that ensures that the organization's IT sustains and extends the organization's strategies and objectives.
True
In a batch sequence check a computer program sorts the input documents into numerical order; checks the documents against the sequence number range; and reports missing, duplicate, and out-of-range data.
True
In many organizations professional buyers do the actual buying.
True
In the flowchart for the AP/DC process the symbol below represents the enterprise database.
True
In the parallel approach to systems implementation, both the new and old systems operate together for a period of time.
True
Indirect benefits are not directly attributable to the system or the system change.
True
Input control goals include those to ensure input validity, input completeness and input accuracy.
True
Intangible benefits are those that cannot be reasonably quantified, such as those that result from having improved information.
True
Intrusion-prevention systems (IPS) actively block unauthorized traffic using rules specified by the organization.
True
It is difficult to independently validate the vendor invoice if we do not segregate purchasing, receiving, and accounts payable.
True
Outsourcing is a term that describes an organization's assigning any of its internal functions (e.g., accounting, legal, or IT) to an outside vendor.
True
Periodic cleaning, testing, and adjusting of computer equipment is referred to as preventative maintenance.
True
Program change controls provide assurance that all modifications to programs are authorized and documented, and that the changes are completed, tested, and properly implemented.
True
Program documentation provides a description of an application program and usually includes the program's purpose, program flowcharts, and source code listings.
True
Programmed edit checks are edits automatically performed by data entry programs upon entry of the input data.
True
Purchase returns and allowances usually occur at the point of inspecting and counting the goods or at the point of validating vendor invoices.
True
RFID tags are computer chips with an antenna that contains information about the object to which it is attached.
True
Segregation of duties consists of separating the four functions of authorizing events, executing events, recording events, and safeguarding the resources resulting from consummating the events.
True
Similar to the developer of an industrial park, an organization's management or IT steering committee approves a systems development project for further systems development.
True
Specifying control goals is the first step in preparing a control matrix.
True
Structured systems analysis is a set of procedures conducted to generate the specifications for a new (or modified) information system or subsystem.
True
Structured systems design is a set of procedures performed to convert the logical specification into a design that can be implemented on the organization's computer system.
True
Systems documentation provides an overall description of the application, including the system's purpose; an overview of system procedures; and sample source documents, outputs, and reports.
True
Systems maintenance is the modification of existing applications.
True
Systems operation includes the post-implementation review.
True
Tangible benefits are those that can be reasonably quantified, such as reduced equipment costs and increased revenues.
True
Users, managers, and auditors are required to participate in the systems development project. These people generally provide approvals, often called signoffs, at preestablished management control points.
True
When the vendor payment is made, the general ledger is updated for the cash disbursement.
True
Whereas a receiving report normally indicates that goods have been received, some organizations use an acceptance report to acknowledge formally the satisfactory completion of a service contract.
True
With continuous data protection (CDP) all data changes are data stamped and saved to secondary systems as the changes are happening.
True
With continuous replenishment (CRP) a vendor obtains a buyer's current sales, demand, and inventory data in real time and replenishes the buyer's inventory.
True
With the modular approach to systems implementation, the new system either is implemented one subsystem at a time or is introduced into one organizational unit at a time.
True
Within the data center, the data control group is responsible for routing all work into and out of the data center, correcting errors, and monitoring error correction.
True
Within the data center, the data librarian function grants access to programs, data, and documentation.
True
Within the make payment process, the three sub-processes are "Prepare proposed payments," "Select and record payments," and "Issue and record disbursements."
True
Written approval takes the form of a signature or initials on a document to indicate that the proper person has authorized the event.
True
Which of the following is not typically a role for the accountant in a system's implementation?
programmer
COBIT was developed to:
provide guidance to managers, users, and auditors on the best practices for the management of information technology
All of the following are types of programmed edit checks except:
proximity check
Assume that one of the process bubbles in the Purchasing Process - Level 0 Diagram is called "order goods and services." The data flow between "order goods and services" and the "vendor" is called a:
purchase order
The document one business sends to another business that identifies the goods or services to be purchased is a:
purchase order
At the time that a purchasing orders goods and services, the process is likely to interact with all of the following data stores except the:
purchase receipts data
An exception routine is usually performed for:
purchase returns and allowances
In an information systems organization, all of the following functions might logically report to the data center manager except:
quality assurance
A "blind" copy of the purchase order should be sent to receiving so that:
receiving clerks will be forced to actually count the goods that are received
In the control matrix, the rows represent:
recommended control plans including both present & missing controls
Information technology has enhanced the AP/CD process by:
reducing the cost to process an invoice by up to 40%
The project completion report will include all of the following except:
request for proposals
When large or expensive items are purchased, most organizations make use of a procedure to obtain competitive bids from multiple vendors. The document used to obtain competitive bids is called a(n):
request for quotation
Outputs of the systems analysis phase of development typically would include all of the following except:
requests for proposal (RFP) for software/hardware acquisition
A policy that requires employees to alternate jobs periodically is called:
rotation of duties
Protecting resources against environmental hazards might include all of the following control plans except:
rotation of duties
An outside auditing firm annually supervises a physical count of the items in a retail store's shelf inventory. This is an example of:
safeguarding resources
Alternative names for contingency planning include all of the following except:
business disaster planning
The annual maintenance of in-house software is typically 25% of the development cost, whereas the annual maintenance of purchased software is typically 50% of the purchase price.
false
The chief information officer (CIO) prioritizes and selects IT projects and resources.
false
The cost/benefit study attempts to answer the questions, "which alternative accomplishes the user's goals for the least cost (or greatest benefit)?" and "which alternative best accomplishes a user's goals for the system being developed?"
false
The disaster recovery strategy known as a cold site is a fully equipped data center that is made available to client companies for a monthly subscriber fee.
false
The most effective attacks originate from a small cluster of computers in a remote geographic location.
false
The systems development function provides efficient and effective operation of the computer equipment.
false
These guidelines are appropriate only when an organization is going to acquire an AIS, not when they plan to develop it in-house.
false
To ensure that all necessary maintenance requests are submitted, users should never be charged for maintenance costs.
false
A mechanism by which a company is reimbursed for any loss that occurs when an employee commits fraud is called a:
fidelity bond
In an AP/CD process, a process "make payment" normally would be triggered by the data flow:
payment due date information
Entity resources that are always considered in efficiency assessments for an AIS are:
people and computers
The type of maintenance that is conducted to improve the performance of an application is referred to as:
perfective
Sending out an e-mail pretending to be a legitimate business asking for information about a person's account is called:
phishing
The segregation of duties control plan consists of separating all of the following event-processing functions except:
planning events
Checking to see if the new system is doing what it is supposed to do is part of:
post-implementation review
A control that can be used to ensure that all of the characters of a social security number are entered by a data entry clerk is:
preformatted screens
A control whose primary purpose is to ensure greater input accuracy is:
preformatted screens
The number of sales transactions that can be entered within a specified period of time is a measure of the computer system's:
throughput
Typically, all of the following are tasks of structured systems design except:
to recommend which computer hardware to use for the new system
E-payments are settled through the ACH network, by wire transfer, or by debit or credit card.
true
In a relational table for PURCHASE_RECEIPTS, the primary key would be the receipt number (Rec_No).
true
Supply chain management (SCM) is the combination of processes and procedures used to ensure the delivery of goods and services to customers at the lowest cost while providing the highest value to the customers.
true
The cost/effectiveness study attempts to answer the questions, "which alternative accomplishes the user's goals for the least cost (or greatest benefit)?" and "which alternative best accomplishes the user's goals for the system being developed?"
true
In a control matrix P-1 stands for process number one.
False
A variation of the limit check is the reasonableness check.
True
In a relational table for VALID_INVOICES, the primary key would be the vendor number.
False
ABC analysis is a technique for ranking inventory items according to their relative importance.
True
Which of the following would be the likely trigger for the structured systems analysis step of systems development?
An approved feasibility document
In order to implement a batch sequence check transactions must be captured on documents that are randomly numbered.
False
In selecting a vendor, a buyer may need to obtain competitive bids by means of a document called a purchase order.
False
In the ER diagram for AP/CD process, CASH_DISBURSEMENTS are prepared by EMPLOYEES (Treasury Employees).
False
In the ER diagram of the AP/CD process, VALID_INVOICES are received from the purchasing department.
False
In the control matrix M-1 stands for missing process number one.
False
Independent authorization to make payment ensures that only authorized purchases are made.
False
Individual departments coordinate the organizational and IT strategic planning processes and reviews and approves the strategic IT plan.
False
Inventory personnel use the vendor master data to select an appropriate vendor.
False
Access control software ensures that only authorized users gain access to a system through a process of identification and authentication.
True
It is not uncommon for the copy of the PO available for the receiving department to be a carbon copy, meaning that certain data is blanked out.
False
According to COBIT, IT resources include applications, information, infrastructure, and people.
True
The debit entry in the general ledger at the time that the vendor invoice is recorded will be to a clearing account because of the:
all of the above
Master data control plans regulate transaction processing by calculating control totals at various points in a processing run and subsequently comparing these totals.
False
Notifications that a PO has been prepared and sent to the vendor are sent to the receiving department, the accounts receivable process, and the department or process that requested the purchase.
False
Of the three approaches to systems implementation presented in the text, the parallel approach is the riskiest.
False
Online prompting helps guide the online entry of data by defining the acceptable length and format of certain fields.
False
Perfective maintenance is performed to fix errors.
False
Reorder point (ROP) analysis reorders inventory when the item reaches a certain inventory level that was determined in advance based on the item's purchase rate.
False
Software as a Service (SaaS) is a Web-based model for software distribution where multiple users may simultaneously use the software.
False
Structured systems design in the systems development process is analogous to which of the following tasks required in constructing an industrial park?
Finalizing blueprints and other construction-related plans
Which of the following control plans is not a retention control plan?
Occasional performance evaluations
Which of the following techniques has the reorder point based on each inventory item's sales rate?
Reorder point analysis
Which of the following is not one of COBIT's four broad IT control process domains?
Repair & replace
A key control in the AP/CD process is to segregate the treasurer and controller.
True
A paperless system would eliminate documents and forms as the medium for conducting business transactions.
True
According to COBIT, IT resources must be managed by IT control processes to ensure that an organization has the information it needs to achieve its objectives.
True
Adaptive maintenance adjusts applications to reflect changing business needs and environmental challenges.
True
After the conversion is completed, the systems development project team writes the project completion report.
True
After the vendor has been selected, the buyer prepares a purchase order.
True
An RFP is a document sent to vendors that invites submissions of plans for providing hardware, software, and related services.
True
An employee has a conflict of interest when he (she) has a financial interest (direct or indirect) in a company with which the employer does business.
True
An exception and summary report reflects the events that were accepted or rejected by the system.
True
To validate vendor proposals for supplying computer hardware, an organization will assess both a system's specifications and performance.
True
An enterprise system may facilitate the AP/CD process by linking:
all of the above (PO and receiving report, PO and invoice, invoice and the related cash disbursements)
Payments not typically supported by invoices include:
all of the above (payroll, income taxes, and investments)
Software as a Service (SaaS) may include:
all of the above (video hosting and streaming, word processing, and email)
Which of the following data stores would you least expect to see in the Purchasing Process - Level 0 Diagram?
Cash receipts event data
Which of the following items is not a control plan of the AP/CD process?
Check for authorized prices, terms, freight, and discounts
Which of the following activities would not occur when an inventory manager decides to return merchandise to a vendor?
A credit memorandum is issued to the vendor
Which of the following is designed to reflect the formal approval of the voucher for payment?
A disbursement voucher
Which of the following activities is not part of the computer agreement of batch totals?
A person reconciles the manual and computer batch totals
Which of the following is conducted as a follow up to a system's recent implementation?
A post-implementation review
Which of the following is a technique for ranking items in a group based on the value, activity, sales, or other relevant metric for the items?
ABC analysis
Which of the following has the task of evaluating alternative AIS solutions?
AIS selection
A user-directed test of the complete system in a test environment is called a(n) ____ test.
Acceptance
A receiving report is to goods what a(n) ____ is to services.
Acceptance report
Which of the following managers is most likely to report to the controller?
Accounts payable department manager
Which of the following functions cannot be outsourced?
All of these functions can be outsourced
Which of the following is a potential problem with supply chain management initiatives?
All the above (confused lines of responsibility, inaccurate data within the supply chain, over-reliance on demand forecasting)
Which development phase has the purpose of developing specifications for the new or revised system?
Analysis
Which of the accountant roles involves contributing to systems survey and needs analysis?
Analyst
Which of the following hosts, manages, and provides access to software and hardware over the Internet to multiple customers?
Application service provider
Which of the following is not specified in the approved configuration plan?
Appropriate acquisition ancillaries
A warehouse supervisor prepares a sales order listing items to be shipped to a customer and then signs it approving the removal of the items from the warehouse. The supervisor is performing which functions?
Authorizing and executing events
Approving a customer credit purchase would be an example of which basic events processing function?
Authorizing events
From the standpoint of achieving the operations system control goal of security of resources, which of the following segregation of duties possibilities is least important?
Between data control & data preparation personnel
Which of the following triggers the systems selection process?
Both a and b (logical specification and physical requirements)
Which of the following has the responsibility of efficient and effective operation of IT?
CIO
Which one of the following personnel is not involved in safeguarding resources resulting from consummating events?
CIO
Which type of supply chain collaboration methods includes the vendor replenishing standard merchandise while the buyer manages the replenishment of promotion merchandise?
Co-managed inventory
Which type of supply chain collaboration methods includes the retailer and manufacturer forecasting demand and scheduling production jointly?
Collaborative Forecasting and Replenishment (CFAR)
Which type of supply chain collaboration methods includes collaborative processes across the supply chain using a set of processes and technology models?
Collaborative Planning, Forecasting and Replenishment (CPFR)
Which of the following control plans is designed to achieve the goal of input completeness?
Confirm input acceptance
Which type of supply chain collaboration methods includes the vendor obtaining the buyer's current sales, demand, and inventory data in real time and replenishing the buyer's inventory?
Continuous Replenishment (CRP or Vendor Managed Inventory (VMI)
Which of the following is least likely to report directly to the vice president of logistics?
Controller
Issues related to the purchasing function, such as kickbacks, bribes, conflicts of interest, and the like are often addressed by ____.
Corporate codes of conduct
Which of the following is a characteristic of internal hardware sources?
Costs are mainly fixed
Plaintext is a term associated with ____.
Data encryption
The control concern that there will be a high risk of data conversion errors relates primarily to which of the following information systems functions?
Data entry
The controlled access to data, programs, and documentation is a principal responsibility of which of the following functions?
Data librarian
In an information systems organizational structure, the function of ____ is the central point from which to control data and is a central point of vulnerability.
Database administration
In the Purchasing Process - Level 0 Diagram, a data flow called "inventory's purchase requisition" most likely would be sent by the inventory management process to which of the following processes?
Determine requirements
Which of the following issues is not a task of systems selection?
Develop an implementation plan
Which of the following is not a task required to complete structured systems analysis?
Develop the system survey
Which of the following control plans is designed both to authenticate a system user's identity and to verify the integrity of a message transmitted by that user?
Digital signature
Reduced salaries and wages that will result from a systems change are an example of a(n) ____ benefit.
Direct
The cost of computer hardware to be purchased for a new system is an example of a(n) ____ cost for that system.
Direct
Which of the following is a control plan in which the source document is designed to make it easier to input data from the document?
Document design
Which of the following is a batch control total that represents the minimum level of control for input completeness?
Document/record counts
Which of the following reflects a summarization of any numeric data field within the input document or record?
Document/record hash totals
Which of the following techniques analyzes all incremental costs associated with acquiring and carrying particular items of inventory?
EOQ models
Which of the following statements regarding evaluated receipt settlement (ERS) is false?
ERS arrangements are only made with vendors who have proven e-payment records
The purpose of ____ control goals is to ensure the successful accomplishment of the goals set forth for the operations process under consideration.
Effectiveness
The purpose of ____ control goals is to ensure that all resources used throughout the business process are being employed in the most productive manner.
Efficiency
The control plan compare vendors for favorable prices, terms, quality, and product availability is directed primarily at which of the following control goals?
Ensure effectiveness of operations
Online prompting is aimed primarily at ensuring which of the following information systems control goals?
Ensure input accuracy
In the Level 0 DFD for an AP/CD process, a data flow called "vendor invoice" most likely would be sent by the vendor to which of the following processes?
Establish payable
In the Level 0 DFD for an AP/CD, a data flow called "receiving report" most likely would be sent by the purchasing process to which of the following processes?
Establish payable
Fraud abuses in the AP/CD process usually entail creating phony customers or submitting fictitious purchase orders.
False
Goal congruence exists when each individual manager's goals are achieved.
False
A dependency check authenticates the identity of a message's sender and verifies the integrity of a transmitted message.
False
A digital signature tests whether the contents of two or more data fields bear the correct logical relationship.
False
A direct cost is one that is directly attributable to the system or the system change, such as reduced overhead costs.
False
A facility usually comprised of air-conditioned space with a raised floor, telephone connections, and computer ports, into which a subscriber can move equipment, is called a hot site.
False
A problem has an economically feasible solution if it can be solved with existing software and hardware technology.
False
A receiving report is an external request for the purchase of goods or services from a vendor.
False
A summation of the dollar value of items in a batch is called a hash total.
False
A tickler file is a manual or computer file of documents that contain completed business data.
False
A true voucher system requires that all expenditures for whatever purpose and in excess of a certain dollar amount be formally approved for payment before they can be paid.
False
A turnaround document is a document that is printed as an output of multiple computer processes and is used to capture and input a previous transaction.
False
According to the context diagram for the purchasing process, when a purchase order is sent to the purchaser, the vendor responds by sending the goods along with a packing slip.
False
An indirect cost is one that is directly attributable to the system or the system.
False
Antivirus is a technique to protect one network from another "untrusted" network.
False
Application controls restrict access to data, programs, and documentation.
False
As an analyst, the accountant could be involved in change management issues and/or technical aspects of converting data, software, and hardware from the old to the new AIS.
False
As an internal auditor the accountant could be called in to complete the design, help prepare the contracts, or help plan, conduct, and evaluate the system tests.
False
As depicted in the text, the approved configuration plan is the final output of the software and hardware study.
False
As used in the purchasing process chapter, the term "goods and services" refers to raw materials, merchandise, supplies, fixed assets, or intangible assets only.
False
Chapter 13 describes the electronic invoicing and payment (EIPP) system for the B2C environment.
False
Control effectiveness addresses how individual control plans achieve multiple control goals.
False
Control efficiency addresses whether control goals are being achieved.
False
Conversion to new computer programs must be undertaken using contingency plans to ensure that only authorized, tested, and approved versions of the programs are promoted to production status.
False
Corrective maintenance is conducted to improve the performance of an application.
False
Deliverables signify approval of the development process and the system being developed.
False
Dollar totals represent a summarization of any numeric data field within the input document or record.
False
Embezzlement is a fraud committed by two or more individuals or departments.
False
Spear phishing is a type of phishing attack that is sent to a wide variety of persons. The e-mail appears to be coming from an individual or organization that the recipient recognizes and from whom they normally receive e-mails.
False
Specific reports and other documentation, called process documents, must be produced periodically during systems development to make development personnel accountable for faithful execution of systems development tasks.
False
Systems design is a set of procedures performed to choose the software specifications and hardware resources for an information system.
False
Systems developed using structured systems design techniques are more costly over the life of the system because maintenance of such structured systems is problematic.
False
Systems maintenance is a set of procedures performed to complete the design contained in the approved systems design document and to test, install, and begin to use the new/revised information system.
False
The "three-way match" matches the invoice with the purchase order and disbursement voucher.
False
The Level 0 diagram of the AP/CD Process contains the two process bubbles depicting the two major logical steps in the process: Establish payable and Approve checks.
False
The Sarbanes-Oxley Act prohibits CPA firms from serving as system consultants.
False
The VP of finance usually has the cashier and the controller directly reporting to him (her).
False
The acceptance test is a user-directed test of the complete system in a test environment.
False
The accountant as an implementer can become involved with systems survey and needs analysis tasks.
False
The cash disbursements event data shows, in alphabetical order, the details of each cash payment made.
False
The cashier is responsible for processing vendor invoices, preparing payment vouchers, and recording purchase and disbursement transactions.
False
The cashier usually reports to the controller.
False
The design of interfaces involves how data from the existing system are mapped into the new system.
False
The document used to record merchandise receipts is called a purchasing report.
False
The duties of the cashier are segregated from the treasurer to protect the cash resource.
False
The information systems function is synonymous with the accounting function.
False
The inventory master data contains a record of each vendor that is approved for use by the organization.
False
The item number is the primary key for relational table for vendors.
False
The modular approach forces the users to learn the new system because they do not have the old system to fall back on.
False
The most common biometric devices perform retinal eye scans.
False
The most error-prone and inefficient steps in an operations or information process is master file updates.
False
The notification of an obligation to pay a vendor for merchandise that was ordered and received is known as a purchase order.
False
The operations run manual describes user procedures for an application and assists the user in preparing inputs and using outputs.
False
The policy of requiring an employee to alternate jobs periodically is known as forced vacations.
False
The purchase order triggers the make payment process.
False
The purchasing supervisor is responsible for receiving incoming goods, signing the bill of lading presented by the carrier, reporting the receipt of goods, and making prompt transfer of goods to the appropriate warehouse or department.
False
The purpose of systems selection is to develop specifications for a new or revised system.
False
The systems development life cycle (SDLC) methodology is an informal, ad-hoc, set of activities used to manage a systems development project.
False
The user manual gives detailed instructions to computer operators and to data control about a particular application.
False
The vendor invoice master data is a repository of all unpaid vendor invoices.
False
The vendor sends a confirmation to establish the payable.
False
The warehouse master data contains a record of each inventory item which is stocked in the warehouse and/or regularly ordered from a vendor.
False
The warehouse number is the primary key for the relational table for inventory.
False
Threat monitoring is a technique to protect one network from another "untrusted" network.
False
When it is time to make a payment, an approved voucher is sent to the accounts payable department.
False
When the data on the inventory record indicate a need to replenish the stock, the inventory system prepares a purchase order.
False
With preformatted screens a computer system asks the user for input or asks questions that the user must answer.
False
Which of the following personnel security control plans is corrective in nature as opposed to being a preventive or detective control plan?
Fidelity bonding
Which batch control total generally has no other purpose than control?
Hash total
Which of the following types of batch totals is likely to be most effective in ensuring the control goal of input accuracy?
Hash totals
The following is a jumbled list of the four steps in structured systems analysis that were presented in the text: I. Define the future logical system. II. Document the current logical system. III. Study the current physical system. IV. Design the future physical system. Which of the following is the logically correct sequence of steps?
III, II, I, IV
COBIT was developed by:
IT Governance Institute
This IT function's key control concern is that organization and IT strategic objectives are misaligned:
IT steering committee
Which role in the AIS Development/Acquisition process requires the accountant to be equally adept at dealing with people, accounting, and technology?
Implementer
Which of the following statements related to implementation approaches is false?
In very large implementations, such as enterprise systems, it is often best to take the parallel approach
For payment voucher input validity, which control plan uses records in the AP master data to give authorization to the cash disbursements computer program to make a payment?
Independent authorization to make payment
Personnel fringe benefits are an example of a(n) ____ cost.
Indirect
The control plan tickler file of payments due, is directed primarily at which of the following control goals?
Input completeness
The control plan independent validation of vendor invoice is directed primarily at which of the following control goals?
Input validity
Which of the following is a cost that cannot be reasonably quantified?
Intangible
Productivity losses caused by reduced employee morale are an example of a(n) ____ cost.
Intangible cost
This logs and monitors who is on or trying to access an organization's network.
Intrusion-detection systems (IDS)
Which of the following statements regarding the modular approach is false?
It is always a faster approach than parallel
A control in which two people key the same inputs into a system where they are compared is called:
Key verification
Which of the following control plans is designed to achieve the goal of input accuracy?
Key verification
____ can consist of many computers and related equipment connected together via a network.
LAN
Which of the following controls restrict access to programs, data, and documentation?
Library controls
Which of the following is a deliverable from the structured systems analysis step of systems development?
Logical specification
Which of the following process bubbles would you not expect to see in the Purchasing Process - Level 0 Diagram?
Make payment
Which of the following is a characteristic of external hardware sources?
Management and staff are provided
Which of the following compares manual calculations to computer calculations?
Mathematical accuracy check
Which of the following items is not a control plan of the purchasing process?
Minimizing inventory carrying costs
If a new payroll system is installed for the employees of plant 1 at time A, followed by plant 2 at time B, and finally plant 3 at time C, this is an example of the ____ approach to systems implementation.
Modular
In which role might the accountant help meet the organization's AIS needs by selecting the final system for purchase?
None of the above
Systems development life cycle adoption to ensure that comprehensive documentation is developed for each application.
Not a strategic planning process
Determine, by thoroughly testing the system with programmers, that the system satisfies the programmer's requirements.
Not a task of systems implementation
Before a completed input screen is recorded the data entry clerk is asked if the data should be accepted. This is which control plan?
Online prompting
Which of the following is a control plan that requests user input or asks questions that the user must answer?
Online prompting
Which of the following is not a programmed edit check?
Online prompting
Which development phase has the task of post-implementation review?
Operation
The ____ runs a subset of the system in the actual production environment.
Operations test
Which of the following is the assignment of an internal function to an outside vendor?
Outsourcing
In an entity-relationship (E-R) diagram for the purchasing process, you would expect that the word yield would appear in the diamond showing the relationship between:
PURCHASE_ORDERS and PURCHASE_RECEIPTS
In an entity-relationship (E-R) diagram for the purchasing process, you would expect that the word generate would appear in the diamond showing the relationship between:
PURCHASE_REQUISITIONS and PURCHASE_ORDERS
A building inspection shortly after completing the construction of an industrial park is analogous to the ____ step in the systems development process.
Post implementation review
Which of the following is a control plan that controls the entry of data by defining the acceptable format of each data field?
Preformatted screens
At the time that an AP/CD process makes payment for goods or services, the process generally follows which order.
Prepare proposed payments, select and record payments, issue and record disbursements
Which of the following documents would be matched with the vendor invoice to ensure that the purchase was authorized (i.e., to ensure input validity)?
Purchase order
At the time that a purchasing process places an order for goods or services, which of the following is typically updated?
Purchase order master data
The ____ is a compilation of open purchase orders and includes the status of each item on order.
Purchase order master data
Which of the following is not a cost element as part of the inventory carrying costs?
Purchase order preparation costs
The purchasing process is part of the ____ process for a merchandising firm.
Purchase-to-pay
Which of the following most likely would be "blinded" on a copy of the purchase order sent to the receiving department?
Quantities
Which of the following is not included in the SCOR model as one of the five basic components of supply chain management?
Receive
In the Purchasing Process - Level 0 Diagram, a data flow called "vendor packing slip" would most likely be sent by the vendor to which of the following processes?
Receive goods and services
The vendor packing slip triggers which process?
Receive goods and services
A clerk receives checks and customer receipts in the mail. He endorses the checks, fills out the deposit slip, and posts the checks to the cash receipts events data. The clerk is exercising which functions?
Recording and executing events
Which of the following is not a potential benefit of supply chain management?
Reduced customer orders
Which of the following process bubbles would you not expect to see in the logical DFD for an AP/CD process?
Requisition inventory
The purpose of ____ control goals is to ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse.
Security
Which of the following has the responsibility to ensure the security of all IT resources?
Security officer
Which of the following controls requires that documents be numbered sequentially or prenumbered before it can be implemented?
Sequence check
Which of the following is least likely to report (either directly or indirectly) to the vice president of finance?
Shipping department supervisor
Which of the following has the major duties of prioritizing and selecting IT projects and resources?
Steering committee
Helps to ensure delivery of goods and services to customers at the lowest costs while providing the highest value
Supply chain management
Which of the following is not a significant activity during the systems implementation phase?
Systems maintenance
As presented in this text, systems operation comprises two stepsnamely, ____ and ____.
Systems maintenance, post-implementation review
What factor has caused an escalation of check forgeries in recent years?
The availability of cheap color printers
Which of the following statements related to implementation approaches is true?
The direct approach is the riskiest of the three approaches
Which of the following ranks each alternative on its relative capability to satisfy the user's requirements (goals) for the system?
The effectiveness analysis
A retailer could misread a demand signal doubling its normal order, and the wholesaler could respond and also double its order resulting in four times the retail order. This is an example of the bullwhip effect.
True
A service bureau is a firm providing information processing services, including hardware and software, for a fee.
True
A tangible cost is one that can be reasonably quantified, such as software purchase and insurance.
True
Who usually authorizes a purchase requisition?
The supervisor of the requisitioning department
In an information systems organization, which of the following reporting relationships makes the least sense?
The systems development manager reports to the data center manager
Who usually authorizes a payment?
The treasurer
Which control is most likely to address the goal of input completeness?
Tickler file of open purchase orders and receiving reports
An organization might request bids for computer resources from only one vendor for all of the following reasons except:
To improve its bargaining position by maintaining a competitive section posture
A benchmark is a representative workload, processed on each vendor's proposed system configuration, to obtain comparative throughput measures.
True
A check digit is an extra digit that is added to the identification number of entities to help control the accuracy with which the number is entered into a computer system.
True
A control matrix is a tool that assists in evaluating the potential effectiveness of control goals in a particular business process.
True
A control plan in which a source document is designed to make it easier to prepare the document initially and later to input data from the document into a computer or other input device is called document design.
True
A count of the number of invoices being paid by all of the customer remittances is a type of batch control total called an item or line count.
True
A disbursement voucher is designed to reflect formal approval of the voucher for payment and to provide such added data as the account distribution and the amounts to be debited.
True
A fidelity bond indemnifies a company in case it suffers losses from defalcations committed by its employees.
True
A hash total is the general term to describe the summation of data that would not normally be totaled except for control purposes.
True
The AP/CD process is an interacting structure of people, equipment, activities, and controls that is designed to accomplish the handling of repetitive work routines of the AP department and the cashier, support their decision needs, and assist in the preparation of internal and external reports.
True
The IS function of quality assurance conducts reviews to ensure the attainment of IT objectives.
True
The IS function with the responsibility of guiding the IT organization in establishing and meeting user information requirements is the IT steering committee.
True
The analysis team conducts a cost/effectiveness study, which provides quantitative and certain qualitative information concerning each of the system alternatives.
True
The approved systems design document documents the system design and summarizes the implementation training and test plans.
True
The approved systems design document is used by programmers, the personnel department, and information systems personnel.
True
The business document that accompanies the purchased inventory from the vendor identifies the shipment and triggers the inventory receiving process is the vendor packing slip.
True
The cash disbursements process uses disbursement vouchers as inputs to update the accounts payable master data.
True
The connections from the suppliers of merchandise and raw materials through to an organization's customers, including the flow of information, materials, and services, are its supply chain.
True
The control plan called key verification is designed to reduce the possibility that data will be misread or miskeyed during data entry.
True
The cumulative sequence check provides input control in those situations in which the serial numbers are assigned within the organization but are not entered in perfect serial number sequence.
True
The direct approach is also known as the "big bang" or "cold turkey" approach.
True
The edit that compares calculations performed manually to those performed by the computer to determine if a document has been entered correctly is referred to as mathematical accuracy checks.
True
The electronic invoicing and payment (EIPP) system for the B2B environment is similar to the electronic bill presentment and payment (EBPP) system for the B2C environment.
True
The external auditor may perform an independent review to assess if and how internal controls have been impacted by the AIS development/acquisition.
True
The first analysis deliverable, the logical specification, is used in systems selection to choose the appropriate software to be acquired from external sources.
True
The function composed of people, procedures, and equipment and is typically called the information systems department, IS department, or the IT department is the information systems organization.
True
The functions of the security officer commonly include assigning passwords and working with human resources to ensure proper interview practices are conducted during the hiring process.
True
The internal auditor may review AIS development/acquisition projects to ensure that the process has been efficient and effective and that the acquisition team has followed the organization's standard procedures for systems development/acquisition.
True
The logical specification, physical requirements, and budget and schedule are all part of the systems analysis deliverable called an approved systems analysis document.
True
The modular approach is also referred to as the phased approach.
True
The post-implementation review is an examination of a working system, conducted soon after the system's implementation.
True
The primary tasks of systems operation are to conduct post-implementation review and perform systems maintenance.
True
The purchase order master data is a compilation of open POs and includes the status of each item on order.
True
The purchase receipts data is an event data store with each record reflecting a receipt of goods and services.
True
The purchase requisition is sent from the inventory control department to the purchasing department.
True
The purchasing manager usually performs major buying activities as well as the required administrative duties of running a department.
True
The purpose of AIS implementation is to begin using the new system.
True
The purpose of security controls is to ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse.
True
The removal of program errors is called debugging.
True
The second analysis deliverable, the physical requirements are used in systems selection to acquire computer equipment for the new system.
True
The system of controls used in this text consists of the control environment, pervasive control plans, IT general controls, and business process and application control plans.
True
The trigger for either a true voucher process or a nonvoucher process is a payment request.
True
The user, the programmer, and another member of the programming team do a walkthrough of the module specifications and the test plan to determine that the test plan is adequate; then the programmer codes the program.
True
The vendor invoice triggers the "establish payable" process.
True
In which role might the accountant be the person who initiates the AIS acquisition cycle, and is in a prime position to recognize deficiencies and incompatibilities related to the existing AIS?
User
A company using a centralized database approach to data management might not maintain a relational table for ACCOUNTS PAYABLE. Rather, accounts payable balances at any point in time could be computed as the difference between the relations for which of the following continuous events?
VALID_INVOICES and CASH_DISBURSEMENTS
In a database containing (among others) six relationsVENDORS, PURCHASE_REQUISITIONS, PURCHASE_ORDERS, PURCHASE_RECEIPTS, INVENTORY, and EMPLOYEESyou would expect that the attribute Vend_No (vendor number) would be the primary key in the ____ relation.
VENDORS
In an entity-relationship (E-R) diagram for the accounts payable/cash disbursements process, you would expect that the words sent to would appear in the diamond showing the relationship between:
VENDORS and CASH_DISBURSEMENTS
When the AP/CD process records a payable obligation, the data flow between "validate invoice" and "record payable" is?
Validated vendor invoice
Which document typically notifies the purchaser of his or her obligation to pay?
Vendor invoice
Which disbursement system most easily facilitates paying a number of invoices with a single check?
Voucher system
Which of the following is a control plan that takes the form of signatures or initials on a document to indicate that a person has authorized the event?
Written approval
Which of the following control plans is not directed primarily at the control goal of input accuracy?
Written approvals
The typical horizontal flows of information in an accounts payable/cash disbursements process might include all of the following except:
a copy of a receiving report is sent to the cashier
The typical information flows in a purchasing process might include all of the following except:
a copy of a receiving report is sent to the cashier
In a purchasing process, receiving goods, but not a vendor invoice, from a supplier typically results in an update to all of the following data stores except the:
accounts payable master data
The resources for which the AP/CD process wants to ensure security typically include all of the following except:
accounts receivable master data
The type of maintenance that is conducted to adjust applications for changing business needs and environmental challenges of an application is referred to as:
adaptive
The resources for which the purchasing process wants to ensure security for which of the following:
both a and b (purchase order master data and inventory)
Systems implementation is triggered by:
both a and b (the approved configuration plan and the approved system design document)
Inputting a range of numbers comprising a batch and then inputting each serially numbered document is characteristic of the control plan called:
batch sequence check
A representative workload, processed on a vendor's proposed system configuration, to obtain comparative throughput measures is called a(n):
benchmark
The columns in a control matrix contain headings listing the business process:
control goals
Having too many control plans directed at the same control goal is called:
control redundancy
The type of maintenance that is conducted to fix errors of an application is referred to as:
corrective
In a purchasing process, the receiving report may be accessed by all of the following except:
cashier
The AP/CD process handles the repetitive work routines of:
cashier
A control that can be used to reduce the likelihood of an error occurring when an account number is entered into a computer is:
check digit
Personnel development control plans consist of each of the following except:
checking employment references
Inventory carrying costs include all of the following except:
clerical cost of ordering goods
In the process of preparing a receiving report, the receiving department should perform all of the following tasks except:
compare the vendor's packing slip to a copy of the purchase requisition
When segregation of duties cannot be effectively implemented because the organization is too small, we may rely on a more intensive implementation of other control plans such as personnel control plans. This is called:
compensatory controls
Quality assurance function:
conducts reviews to determine adherence to IT standards
Not knowing whether input data has been accepted by the information system, the user enters the data again, resulting in duplicate event data. The control plan that helps to prevent this error is:
confirm input acceptance
A data replication strategy where all data changes are data stamped and saved to secondary systems as the changes are happening is called:
continuous data protection
Top security concerns reported by IT security professionals include all the following except:
data backup
The most error-prone and inefficient steps in an operations or information process is:
data entry
After the analysis team studies and documents the current physical system they should next:
define user requirements for the new/modified system
The systems selection tasks include all of the following except:
determine miscellaneous environmental needs
The process of evaluating the vendor proposals includes all of the following except:
determine to which vendors the RFPs will be sent
The primary reasons for performing regular employee performance reviews include all of the following except:
develop a strategy for filling necessary positions
A detailed vendor comparison would normally include all of the following except:
documentation volume
The WebTrust family of services offers best practices and e-business solutions related exclusively to B2B electronic commerce.
false
All of the following are components of a backup and recovery strategy except:
echo checking
The process of encoding data so that it may only be read by someone having a key is called:
encryption
All of the following would be tasks of post-implementation review except:
ensure a correct conversion by planning, controlling, and conducting an orderly installation of the new system
Digital signatures address all of the following control goals except:
ensure input completeness
A written approval in the form of a signature or initials on a document indicating that a person has authorized the event is directed primarily at achieving the control goal of:
ensure input validity
A sales representative enters the customer's account number and the system retrieves certain data about the customer from master data. This control plan addresses all of the control goals except:
ensure update completeness
Personnel termination control plans might include all of the following except:
establish a policy of forced vacations
A control report generated by a system that shows data about transactions that were accepted or rejected during a transaction processing step is called a(n):
exception and summary report
A warehouse clerk manually completing an order document and forwarding it to purchasing for approval is an example of:
executing events
An employee of a warehouse is responsible for taking a computer-generated shipping list, pulling the items from the warehouse shelves and placing them on a cart which is transferred to shipping when the list is completely filled. This is an example of:
executing events
A service bureau is more expensive than using an in-house computer.
false
A small organization that does not have enough personnel to adequately segregate duties must rely on alternative controls, commonly called resource controls.
false
A tickler file addresses the control goal of update accuracy.
false
Business continuity is the process of using backup measures to restore lost data and resume operations.
false
Data encryption is a process that codes data to make it readable to human eye.
false
In a logic bomb attack, a Web site is overwhelmed by an intentional onslaught of thousands of simultaneous messages, making it impossible for the attacked site to engage in its normal activities.
false
Independent validation of vendor invoices helps ensure that appropriate cash discounts are obtained.
false
Making program changes, correcting errors in the programs, and adding enhancements to the programs is called systems development.
false
The IS function with the principal responsibilities of ensuring the security of all IT resources is data control.
false
A control plan that is designed to detect a fraud by having one employee periodically do the job of another employee is called:
forced vacations
The purchasing manager is evaluated by his/her supervisors based on purchasing inventory at the lowest price. Consequently, the purchasing manager knowingly orders materials only based on price. This has resulted in the purchase of inferior quality materials. This improved the purchasing manager's performance evaluation, but had a negative impact on production due to an increase in scrapped materials. This situation is an example of a failure of:
goal congruence
A summation of customer account numbers taken from a batch of sales invoices would be classified as a:
hash total
In a typical, efficient AP/CD process, you would expect that "validating" a vendor invoice might include all of the following steps except:
having a copy of the invoice approved by the purchasing manager
Which of the following includes activities for the successful switch from the old to the new AIS?
implementation
A control plan that helps ensure the security of resources within the AP/CD process is:
independent authorization to make payment
Pervasive control plans:
influence the effectiveness of applications control plans
The department or function that develops and operates an organization's information systems is often called the:
information systems organization
The purpose of input control goals is to ensure:
input validity, input completeness, input accuracy
After defining the requirements for the new system, the current logical DFD should be modified to reflect the components of the future system. The development team may propose logical design alternatives for the future logical system that may involve derivatives of the following except:
internal entities
The use of IT resources for enterprise systems and e-business:
magnifies the importance of protecting the resources both within and outside of the organization from risks
A control plan to ensure input accuracy in payables processing is:
match invoice, purchase order, and receiving report
The AP application matches invoices, quantities, prices and terms when it performs the control plan:
match invoice, purchase order, and receiving report
In a control matrix, the coding M-1 means:
missing control plan
In a control matrix the coding P-1 means:
none of the above
A method of separating systems development and operations is to prevent programmers from:
operating the computer
Instructions for computer setup, required data, restart procedures, and error messages are typically contained in a(n):
operations run manual
Data flows of an AP/CD process normally might include all of the following except:
sales report
Searching through rubbish for system information such as passwords is called:
scavenging
A control that can ensure that receiving clerks are not influenced by quantity information while actually counting incoming goods is to:
send a "blind" copy of the purchase order to receiving
Specifications for availability, reliability, performance, capacity for growth, levels of user support, disaster recovery, security, minimal system functionality, and service charges are included in:
service-level requirements
The typical AP/CD process would capture and record data related to the day-to-day operations of all of the following departments except:
shipping
The typical purchasing process would capture and record data related to the day-to-day operations of all of the following except:
shipping
Following a systems development methodology during systems development:
should ensure that development efforts are efficient and consistently lead to information systems that meet organizational needs
The two primary steps in preparing the control matrix include:
specifying control goals, identifying recommended control plans
In an information systems organization structure, the three functions that might logically report directly to the CIO would be:
systems development, technical services, & data center
Making repairs and modifications to the system is known as:
systems maintenance
A key control concern is that certain people within an organization have easy access to applications programs and data files. The people are:
systems programmers
The system development step that immediately precedes the structured system design step is:
systems selection
Managing functional units such as networks, CAD/CAM and systems programming typically is a major duty of:
technical services manager
To write computer programs and interfaces, programmers use:
the approved systems design document
In structured systems analysis, the analysis preferably should start with analysis and documentation of:
the current physical system
Top 10 management concerns about IT's capability to support an organization's vision and strategy include all except the following:
the internet
In a voucher system, the data flow between the originating department and the process "prepare disbursement voucher" typically is:
the payment request
The final step in the in the implementation process is to write:
the project completion report
In a purchasing process, once requirements are determined and a vendor selected, the next step is:
the purchase order
A feasibility study is conducted to determine:
the scope of the problem
The disaster backup and recovery technique known as electronic vaulting is a service whereby data changes are automatically transmitted over the Internet on a continuous basis to an off-site server maintained by a third party.
true
When they are sent to a customer and returned with the payment, remittance advices are examples of:
turnaround documents
Application documentation that describes the application and contains instructions for preparing inputs and using outputs is a(n):
user manual
The physical requirements of a proposed system would include all of the following except:
user requirements
Determination of user requirements in the analysis step of systems development is more difficult in an e-business implementation because:
user requirements inside and outside the organization must be determined
In an AP/CD process "establish payable" would normally be triggered by:
vendor invoice
Outputs of a purchasing process normally might include all of the following except:
vendor invoice
The document one business sends to another business that identifies the amount to be paid is:
vendor invoice
Data about vendor compliance with the terms of the purchase order normally would be included in the:
vendor master data
Information for evaluating vendor performance normally would reside on the:
vendor master data
The purchasing processreceive goods and servicesnormally would be triggered by the data flow:
vendor packing slip
Purchase orders are sent to:
vendors
In an on-line computer system, restricting user access to programs and data files includes all of the following except:
wearing identification badges
The goal of validating vendor proposals is to determine:
which proposed systems meet the organization's requirements
As used in the text, the term services specifically refers to:
work performed by outside vendors
A control that is primarily directed at ensuring input validity is:
written approvals