Accounting Information Systems - C242
Which type of component is "Customer" in this diagram? A. A data destination B. A data store C. A data flow D. A process
A. A data destination
Match each function of an accounting information system with the type of improvement it provides. Answer options may be used more than once or not at all. A. A function that informs a supervisor when manufacturing production performance falls below standards B. A function that checks payroll entries for mistakes that would cause overpayment or underpayment of employees C. A function that provides up-to-the-minute information about inventory items that are low in stock
A. A function that informs a supervisor when manufacturing production performance falls below standards-Improves the effectiveness of the supply chain B. A function that checks payroll entries for mistakes that would cause overpayment or underpayment of employees-Improves the internal control structure C. A function that provides up-to-the-minute information about inventory items that are low in stock- Improves the quality and reduces the costs of products or services
Which preventive control is designed to stop an attacker from installing a hardware-based keystroke logging device on a computer? A. A physical access control B. A user access control C. A vulnerability scanner D. A network access control
A. A physical access control
Which two tools are project development and acquisition controls? Choose 2 answers A. A strategic master plan B. An information systems library C. A data control group D. System performance measurements
A. A strategic master plan D. System performance measurements
What are two traits of useful information? Choose 2 answers A. Accessibility B. Reliability C. Measurability D. Quantifiability
A. Accessibility B. Reliability
How does an audit trail work in an accounting information system? A. By capturing a transaction's path through the data processing system B. By reviewing the chart of accounts C. By recording large numbers of reoccurring transactions for a specific category D. By organizing data in the data storage process
A. By capturing a transaction's path through the data processing system
Which action is an example of a social engineering technique? A. Calling a newly hired assistant and pretending to be an employee who needs help obtaining files B. Creating "back doors" to obtain access in case the initial method of entry is blocked C. Identifying company computers that can be remotely accessed D. Finding and exploiting vulnerabilities in the software the company is running
A. Calling a newly hired assistant and pretending to be an employee who needs help obtaining files
Which control is applied to the payroll preparation step of the payroll cycle? A. Comparing hash totals of employee numbers B. Requiring managers to review and approve data that is entered on time cards C. Limiting access to the master database D. Using biometric authentication when employees clock in to and out of work
A. Comparing hash totals of employee numbers
How can information sharing between customers and suppliers contribute to information system failures? A. Customers and suppliers having access to each other's systems and data can lead to breaches in confidentiality. B. Accessing another company's system requires external access points, which are more vulnerable to attack than internal access points. C. Information sharing creates software compatibility issues, reducing the ability to implement security measures. D. Distributed computer networks between customers and suppliers rely on Internet connections, which are difficult to secure.
A. Customers and suppliers having access to each other's systems and data can lead to breaches in confidentiality.
What is the first step in the data processing cycle? A. Data input B. Data processing C. Data storage D. Information output
A. Data input
What does an attacker do when scanning and mapping a target information system? A. Identifies computers that can be remotely accessed B. Researches software vulnerabilities C. Conducts initial reconnaissance D. Executes the attack on the information system
A. Identifies computers that can be remotely accessed
Which action is a function of an enterprise resource planning (ERP) system? A. Integrating a company's business processes with a traditional accounting information system B. Eliminating the need to create interfaces between the accounting system and other systems C. Providing flexible software that is quickly and inexpensively adaptable to existing company processes D. Creating multiple databases so that data processing and storage can be distributed among them
A. Integrating a company's business processes with a traditional accounting information system
What is a benefit of a well-designed computer input screen? A. It reduces data entry errors and omissions. B. It results in well-designed data outputs. C. It ensures that data is in compatible formats. D. It makes program modules easy to read.
A. It reduces data entry errors and omissions.
Match each description to its corresponding framework. Answer options may be used more than once or not at all. A. It uses a three-dimensional model. B. It contains only five components. C. It consolidates control standards from 36 sources into a single framework.
A. It uses a three-dimensional model.-COSO's enterprise risk management framework B. It contains only five components.-COSO's internal control framework C. It consolidates control standards from 36 sources into a single framework.-COBIT framework
Which two security controls detect intrusions? Choose 2 answers A. Log analysis B. User access controls C. Patch management D. Security testing
A. Log analysis D. Security testing
When employees start working at a company, they are given a formal job description and a policy and procedures manual. The manual includes the company's vision statement and code of conduct and explains the expected business practices and procedures used at the company. The job description and manual communicate components of this company's internal environment. Which two components do they communicate? Choose 2 answers A. Methods of assigning authority and responsibility B. Banking relationship with the local credit union C. Commitment to integrity, ethical values, and competence D. Shipping policy for international shipments
A. Methods of assigning authority and responsibility C. Commitment to integrity, ethical values, and competence
Which tool is an example of a preventive information security control? A. Network access passwords B. Analysis of network system logs C. Security testing of network systems D. Patch management procedures
A. Network access passwords
Businesses must pay a variety of taxes. Match each item of information to the type of tax that requires it. Answer options may be used more than once or not at all. Sales tax or payroll Tax A. Point-of-purchase rate tables B. Total wage expense C. Total sales
A. Point-of-purchase rate tables-Sales tax B. Total wage expense-Payroll tax C. Total sales-Sales tax
Which task do information systems auditors perform when they audit transaction processing? A. Testing the accuracy of data edit routines B. Testing the disposition of source data input C. Discussing programming procedures with users D. Checking for unauthorized use of programs
A. Testing the accuracy of data edit routines
What are two advantages of purchasing or renting an accounting information system (AIS)? Choose 2 answers A. The company can test-drive the system. B. Software upgrades are automated. C. The company avoids spending time planning. D. It is easy to customize the system.
A. The company can test-drive the system. B. Software upgrades are automated.
What is one purpose of the COBIT framework? A. To provide assurance that data produced by an information system is reliable B. To provide the structure to define smart business practices C. To provide a wide range of controls for a company's business D. To provide management with the tools necessary to create efficient data processes
A. To provide assurance that data produced by an information system is reliable
Which two methods improve the accuracy and completeness of data that is entered into an accounting information system (AIS)? Choose 2 answers A. Using pull-down menus on the data input screen B. Using preprinted vendor forms to enter order quantities C. Using manually prepared source documents D. Using point-of-sale scanners to capture machine-readable data
A. Using pull-down menus on the data input screen D. Using point-of-sale scanners to capture machine-readable data
Which tool shows the flow of bills of lading and packing slips between the shipping department and the accounts receivable department? A. A data flow diagram B. A document flowchart C. A system flowchart D. A program flowchart
B. A document flowchart
Which type of accounting information system (AIS) output is a gross margin analysis by product line? A. A document B. A report C. A query D. An invoice
B. A report
Which two activities occur during the accounts receivable file updating process? Choose 2 answers A. Creating a record for a new customer B. Adding a transaction amount to a customer's account balance C. Comparing the customer's new balance to the customer's credit limit D. Deleting a record for an inactive customer
B. Adding a transaction amount to a customer's account balance C. Comparing the customer's new balance to the customer's credit limit
Which two steps are part of the human resources management (HRM)/payroll cycle? Choose 2 answers A. Determining workers' compensation insurance rates B. Adding new employees to the master database C. Calculating the income tax liability amount for each employee D. Recording rate changes for employees who have received raises
B. Adding new employees to the master database D. Recording rate changes for employees who have received raises
A patio furniture store uses its accounting information system to allow salespeople to check the inventory level of an item at the main warehouse. How does this functionality add value to the patio furniture store? A. By improving the quality of products B. By improving knowledge sharing C. By improving the internal control structure D. By improving strategic planning
B. By improving knowledge sharing
In which two ways does an accounting information system (AIS) safeguard assets? Choose 2 answers A. By preventing employees from using company devices to access the Internet B. By requiring a correct password to be entered to access the company network C. By restricting access to paper files, network servers, and other physical assets D. By providing tools to alert managers when an unauthorized user attempts to use assets
B. By requiring a correct password to be entered to access the company network D. By providing tools to alert managers when an unauthorized user attempts to use assets
How can an accounting information system be used for the value chain activity of operations? A. By providing accounting, legal, and general administrative functions B. By transforming inputs into final products or services C. By receiving, storing, and distributing materials used to create products D. By distributing finished products or services to customers
B. By transforming inputs into final products or services
Why is data in an Internet-based system sometimes not protected as well as data in a centralized computer system? A. Companies believe that Internet-based providers deliver equivalent security for the data in their systems. B. Companies fail to completely understand the control and protection implications of moving to an Internet-based system. C. Companies think that data in an Internet-based system is less vulnerable because the data is stored in multiple locations. D. Companies believe that Internet-based systems have a higher reliability history than centralized computer systems.
B. Companies fail to completely understand the control and protection implications of moving to an Internet-based system.
A database contains data that can be used by many authorized users. Which benefit of a database does this example describe? A. Data independence B. Data sharing C. Cross-functional analysis D. Minimal data redundancy
B. Data sharing
Which step in the data processing cycle relies on coding techniques, such as sequence codes and block codes, to organize data in ledgers? A. Data input B. Data storage C. Data processing D. Information output
B. Data storage
Which two types of functions do internal controls provide? Choose 2 answers A. Pervasive B. Detective C. Corrective D. Subjective
B. Detective C. Corrective
Which task is part of the selecting and training personnel step of implementing an accounting information system (AIS)? A. Determining installation steps and expected completion dates B. Experimenting with the new system in a controlled environment C. Performing a step-by-step review of procedures and program logic D. Processing test data to see whether the system performs as designed
B. Experimenting with the new system in a controlled environment
Which step does an attacker perform when conducting research for the purpose of penetrating an information system? A. Attempts to trick someone into granting the attacker access to the system B. Finds out the vulnerabilities of the software that the company is using C. Plants a Trojan horse program that enables the attacker to access the system D. Sends a spear phishing e-mail to someone who works at the company
B. Finds out the vulnerabilities of the software that the company is using
Which two recommendations are included in a post-implementation review report? Choose 2 answers A. Improvements to the physical design B. Improvements to the new system C. Improvements to processing flows D. Improvements to the development process
B. Improvements to the new system D. Improvements to the development process
Which type of processing integrity control includes using turnaround documents? A. Output controls B. Input controls C. Data controls D. Processing controls
B. Input controls
How is cross-functional analysis a database benefit? A. It allows multiple authorized users simultaneously to research a problem and obtain information. B. It allows data relationships to be defined so that management reports can be easily prepared. C. It allows data and programs to be independent so that one can be changed without changing the other. D. It allows a data item to be stored only once, reducing the incidence of inconsistent data.
B. It allows data relationships to be defined so that management reports can be easily prepared.
Which action does a company take during the customer order process in the revenue cycle? A. It keeps customer remittances secure. B. It checks and approves customer credit. C. It sends accurate and timely invoices. D. It packs items safely and securely.
B. It checks and approves customer credit.
What is the purpose of information rights management (IRM) software? A. It helps recover a system from a security breach. B. It controls access to sensitive data. C. It tests network security controls. D. It analyzes system logs for potential intrusions
B. It controls access to sensitive data.
Which component in this diagram is a data flow? A. Departments B. Payroll report C. Payroll processing system D. Management
B. Payroll report
A company's cash clearing account is debited for the gross value of the weekly accounts payable check run. The cash clearing account is then credited as each amount is allocated to the correct expense account. The cash clearing account should have a zero balance after both sets of entries have been made. Which type of IT control is employed in this scenario? A. Input control B. Processing control C. Output control D. Authorization control
B. Processing control
A company changes to a lean manufacturing process to minimize inventories in the manufacturing plant. Which activity of the production cycle will this impact the most? A. Product design B. Production operations C. Quality control D. Security management
B. Production operations
A company has a policy that all purchase orders $100,000 or greater be approved by the controller prior to being entered into the accounting system. Which category does this control procedure relate to? A. Independent checks on performance B. Proper authorization of transactions and activities C. Commitment to integrity, ethical values, and competence D. Change management controls
B. Proper authorization of transactions and activities
Which two issues do information systems auditors look for when they audit security provisions? Choose 2 answers A. Correct reconciliation of batch totals B. Proper procedures for assigning user IDs C. Efficient program development D. Effective use of data encryption
B. Proper procedures for assigning user IDs D. Effective use of data encryption
What are two objectives of cost accounting? Choose 2 answers A. Calculating the total cost when creating customer invoices B. Providing product data to be used for making pricing decisions C. Reconciling general ledger accounts for the close of the month D. Collecting information to calculate the cost of goods sold
B. Providing product data to be used for making pricing decisions D. Collecting information to calculate the cost of goods sold
Which three actions are part of the revenue cycle? Choose 3 answers A. Requesting that raw materials be purchased B. Receiving and answering customer inquires C. Recruiting sales order staff D. Approving credit sales of finished goods E. Initiating back orders for finished goods that are out of stock F. Updating accounts payable
B. Receiving and answering customer inquires D. Approving credit sales of finished goods E. Initiating back orders for finished goods that are out of stock
Which activity in the revenue cycle involves picking and packing a customer order? A. Sales order entry B. Shipping C. Billing D. Cash collections
B. Shipping
Who designs and implements procedures that prevent attackers from penetrating a company's accounting information system (AIS)? A. The internal audit team B. The chief information security officer C. The chief operating officer D. The computer incident response team
B. The chief information security officer
Which two guidelines result in a better coding system for storing data in an accounting information system (AIS)? Choose 2 answers A. The coding system should be created by non-accounting personnel. B. The coding system should be consistent with the company's organizational structure. C. The coding system should be created to conform to external reporting requirements. D. The coding system should take into consideration expected company growth.
B. The coding system should be consistent with the company's organizational structure. D. The coding system should take into consideration expected company growth.
What is the function of a corrective control? A. To ensure that an organization's information system is secure B. To remedy problems after they occur in an information system C. To identify problems after the data enters an information system D. To prevent problems before they arise in an information system
B. To remedy problems after they occur in an information system
What is identity theft? A. Knowingly mailing a solicitation to a company that is designed to look like an invoice B. Unauthorized use of someone's personal information for the perpetrator's benefit C. Knowingly denying someone benefits that they are owed and eligible for D. Unauthorized use of the trademarked name of a company or organization
B. Unauthorized use of someone's personal information for the perpetrator's benefit
Which action improves data accuracy during the data input process? A. Capturing system-generated sequence codes B. Using pre-numbered source data C. Beginning an audit trail D. Using coding techniques
B. Using pre-numbered source data
Which threat to the payroll process applies to the disbursement of payroll? A. Failure to make required tax payments B. Wages being issued to a fictitious employee C. Unauthorized changes to the payroll database D. Inaccurate time and attendance data
B. Wages being issued to a fictitious employee
What is the difference between a conceptual-level schema and an internal-level schema? A. A conceptual-level schema demonstrates how an individual understands and organizes data, and an internal-level schema is a group of subschemas. B. A conceptual-level schema is an individual user's view of the database, and an internal-level schema is how data is physically arranged in the database. C. A conceptual-level schema is a high-level view of the entire database, and an internal-level schema is a low-level, more detailed view of the database. D. A conceptual-level schema contains field security constraints, and an internal-level schema contains information about the structure of the database.
C. A conceptual-level schema is a high-level view of the entire database, and an internal-level schema is a low-level, more detailed view of the database.
What is the difference between a primary key and a foreign key in a database? A. A primary key lists authorized users of a table, whereas a foreign key indicates data stored in a logical view. B. A primary key identifies which row in a table is most important, whereas a foreign key is a substitute name for the field. C. A primary key uniquely identifies a specific row in a table, whereas a foreign key is a primary key in another table and is used to link the two tables. D. A primary key specifies the first row of a table, whereas a foreign key indicates the end of the table.
C. A primary key uniquely identifies a specific row in a table, whereas a foreign key is a primary key in another table and is used to link the two tables.
During which step in the expenditure cycle could an incorrect posting to accounts payable occur? A. Ordering materials B. Receiving materials C. Approving supplier invoices D. Generating purchase requisitions
C. Approving supplier invoices
Which activity in the expenditure cycle has the threat of discrepancies between the quoted price and the actual price charged? A. Ordering materials, supplies, and services B. Receiving materials, supplies, and services C. Approving supplier invoices D. Making cash disbursements
C. Approving supplier invoices
What are cost-effective controls? A. Controls that offer a risk reduction benefit without regard for cost B. Controls that provide a variable risk reduction benefit at a low cost C. Controls that offer a higher risk reduction benefit than the controls cost D. Controls that are implemented to determine risk at a moderate cost
C. Controls that offer a higher risk reduction benefit than the controls cost
Which threat applies to the human resources management (HRM)/payroll cycle? A. Updating the general ledger Inaccurately B. Losing revenues by under-billing clients C. Disclosing confidential salary information D. Using an incorrect operations list
C. Disclosing confidential salary information
Which tool is useful when analyzing internal control procedures? A. Data flow diagram B. Program flowchart C. Document flowchart D. System flowchart
C. Document flowchart
Which two tasks are part of the process of auditing computer-based information systems? Choose 2 answers A. Producing financial statements for shareholders B. Performing analytical reviews for management C. Evaluating evidence in a systematic manner D. Providing recommendations for improvement
C. Evaluating evidence in a systematic manner D. Providing recommendations for improvement
A company has a procedure that installs updates to all of its security programs and operating systems on a monthly basis. Which type of corrective control does this scenario describe? A. Intrusion detection system B. Physical access restriction C. Patch management D. Cloud computing
C. Patch management
Which tool is used to identify system vulnerabilities? A. Network access controls B. Employee training C. Security testing D. Patch management
C. Security testing
Why is system documentation created? A. To help the company decide which system to build B. To help the system function correctly after it is developed C. To help during transitions of information technology employees D. To help meet system hardware and software requirements
C. To help during transitions of information technology employees
Which activity is part of the human resources management (HRM)/payroll cycle? A. Administering the employee expense reimbursement process B. Documenting the job steps necessary to execute a wire transfer C. Tracking the job assignments of each employee at a company D. Transferring funds to the payroll account to meet payroll
C. Tracking the job assignments of each employee at a company
What is the process of data encryption? A.Transforming gibberish into plain text B. Transforming programing code into plain text C. Transforming plain text into gibberish D. Transforming plain text of any length into a short code
C. Transforming plain text into gibberish
What is an inherent risk? A. A risk that a company cannot anticipate B. A risk that remains after internal controls are instated C. A risk that a company has successfully avoided D. A risk that exists before internal controls are instated
D. A risk that exists before internal controls are instated
What is the formula to calculate expected loss? A. Risk x cost B. Risk x likelihood C. Impact x cost D. Impact x likelihood
D. Impact x likelihood
Which events are part of the revenue cycle? A. Hiring employees, preparing payroll, and paying taxes B. Purchasing raw materials, manufacturing products, and storing finished products C. Forecasting cash needs, borrowing money from lenders, and selling stock to investors D. Taking orders from customers, shipping finished goods, and depositing payments in the bank
D. Taking orders from customers, shipping finished goods, and depositing payments in the bank