AIS accounting Final Combined

84) An agreement or conspiracy among two or more people to commit fraud is known as A) embezzlement. B) misappropriation. C) collusion. D) misrepresentation.

C

B)

A software-based control procedure that checks for some errors as they are being input is called A) input verification. B) key verification. C) input control testing. D) transcription checking.

B)

A technology that is not typically used in a real-time sales system is A) bar coding. B) sequential file processing. C) a POS system. D) an EDI ordering system.

A)

A trailer record is an extension of a(n) A) master record. B) attribute. C) segment. D) transaction record.

84) Which of the following is not a specialized input/output symbol that represents a particular medium? A) The magnetic tape symbol B) The magnetic disk symbol C) The connector symbol D) The document symbol

C

85) Among the following pair of functions, which pair represents the most serious internal control weakness when the duties are performed by the same individual? A) Purchasing and verification of vendor invoices B) Check signing and cancellation of voucher documentation C) Cash disbursement and verification of vendor invoices D) Physical handling of incoming merchandise and preparation of receiving reports

C

89) A weakness in an information security system is A) a threat. B) computer sabotage. C) a vulnerability. D) a system fault.

C

D)

A widely used method of storing and locating records in a direct-access file is A) when a record's key field corresponds directly to the coding scheme used by the computer itself. B) to store physical device addresses as a field within a file's records. C) to convert a key to a storage location address using an index. D) to convert a key to a storage location address using a randomizing transformation.

A)

ACID A) ensures reliability of processing database transactions. B) makes sure development of databases is thorough. C) ensures a complete design is implemented. D) makes processing data extremely fast and reporting error free.

89) What documents typically accompany the physical shipment of goods to a customer? A) The picking list and purchase order B) Packing and picking lists C) The packing list and a bill of lading D) The sales order and an invoice

C

90) To maintain an adequate separation of duties, various functions within the customer order process should be independent of each other. An example of this is A) that billing does not have access to the accounts receivable ledger. B) that shipping only accepts goods from finished goods that are identified on an independently prepared packing list. C) Answers A and B are both correct. D) None of these answers is correct.

C

90) Which of the following would generally not be appropriate in preparing a document flowchart? A) Columnar headings B) Flowlines C) Process symbols D) Connector symbols

C

91) Service oriented architecture services are ________ software units of functionality. A) dependent B) intradependent C) independent D) multiple

C

91) Tracing of a program execution provides A) programmed edits for input data items. B) test data for subsequent processing. C) a detailed listing of the sequence of program statement execution. D) a comprehensive audit trail which can be reviewed by auditors after processing ends.

C

91) Which of the following occurs when a manufacturing facility uses statistical process control? A) A plan is developed to describe the routing of each production process. B) Production processes can be quickly reconfigured. C) Process outputs are compared to engineering specifications. D) A programmable device moves material, parts, tools, or specialized devices to perform tasks.

C

92) Total fraud costs are computed by adding A) costs of prevention and costs of investigations. B) costs of prevention, costs of investigations, and costs of detections. C) costs of prevention, costs of investigations, costs of detections, and costs of losses. D) costs of prevention, costs of investigations, costs of detections, costs of losses, and costs of reputations.

C

92) ________ refers to software that serves as a go-between for two applications, enabling communication between them that would otherwise be impossible. A) Interfacing B) Bridgeware C) Middleware D) None of the above enables communication between applications.

C

93) An intruder who intercepts legitimate information and replaces it with fraudulent information is known as a A) hacker. B) wiretapper. C) piggybacker. D) spy.

C

93) The decision analysis techniques that are similar because both are tabular representations of decision-making processes are A) work measurement and work distribution analysis. B) work distribution and decision tables. C) branching and decision tables. D) None of these answers are correct.

C

93) The three types of functions that normally should be segregated to promote internal control Are A) recording transactions, authorizing transactions, and approval B) authorizing transactions, approving transactions, and custody of assets. C) authorizing transactions, recording transactions, and custody of assets. D) authorizing transactions, inputting data, and outputting data.

C

95) Which of the following is a common benefit of UPC standardization? A) Paper invoices are no longer needed. B) Inventory levels are reduced. C) Cross-referencing of inventory codes is eliminated. D) Physical inventory counts are no longer needed.

C

96) Which of the following information system auditing technologies would be the best to monitor the execution of a computer program? A) Integrated test facility B) Parallel simulation C) Mapping D) Embedded audit routine

C

97) The focal point of the materials requirements planning system (MRP) is to A) manufacture inventory items on time. B) report the sequencing of all operations connected with production. C) produce the master production schedule. D) disclose all data related to product components.

C

98) In ERP, human resource object types are identified with a one or two letter identifier. The code for the object Employee is A) E. B) EE. C) P. D) W.

C

99) The flowchart which is most similar to a document flowchart is the A) IPO chart. B) DFD. C) analytic flowchart. D) HIPO chart.

C

99) The percentage of the time an application is unavailable for use is known as A) the bottleneck interval. B) cutoff points. C) downtime. D) the minimal resource allocation period.

C

C)

Alberta Products Company updates their accounts receivable master file each day. The EDP department uses the son-father-grandfather retention of master files. A computer operator accidentally destroyed the most recent accounts receivable master file by using the purchase transaction file to update it. The operator now has today's correct transaction file. How can the operator reconstruct the accounts receivable master file for the update? A) Process yesterday's son against today's transaction file. B) Process yesterday's grandfather against yesterday's transaction file. C) Process yesterday's father against yesterday's transaction file. D) Process yesterday's son against yesterday's transaction file.

A)

An analyst has identified a certain database as "indexed-sequential." This is an example of defining database architecture at the A) physical level. B) conceptual level. C) logical level. D) relational level.

C)

An electronic processing system can be used A) only in a batch environment. B) with real-time, on-line processing. C) in either a batch or real-time, on-line processing environment. D) in situations where documentation is not a priority.

A)

An indexed-sequential file contains A) an index, a prime area, and an overflow area. B) an index, a parent file, and a child file. C) an index, an access area, and a hierarchical file. D) an index, an overflow area, and a fully inverted file.

100) The international quality-management standard credited for promoting the process management approach is the A) Six Sigma. B) ISA-95. C) ISO 9001. D) ISA-Y2K.

C

100) The most important personnel policy and practice regarding information systems security is that A) there should be adequate supervision of personnel at all times. B) employees should be required to rotate jobs. C) the duties of computer users and computer systems personnel should be segregated. D) employees should be required to take vacations.

C

101) At the first level of structured systems analysis, documentation begins with A) matrix analysis. B) an analytic flowchart. C) a logical flow diagram. D) functional analysis.

C

101) In law enforcement circles, surreptitious observation is called A) clandestine observation. B) invigilation. C) surveillance. D) all of the above

C

101) The identification and analysis of differences between the values contained in two substantially identical files or between a detail file and a control file is A) validity checking. B) verification. C) reconciliation. D) clearing.

C

101) Which tools would an auditor engaged in examining an information system use in conducting the audit? A) Internal control questionnaires B) Compliance and specific transaction tests C) Internal control questionnaires and compliance and specific transaction tests D) None of these answers is correct.

C

102) ________ systems integrate all the major accounting functions, as well as the Web store, into a single software system. A) Open enterprise planning B) Application server planning C) Enterprise resource planning D) Zachman enterprise planning

C

103) Which of the following outputs from the cost accounting program is used in the next cycle of production planning and scheduling? A) Resource usage file B) Production order file C) Production status file D) Summary report

C

103) Which of the following statements best describes the business architecture's relation to other architectures? A) The business architecture supports all the other architectures. B) The data and technology architectures determine business architectures. C) The business architectures determine the data and technology architectures. D) None of the above correctly describe the stated relationship.

C

104) Groups of organizations working together to create new products, new process methods, and/or human capital intelligence is referred to as a(n) A) ERP. B) e-commerce. C) collaborative commerce. D) application consortium.

C

105) A decision table format generally uses a(n) A) &;OR&; premise. B) &t;SOME-MANY; premise. C) &t;IF-THEN; premise. D) &t;ALL-NONE; premise.

C

105) When conducting structured systems analysis of a particular system, defining the processing logic A) should always be done using structured English. B) is the same thing as writing actual program code. C) may be done with decision trees or decision diagrams. D) is useful only to technical systems personnel.

C

106) In traditional accounting methods, predetermined overhead rates are based on A) machine hours. B) utilities consumed. C) direct labor hours or direct labor costs. D) depreciable lives of machinery and equipment.

C

107) Certain turnkey software packages can sometimes meet the specific needs of an individual situation with minimal design work. Which of the following companies would least likely be able to use a turnkey system? A) A doctor office B) An attorney C) A petroleum refining company D) A construction company

C

107) Form 941 is filed to report federal income and social security taxes withheld from employees. It is filed A) weekly. B) monthly. C) quarterly. D) annually.

C

107) How many written confessions should be prepared if the suspect has committed five Crimes? A) One B) Three C) Five D) It depends on the crime committed.

C

109) An Internet merchant captured all of the cookies present on Rons personal computer at his Home A) because Rons bank required it. B) the merchant wanted to speed its transaction with Ron. C) the merchant wanted to know all of the other sites visited by Ron. D) because the merchants bank required it.

C

111) The principle behind the "sandwich rule" states that A) flowcharts should leave as little white space as possible on each page to minimize waste. B) annotations should be placed between each key input and output symbol. C) every process symbol should be placed between an input and output symbol. D) flowcharts should use as many different types of symbols as possible to thoroughly document basic I/O functions.

C

112) Auditing standard No. 5 describes a ________ approach to selecting controls to be tested. A) hybrid B) bottom-up C) top-down D) This standard does not discuss the selection of controls to be tested.

C

113) Which of the following is an example of revenue cycle fraud? A) Earnings management B) Writing off large depreciable or amortizable assets C) Pocketing cash but not recording its collection D) all of the above

C

115) A typical project collaboration platform is a ___ application in which all the project participants are able to access and create/review a project organization, specification, milestones, checklists, tasks, shared document, work-time logs and software code. A) Perl 2.0 B) Ruby 2.0 C) Web 2.0 D) PHP 2.0

C

115) The design criterion concerned with avoiding the collection and maintenance of the same data items in more than one place in the organization is A) uniformity. B) flexibility. C) integration. D) standardization.

C

116) In the project development environment, providing a structured environment in which to develop a software is the A) project collaboration platform. B) software versioning system. C) software application framework. D) integrated development environment.

C

119) The two categories of diagrams under the UML version 2.4 include ________ diagrams. A) structure and iteration B) behavior and iteration C) structure and behavior D) form and interaction

C

123) The Clearing House Automated Payment System is also known as A) FedWire. B) CHIPS. C) CHAPS.D) EFT.

C

126) A flying-start site A) is the most commonly adopted option for companies with disaster recovery plans. B) usually cannot be made operational within 24 hours. C) involves mirroring of transactions at the primary site, followed by transmission of data to the backup site. D) is arranged through a service bureau.

C

126) Hackers can hide their real IP addresses by using A) LAN IP. B) WAN IP. C) proxy server chains. D) ISP IP.

C

138) The ISO series number that defines a code of best practices for ISMSs is A) 27000. B) 27001. C) 27002. D) 27003.

C

138) Which of the following is not a merchant benefit of Web commerce? A) Cost savings through automated ordering B) Worldwide availability of the company's products C) No waiting in line for a salesperson or to obtain product information D) Low overhead

C

139) Data related to objects are called A) items. B) methods.C) attributes. D) characteristics.

C

A)

Automatic identification of products is greatly enhanced by A) using UPC as a base. B) employing JIT processing. C) manually prepared price tags affixed by receiving personnel upon delivery. D) transaction tagging using each manufacturer's unique inventory control numbers.

100) The first step in preparing a flowchart is to A) select the symbols to be used. B) analyze the system. C) sketch a rough draft of the system. D) consult the work papers from previous audits.

B

151) An organization's internal control process consists of how many elements? A) Six B) Four C) Five D) Seven

C

154) Adware is a type of A) virus. B) logic bomb. C) spyware. D) Trojan horse.

C

58) In the materials planning system, purchase requisitions can A) only be prepared electronically. B) only be prepared manually. C) be prepared either manually or electronically. D) Purchase requisitions are not part of the materials planning system.

C

60) A production system in which parts are produced only as they are required in a subsequent operation is known as A) periodic production. B) green production. C) lean production. D) push production.

C

62) A client is A) a robot-type program that runs on a computer and exchanges information with users. B) another name for a proxy server. C) a user program that accesses and exchanges information with servers. D) a program that holds incoming electronic mail.

C

62) An interim audit A) consists only of substantive testing of account balances. B) has the objective of verifying financial statement figures to render a professional opinion of the financial statements. C) has the objective of establishing the degree to which the internal control system can be relied upon. D) None of these answers is correct.

C

63) In an analytic flowchart, the symbol which could be used to indicate unclaimed payroll checks is the A) connector symbol. B) terminal symbol. C) document symbol. D) process symbol.

C

64) A document which identifies a vendor and confirms the quantity and price of goods identified in it is called a(n) A) purchase requisition. B) outline agreement. C) purchase order. D) scheduling agreement.

C

65) External auditors typically conduct compliance testing because A) the main goal of a financial statement audit is to ensure that internal controls are operating effectively. B) compliance tests yield more reliable evidence than substantive tests. C) compliance tests determine how much reliance can be placed on the internal controls in substantive tests. D) compliance testing can be conducted solely by the internal auditors.

C

65) The second major step in systems implementation is A) review the systems design. B) establish plans and controls. C) execute activities. D) evaluate the new system.

C

65) Which of the items below would not be considered a possible common exposure for a corporation? A) Excessive prices are paid for goods for use in the organization. B) The corporation never was billed for a sale of merchandise shipped to a customer. C) A flash flood destroys the merchandise contained in a warehouse. D) Certain equipment was accidentally misplaced and not depreciated.

C

66) In an analytic flowchart, the symbol which could be used to indicate unclaimed payroll checks is the A) connector symbol. B) terminal symbol. C) document symbol. D) process symbol.

C

67) A document sent to an outside firm to inform them of product prices, availability, and delivery information is known as a(n) A) inquiry. B) blanket order. C) quotation. D) sales order.

C

67) A plaintext message can be changed into a ciphertext message by using A) a password. B) a digital key. C) Answers A and B are both correct. D) Neither answer A nor B is correct.

C

100) Working with numbers in accounts and following them backward to the source document is known as A) tracing. B) vouching. C) rediscovery. D) approximation.

B

101) How many general guidelines should be followed when preparing a flowchart? A) Three B) Five C) Seven D) Four

B

101) In a production planning system, the production loading file is an input to which of the following? A) Production planning program B) Production scheduling application C) Cost accounting program D) Inventory update program

B

101) The department responsible for the actual computation and preparation of payroll is the A) accounts payable department. B) payroll department. C) personnel department. D) production department (for factory workers).

B

101) Which systems permit the reprogramming of computers to produce entirely different products in the same manufacturing facility with the same equipment? A) MRP and MRP II B) CIMs and FMSs C) ESs and FMSs D) ERPs and MRPs

B

102) A turnaround document that is used to enhance internal control and promote the accuracy of incoming cash receipts is the A) journal voucher. B) remittance advice. C) bank deposit slip. D) remittance list.

B

102) The identification of unprocessed or retained items in files according to their date, usually the transaction date, is A) clearing. B) aging. C) periodic auditing. D) summary processing.

B

103) After the informational questioning, which type of questions will the interviewer ask the suspect as a means to assess his or her honesty? A) Concluding questions B) Assessment questions C) Admission seeking questions D) None of these answers are correct.

B

103) Modifications to the system may be necessary as environmental conditions and information needs change. A systems modification that has been completed should always be A) approved by the organization steering committee. B) carefully documented. C) low on the system development priority list since new system requests take priority. D) paid for by the user group who made the initial request.

B

104) A special language describing processing logic that uses key words such as IF, THEN, ELSE IF, and SO is called A) Warnier-Orr English. B) structured English. C) analytic flowchart notation. D) structured assembler.

B

105) An audit committee A) is composed only of an organizations shareholders. B) should be primarily composed of only external board members (a NYSE requirement). C) ideally should be composed only of members who are also high-level executives in the organization. D) ideally should report directly to the controller.

B

106) Disk shadowing is an example of a fault tolerance applied at what level? A) Network communications B) DASD C) Transaction D) CPU processor

B

106) IT governance has the objective of enhancing and ensuring the efficient application of IT resources A) to ensure success in the development of systems and processes. B) as a critical success factor. C) to gain a competitive advantage. D) as a major component to IT security.

B

106) Various payroll forms and reports must be submitted to federal and state entities by certain deadlines. The federal form which is not due on or before January 31 of each year is the A) Form W-2. B) Form W-3. C) Form 941. D) Form 1099-MISC.

B

108) The high-level executive who supervises accounting functions such as budgeting, billing, and payroll is known as the A) treasurer. B) controller. C) chief information officer. D) chief internal auditor.

B

109) Sarbanes-Oxley Act of 2002 requires companies maintain an adequate ________ structure over the business processes that support financial reporting. A) risk assessment B) internal control C) assurance assessment D) reliability process

B

110) In the preparation of design specifications, which of the following activities is undertaken after all of the others have been completed? A) Database design B) Specifying inputs C) Specifying processing steps D) Designing management reports

B

111) __ models are used to evaluate an organization relative level of achievement of IT governance and shows what has to be done to improve. A) RBA B) Maturity C) Visibility D) Navigation

B

112) Connector symbols may be used in place of A) comment symbols. B) long flowlines. C) data flow symbols. D) communications links.

B

112) Which of the following is a common consequence of implementing JIT in an MRP II/CIM environment? A) Increase in setup costs B) Reduction in the size of each production lot C) Longer lead time needed to schedule production D) Increase in buffer stocks of raw materials

B

113) The best general security procedure is A) to use advanced information security system software. B) for system administrators to enforce system security policies that already exist. C) to isolate computer facilities from the rest of the company. D) to eliminate access privileges to all remote users.

B

113) __ is for individuals who manage, design, oversee, and assess an enterprise information security program. A) CISA B) CISM C) CGEIT D) COBIT

B

114) In a quick response manufacturing system, internal controls A) should be established after the information system is designed and tested. B) must be included within the design and development of the system. C) should be based on existing manual controls. D) can be excluded in such a system because there is so little human intervention in processing transactions.

B

114) Which of the following is not an objective of internal control as a process? A) Reliability of financial reporting B) Accuracy of accounting information C) Compliance with applicable laws and regulations D) Effectiveness and efficiency of operations

B

116) UML is a(n) ________ standard. A) United States B) international C) ANSI D) AICPA

B

117) Probably the most difficult design consideration in designing the data input system is A) uniformity. B) accuracy. C) integration. D) organization.

B

117) The first step in managing disaster risk is A) to obtain business interruption insurance. B) disaster prevention. C) contingency planning. D) to analyze and list recovery priorities.

B

118) Which of the following causes of disasters occurs less than any other cause? A) Natural disasters B) Human errors C) Deliberate actions D) Passive threats

B

120) A file-related matrix reveals that a file data item A is used in six different reports, while data item B in the same file is not used in any report. The systems designer should consider A) using both data items A and B. B) deleting data item B and using only data item A. C) using neither data item A nor B. D) deleting data item A and using only data item B.

B

120) A graphical representation focusing on the sequence of activities in a business process is a(n) A) analytical flowchart. B) business process diagram. C) process flowchart. D) data flow diagram.

B

120) Which of the following is not a consumer benefit of Web commerce? A) There is no waiting for a salesperson or product information. B) There is automatic electronic encoding of transaction data. C) Web-based transactions are encrypted providing security. D) Intelligent Web based software can provide answers to complicated questions.

B

121) Integrated Development Environment (IDE) is a software platform A) for storing old versions of code and communication software. B) for writing program code and providing specialized tools for testing and debugging programs. C) for Web servers identified for program planning and analysis. D) All of the above are examples of what an IDE will do.

B

122) A company should decide whether to develop software independently or purchase software A) when preparing the detailed design proposal. B) at the end of systems analysis. C) at the end of systems planning. D) when preparing design specifications.

B

122) Content analysis involves the process of A) comparing the content of computer files in order to determine any differences between them. B) determining the content of files and electronic communications. C) locating and extracting data of interest from computer-storage devices. D) converting data from one format to another.

B

122) Which of the statements below is false regarding extensible business reporting language (XBRL)? A) Many experts feel that XBRL will replace EDI. B) XBRL is in effect a narrower standard than the ANSI X.12 standard for EDI. C) The SEC allows use of the XBRL format. D) XBRL facilitates the exchange of business documents over the Internet.

B

123) One recovery strategy in the event of a disaster is an alternative processing arrangement using a backup site. A site which contains the wiring for computers and also having the equipment is a A) cold site. B) hot site. C) flying-start site. D) service bureau.

B

123) Which of the following is not an advantage of using purchased or canned software packages? A) They are less expensive. B) They seldom meet all of a company needs precisely. C) They are already debugged. D) The company can test drive; the product before making a substantial investment.

B

127) At the conclusion of an investigation, the investigator prepares a report that would typically Contain A) concluding comments indicating a suspect;s guilt. B) the scope and objectives of the investigation. C) privileged attorney-client comments. D) all of the above

B

128) An important quick response technology used to track objects using radio signals is called A) sonic tagging. B) radio frequency identification. C) object frequency tagging. D) frequency waves identification.

B

129) The more complicated, unfamiliar, or innovative business and information environments become, the more it becomes necessary to A) plan and analyze upfront. B) use an iterative design approach. C) employee a project manager. D) use the waterfall method correctly.

B

130) To detect unauthorized direct changes to master files, the auditor traces these changes back to the underlying A) transaction files. B) source documents. C) hypothetical transactions. D) control account balances.

B

133) The exchange of business documents such as purchase orders and invoices in an electronic format between the computers of separate organizations is known as A) e-mail. B) electronic data interchange. C) computer-integrated information system. D) electronic document exchange.

B

135) The phase of the Rational Unified Process where the project is documented in detail using UML and prototypes is the __ phase. A) inception B) elaboration C) construction D) transition

B

136) The information security management system life cycle includes analysis, design, implementation, and A) operation, evaluation, and management. B) operation, evaluation, and control. C) operation, management, and continuity. D) operation, control, and continuity.

B

139) A company known for its use of blueprints in systems design for clients is A) SAM. B) SAP. C) SAS. D) SAR.

B

139) The ISO series numbers that define implementation, measuring performance, and risk management for ISMSs include A) 27000-27002. B) 27003-27005. C) 27006-27008. D) 27001-27008.

B

140) The things objects do are called A) items. B) methods. C) attributes. D) characteristics.

B

71) Privacy is a major issue in electronic transactions. Therefore, the Internet should not be used If A) a bank uses a different digital signature for each denomination of currency. B) digital signatures need to be issued for coins used in electronic transactions. C) the IP address of one of the parties to a transaction needs to remain fully confidential. D) All of these answers are correct.

C

74) In the SAP ERP system, all of the different master records are created when the A) payee customer record is created. B) ship-to- customer record is created. C) sold-to- customer record is created. D) bill-to- customer record is created.

C

142) When a management report is discretionary rather than mandatory, the primary consideration should be A) that there are benefits to be obtained by producing the report. B) that the benefits obtained by producing the report exceed the cost of its production. C) to minimize the cost of producing the report while maintaining minimum standards of usefulness. D) to minimize the cost of producing the report while maintaining minimum standards of reliability and accuracy.

B

144) Internal users of reports from a company's information system might include all of the following except its A) chief executive officer. B) stockholders. C) payroll department. D) lower-level managers.

B

144) The approach of MDA is to A) develop a model and then use iteration so programmers can develop a prototype. B) develop a model and then transform the model into computer software. C) develop methods that can then be organized into object classes. D) develop methods that can then be modeled into computer software.

B

145) An example of a transformation language that can be used with MDA is ________. A) OMG B) QVT C) UML D) OO

B

148) Input ________ is an example of a system attack method. A) vector B) manipulation C) hacking D) buffer

B

59) Which of the following is a common approach used to describe services and the SOAP protocol for communication between services? A) SOA B) WSDL C) ESB D) HTML

B

61) Radio-frequency identification is an automatic identification technology that uses A) high frequency radio waves to send and receive data between RFID tags and readers. B) low power radio waves to send and receive data between RFID tags and readers. C) bar codes to eliminate the need for direct line of sight to the RFID tags. D) radio waves to send and receive data between bar coded tags.

B

63) One type of server which acts as an electronic post office is called a A) file server B) mail server C) Web server D) commerce server

B

68) If Company A wants to send Company B a secure message, Company A will use Companys public key to encrypt the message. Company B must then A) use Company A's public key to decrypt the message. B) use its private key to decrypt the message. C) use Company As private key to decrypt the message. D) use its public key to decrypt the message.

B

68) The execution of the systems implementation should begin with A) conversion. B) a formal announcement to employees. C) employee training. D) programming.

B

69) Several factors are integrated when determining what products should be manufactured. The factor which is predominantly driven by influences external to the production business process is A) product requirements. B) demand for the product. C) production resources available to the firm. D) Answers A and C are correct.

B

70) Which statement below regarding keys is false? A) Each user should create his or her own public and private keys. B) Using a central office authority to create and distribute keys is highly recommended. C) The longer the life of the key, the more security that must be applied to protect it. D) Sensitive keys should be themselves protected by passwords.

B

71) The source for the item and quantity information shown on a materials requisition is the A) bill of lading. B) bill of materials. C) inventory status report. D) factor availability report.

B

71) Vendor payment is typically made A) when an authorized order is placed. B) once an invoice is posted. C) when a goods receipt document is prepared. D) when a purchase requisition has been approved.

B

72) In the billing stage of the customer order business management process, the ERP uses much of the data from a customers sales order to create the A) goods issued notice. B) invoice. C) delivery. D) packing list.

B

72) In the preparation of a logical data flow diagram for a payroll system, which of the following symbols could be used to indicate the payroll data? A) Magnetic disk symbol B) Data store symbol C) Terminator symbol D) Input/output symbol

B

72) The technique that permits a bank to issue digital cash so that it is unable to link the payer to the payee is called A) laundering money. B) using a blinded digital signature. C) using a generic digital signature. D) digitized recycling.

B

73) The document used by the cost accounting function to establish a WIP record for each job is the A) sales forecast. B) production order. C) materials requisition. D) job time card.

B

74) An internal auditor wants to flowchart a file of (hardcopy) purchase orders. Which of the following would be the best symbol to use for the file? A) The on-line storage symbol B) The off-line storage symbol C) The terminal symbol D) The auxiliary operation symbol

B

74) One of the most important parts of systems implementation that is often overlooked or minimized is A) testing. B) documentation. C) data conversion. D) evaluation.

B

76) The specific component of ERP which allows a user to check goods movement and manage inventory stocks is the A) materials management module. B) inventory management module. C) vendor master record. D) material master record.

B

77) Calculation of the reorder point requires knowledge of A) the economic order quantity multiplied by the average usage rate. B) the time from the issuance of a purchase order until the order is received. C) the average time from the issuance of a purchase order until the economic order quantity occurs. D) the minimum inventory usage rate.

B

77) In the SAP ERP system, the create customer screen, which is used to input statistical and demographic data, is A) control data. B) marketing. C) unloading points. D) initial.

B

77) The formal communications patterns within an organization can be communicated using A) a specific, precise management philosophy. B) an organizational chart. C) a cultural audit. D) an ethical code of conduct.

B

79) In a logical data flow diagram for a payroll system, the employees would best be represented by which of the following symbols? A) The process symbol B) The terminator symbol C) The data store symbol D) The data flow symbol

B

80) Which of the following should be developed when the related application system is developed? A) Test data approach B) Integrated test facility C) Parallel simulation approach D) Artificial intelligence software

B

81) The Weapons Testing Laboratory is implementing a new computer system. It desires to use the safest final system testing approach. It should choose A) the direct approach. B) parallel operation. C) the cutoff approach. D) modular conversion.

B

81) Which of the following is not a goal of developing an overall systems plan and strategy? A) Duplication and wasted effort will be minimized. B) The systems analysis phase will be minimized in favor of design and implementation when budget constraints are present. C) Systems development in the organization will be consistent with the overall strategic plan of the organization. D) Resources will be targeted to the subsystems where the needs are greatest.

B

82) Enterprise architecture involves ________ enterprise architectural domains. A) 3 B) 4 C) 5 D) EA does not involve architectural domains.

B

82) Which of the following is not one of the basic symbols used in analytic flowcharting? A) Input/output B) Manual input C) Flowline D) Annotation

B

82) Which of the following objectives in a property accounting application system relates to the process of periodic comparison of physical assets with the accounting records? A) Provide for appropriate depreciation and/or amortization calculations B) Maintain adequate records that identify assets with description, cost, and physical location C) Provide for reevaluation for insurance and replacement cost purposes D) Provide management with reports for planning and controlling individual asset items

B

83) Which of the following planning activities is performed after the other activities? A) Deciding that all system changes must be completed within five years B) Naming the individuals to the systems analysis and design team C) Appointing a steering committee D) Deciding that a reliable file backup system is more important than new factory workstations

B

84) The best way to prevent improper buyer-vendor relationships is to A) separate the purchasing and receiving functions. B) have formal written policies and procedures over procurement. C) have cash disbursements report to the treasurer. D) permit only purchasing supervisors to select vendors.

B

84) Which input field listed below is not mandatory when creating a sales order in the initial screen of the SAP ERP system? A) Sales organization field B) Sales group C) Distribution channel field D) Division code field

B

84) Which of the following is correct regarding the ACL audit software package? A) ACL can only be used in a mainframe environment. B) ACL enables the field auditor to connect a PC to a client accounting system. C) ACL is used primarily for administrative audit activities. D) Most client files must be converted to the ACL language format before processing.

B

85) A system development project leader's direct responsibility regarding a project is to A) the user department. B) the steering committee. C) the information systems department. D) the department of which the leader is a member.

B

85) An analytical technique commonly used to analyze and examine an internal control process is known as a(n) A) control flowchart. B) internal control questionnaire. C) exposure checklist. D) segregation of duties.

B

88) An extremely risk-seeking perpetrator A) will offer his or her services to the highest bidder. B) will take very large risks for a small reward. C) is almost always a terminated employee of the organization he or she attacks. D) will take small risks for small rewards.

B

89) Managements philosophy and operating style are part of which component of internal control? A) Control activities B) Control environment C) Information and communication D) Monitoring

B

90) Information security is an international problem. Which countries below have set criminal penalties of up to 10 years for fraudulent use of computer services or the intentional changing of a data processing record with the intent of enrichment? A) Canada and Finland B) Switzerland and Canada C) Denmark and Finland D) France and Germany

B

91) A type of resource utilization technique which is used to rationally assign work activities to particular individuals, departments, or other entities is A) work measurement B) work distribution analysis. C) branching table. D) decision table.

B

91) Which of the following is not a common transaction processing cycle found in business organizations? A) Expenditure cycle B) Accounting cycle C) Production cycle D) Revenue cycle

B

92) Any bottlenecks in a company current operations would most likely be discovered A) when the technical specifications of a system are being decided. B) when the information obtained during the system survey is analyzed. C) during the document review. D) None of these answers is correct.

B

92) Probably the oldest (and still widely used) information systems auditing technique is A) test data. B) review of systems documentation. C) generalized audit software. D) ACL.

B

92) The primary objective of a voucher system is to A) sign checks. B) review cash payments. C) record liabilities. D) reconcile the vendor subsidiary ledger to the control account.

B

74) The Materials Management module of ERP maintains vendor master data. Users in different departments can update these records as necessary. There are several categories of information maintained in vendor master records. Which category of data below is not maintained in the vendor master records? A) General data such as name, address, and telephone B) Purchasing data such as quotations, invoice verification, or inventory control C) Object data such as an organization accounting unit D) Company code (accounting data) defines agreed payment terms and sub-ledger reconciliation account number

C

74) The first (and oldest) technique used to audit through the computer is A) the integrated test facility. B) parallel simulation. C) the test data approach. D) generalized audit procedures.

C

100) A repetition of processing and an accompanying comparison of individual results for equality is called A) redundant processing. B) matching C) run-to- run comparison. D) readback.

A

101) What standard, developed by credit card companies, represents a security framework based on numerous control objectives? A) Payment card industry data security standard B) Credit card security interface standard C) Credit card settlement security payment standard D) Electronic bill payment security standard

A

102) A complete systems solution involving one software package and one database is referred to as A) ERP. B) MRP. C) SCM. D) DSS.

A

102) A flowchart differs from a logical flow diagram because it A) provides a physical description of the system. B) provides a logical description of the system. C) does not specify certain input/output devices D) does not specify certain storage devices.

A

102) Calibration is the process of carefully observing a suspects behavior A) during introductory questioning. B) throughout the entire questioning. C) after questioning. D) all of the above

A

102) The goal of work measurement is to create a benchmark or yardstick to use in measuring the efficiency of an operation. The first step taken in work measurement is to A) identify the tasks. B) analyze requirements C) examine IPO and HIPO documentation. D) obtain time estimates for performing the tasks.

A

103) Research indicates that the most frequent type of fraud is A) misappropriation of funds. B) check forgery. C) false invoices. D) credit card fraud.

A

103) The formula used to compute total task time for work measurement purposes is A) (average time / unit + idle time / unit) × average volume. B) total time available / total task time. C) (average volume / unit + average time / unit) × average volume. D) total task time / total time available.

A

103) Which one of the following represents a weakness in internal control regarding the human resources area? A) The payroll staff distributes paychecks to employees in other departments. B) The payroll department supervisor makes decisions regarding the hiring of payroll department employees. C) The supervisors of all departments are responsible for initiating requests for salary increases for their subordinate employees. D) Supervisors are responsible for reviewing and approving time reports of their subordinate employees.

A

104) Examples of all-in- oneand Integrated Platforms application suites are A) Casewise and Netweaver Developer Studio. B) Ruby on Rails and Perl. C) Java and PHP. D) None of the above are Integrated Platforms suites.

A

104) In a production planning system, which of the following files updates the finished goods inventory file? A) Completed production order file B) Production status file C) Production data file D) Production loading file

A

104) __ provides assurances relating to the effectiveness of an organization enterprise risk management processes. A) RBA B) OMB C) REA D) UML

A

105) Which of the following is not an example of middleware? A) Enterprise system bus B) Database driver C) Application programming interface D) All of the above are examples of middleware.

A

112) __ is for IS audit, control, assurance and/or security professionals. A) CISA B) CISM C) CGEIT D) COBIT

A

114) An annotation or comment may be represented in a flowchart using a A) brace. B) flowline. C) square. D) diamond.

A

124) The application solution stack for a Web application typically includes the following except A) subversion software. B) target operating system. C) Web server. D) programming languages.

A

130) Which of the following is not associated with lean manufacturing? A) CRM B) Toyota Production System C) Eliminating waste D) JIT

A

72) In ERP, master records are created that reflect the organization structure and business processes of the company. Company, plant, and storage locations are known in ERP as A) objects. B) organizations. C) targets. D) entities.

A

77) The department or function that is responsible for selecting a vendor to order materials from is A) purchasing. B) individual departments requesting the material. C) requisitioning (stores). D) sales.

A

79) An interesting aspect of white-collar crime is that A) it often seems to be victimless. B) it usually amounts to less than $1,000 per organization per year on average. C) internal controls almost never reveal the perpetrators of such crimes. D) None of these answers are correct.

A

83) An advantage of generalized audit software is that A) it can select a sample of accounts receivable for confirmation and help the auditor prepare confirmation requests. B) the auditor avoids having to review systems documentation. C) it eliminates the need for any coding by the auditor. D) the client staff can use it to perform audit-related tasks.

A

83) The file or record that is essentially a subsidiary ledger for tangible assets, such as land, buildings, machinery, and equipment, is the A) fixed assets register. B) fixed assets control ledger. C) property master ledger. D) property control ledger.

A

83) The symbol which is used to link other symbols and indicate the sequence of information and operations is the A) flowline symbol. B) annotation symbol. C) input/output symbol. D) process symbol.

A

86) The prices entered on sales orders should be independent of the sales order function. To achieve this transaction cycle control, the company's ordering system should use A) an independently prepared master price list authorized by management. B) prices found in the order database. C) prices listed by the sales representative who initiated the order. D) All of these answers are correct.

A

93) The transaction processing cycle that is concerned with the events related to the transformation of resources into goods and services is a) production. B) revenue. C) financial reporting. D) expenditure.

A

95) An accounting system in which costs are assigned to individual projects as the projects proceed through their environment is known as a A) project accounting system. B) cost accounting system. C) managerial accounting system. D) financial accounting system.

A

A)

A customer pumps gas at a local convenience store. The customer pays for the gasoline by inserting a credit card into the gasoline pump. This is an example of a(n) A) networked vending machine. B) point-of-sale system. C) automatic identification system. D) electronic data interface system.

B)

A data editing routine that compares data with acceptable values is a A) limit test. B) table lookup. C) financial total check. D) valid code check.

76) One way in which a company can produce a corporate culture that supports ethical behavior is through A) emphasis on sales quotas and deadlines. B) emphasis on short-run goals and objectives. C) a cultural audit to bring to light the corporations true culture and ethical behavior. D) All of these answers are correct.

C

76) The first screen used to create a customer in a SAP ERP system is A) control data. B) contact person. C) initial. D) account management.

C

77) The information systems auditing technique that uses software that has been specifically designed to allow auditors to perform audit-related data processing functions is called A) mapping. B) tracing. C) generalized audit software. D) embedded audit routines.

C

77) Which of the following would not appear in a HIPO chart of a payroll system? A) Data preparation B) Calculate gross pay C) Payroll master file D) Look up authorized deductions

C

78) Assets fraudulently appropriated for one's own use from an organization is considered A) fraud. B) theft. C) embezzlement. D) a corporate loan.

C

78) In an IPO chart of a payroll system, the payroll master file would A) appear as an input B) appear as an output. C) Answers A and B are correct. D) not be represented in the chart

C

A)

A high activity ratio A) is typical of batch processing, such as a payroll application. B) is characteristic of all file processing activities in a large corporation. C) spreads the fixed costs of sequential processing over fewer transactions. D) makes ISAM processing more economical if the files are not processed in low activity situations.

79) From a cost standpoint, the phase of systems development in which more money is spent than any other area is A) systems analysis. B) systems design. C) systems implementation. D) systems planning.

C

D)

A retail sales Point-of-Sale terminal A) records cash and charge sales. B) updates inventory records. C) provides data for posting to daily sales records. D) All of these answers are correct.

81) The final input screen in the create customer function of the SAP ERP system is the A) billing screen. B) taxes screen. C) partner functions screen. D) output screen.

C

81) Which of the following processes real data through a test program? A) Test data approach B) Integrated test facility C) Parallel simulation approach D) Artificial intelligence software

C

87) A well-known standard for information security management systems development is A) SOX. B) ISO 27000. C) COBIT. D) both B and C

D

A)

Database dictionaries are defined and controlled by A) a DBA. B) a DBMS. C) the SQL DML component. D) the organization's steering committee.

C)

Database dictionaries are used both alone and with DBMSs to ________ the use of data within an organization A) centralize and document B) centralize and control C) centralize, document, control, and coordinate D) centralize, document, and coordinate

A)

Database management systems have the ability to integrate separate data files for various accounting applications. In the absence of integration, each type of accounting application will maintain its own independent data files. Which of the following is an advantage of maintaining separate files for accounting applications? A) Maintaining separate files is simple. B) Using independent files, accounting data must be fed into each application file numerous times. C) Since files are defined early in the implementation process, the evolving needs of applications may be constrained by the existing file structure. D) Independence among files often leads to different structures for the same data.

C)

During input, a data entry clerk incorrectly keyed product codes "ABXY" as "BAXY." Both ABXY and BAXY are valid codes. Which of the following controls would prevent this situation? A) A table-lookup procedure B) A check digit test C) Key verification D) Limit test

D)

Electronic data entry A) requires no human intervention. B) is sequentially processed. C) is always manually entered. D) is on-line.

A)

Errors in the keying operation can be detected using A) a key verification control procedure. B) a data transfer control register. C) program data editing. D) None of these is correct.

1) The term risk is synonymous with exposure.

FALSE

10) Internet Explorer and Firefox are examples of Web servers.

FALSE

10) The ERM process is part of the information security management system.

FALSE

10) The external auditor is a good candidate to receive tips.

FALSE

11) For both public and privately held companies, the Sarbanes-Oxley Act of 2002 (SOA) imposes certain requirements and restrictions on management, auditors, and company audit committees.

FALSE

22) The triangle is a specialized symbol representing a decision process.

FALSE

53) Studies have shown that 45% of all disasters are due to human error.

FALSE

6) Some computers on the Internet need an Internet Protocol address.

FALSE

7) Computer security and information security mean the same thing.

FALSE

7) Data-driven fraud detection involves the formal analysis of small sets of data in search for fraud indicators.

FALSE

D)

Fundamental controls over data transfer between user departments and data processing include A) batch control totals. B) data transfer registers. C) activity file totals. D) Answers A and B are both correct.

D)

High level query languages include the below except A) QBE. B) NLDQ. C) OQL. D) SQL.

B)

In SQL, the query to extract a customer name from a table identified as company is A) SELECT name, company. B) SELECT name FROM company. C) SELECT company, name. D) SELECT FROM company, name.

D)

In a cash remittance processing, the open-items accounts receivable file serves as the A) billing data. B) credit sales journal. C) accounts receivable control account. D) subsidiary accounts receivable ledger.

D)

In the object-oriented modeling technique, related groups of fields are known as A) objects. B) parents. C) children. D) object classes.

B)

Input data should be accompanied by the completion of a(n) A) data transfer log. B) input document control form. C) data transfer register. D) key verification control procedure.

C)

Key verification control procedures A) edit data. B) do not use batch totals. C) do not edit data. D) electronically replace incorrect data with data from an existing database.

B)

Many of the problems a database administrator faces within an organization are A) internal-control related. B) political. C) software and hardware related. D) data-integrity related.

B)

Network, tree, and relational models are examples of database structure at which level? A) Physical level B) Logical level C) Conceptual level D) Hierarchical level

B)

OLAP uses complicated multidimensional "indexes" called A) data mining. B) aggregations. C) drivers. D) transformers.

D)

Object-oriented modeling can be ________ easily into object-oriented program code. A) moved B) translated C) uploaded D) transformed

A)

Pointer fields are not used in A) relational structures. B) list structures. C) hypertext models. D) semantic data networks.

A)

Program data editing is a software technique that should A) be used in addition to verification. B) be used in place of verification. C) be applied only to characters within input fields. D) only be used after visual verification has detected errors in the input.

D)

Program data editing techniques may be applied to A) fields. B) records. C) files. D) All of these answers are correct.

D)

Response time is affected by A) disk access time. B) how data records are physically distributed on the disk. C) the database management system but not the operating system. D) disk access time and how data records are physically distributed on the disk.

B)

Sequential-access files are useful A) when only a small number of records need to be accessed in a file containing a large number of records. B) in batch processing. C) when files are unsorted. D) when a large accounts receivable master file is in random account number order.

B)

Sue Pang enters sales data directly into the computer-input program using a keyboard. The type of system Sue is using is a(n) A) automatic identification system. B) manual data entry system. C) point-of-sale system. D) electronic data interchange system.

1) An information security system has the basic elements of any information system: hardware, software, databases, procedures, and reports.

TRUE

1) The Internet is a global system of interconnected computer networks.

TRUE

21) The normal flow direction of a flowchart is from left to right and top to bottom.

TRUE

41) EDI is a key component to quick-response technology systems.

TRUE

42) The chief goal of an information system is productivity.

TRUE

B)

Tables without repeating groups in a relational database are said to be A) unnormalized. B) in the first normal form. C) in the second normal form. D) in the third normal form.

B)

The "C" in ACID stands for A) completeness. B) consistency. C) conventional. D) conceptual.

A)

The "amount due" field of a bill is checked to ensure that the sign is positive. This is an example of a field A) sign check. B) length check. C) format check. D) type check.

C)

The basic DML statement used to modify the rows of tables in SQL is A) SELECT. B) DELETE. C) UPDATE. D) INSERT.

D)

The command used in an SQL query to combine fields from several tables is A) GROUP BY. B) ORDER BY. C) WHERE INSTR. D) INNER JOIN.

D)

The compensating control for the loss of segregation of duties in an electronic input system is A) supervision and review. B) input document control forms. C) prenumbered documents. D) transaction logs.

B)

The cost of processing per transaction in a high-activity environment is the lowest in which of the following file organization techniques? A) Indexed B) Sequential C) Direct D) Indexed-sequential

C)

The database computer language that consists of commands for updating and extracting data is A) DDL. B) DBA. C) DML. D) DQL.

A)

The database structure which allows a child segment to have more than one parent is the A) network. B) sequential. C) tree. D) object.

C)

The difference between segments and simple records is that A) simple records have parents and children. B) segment are collections of fields. C) segments have parents and children. D) segments have no fields.

D)

The essential characteristics of the database approach to data processing of accounting data requires that A) data storage is integrated into a single database. B) separate processing routines are required for separate files. C) all access to integrated files is through a single software system. D) data storage is integrated into a single database and all access to integrated files is through a single software system.

C)

The processing and inquiry objectives of file usage are both addressed by A) sequential-access file organization. B) fully inverted index file organization. C) indexed-sequential file organization. D) direct-access file organization.

D)

The processing time required to maintain a fully inverted file A) is fast since the entire index can be loaded into primary memory. B) is almost instantaneous because long indexes can be factored into subindexes. C) is fast when two processors are used simultaneously to process the data and index files at the same time. D) can be high since the indexes require more disk storage and must be updated whenever records are added, deleted, or changed.

C)

The purpose of the index in an ISAM file is to A) increase the time needed to write records on the prime area. B) bump records to the overflow area when no prime space is available. C) link the record key to the address. D) search tracks for the desired record.

B)

The type of OLRS system in which users do not input, but only request information, is a(n) A) data entry system. B) inquiry/response system. C) file processing system. D) transaction processing system.

C)

The type of file updating which should be used in a DBMS system using batch processing is A) random-access. B) sequential-access. C) automatic. D) peer-to-peer.

B)

The use of a randomizing transformation to process transactions against a direct-access master file is based on A) comparing the master record key and the transaction record key for equality. B) converting the transaction record key to a storage area location address by using a mathematical algorithm. C) searching a list structure for the associated master file record. D) searching an index for the associated master file record.

B)

The use of check digits A) is highly unusual in today's EDP environment. B) is very common because of the high reliability of this procedure. C) eliminates using key verification as a control procedures. D) eliminates using data editing routines as a method to detect errors.

A)

Three technologies make extended supply-chain systems feasible. Which of the below is not one? A) XML-type data generation B) POS system C) Bar coding for automatic identification D) EDI ordering system

D)

Variable-length records have characteristics that are not found in fixed-length records. An example of such a characteristic is A) the field width can be adjusted for each data occurrence. B) because of their size, most records stored on DASD are variable-length records. C) the actual number of fields can vary from one data occurrence to another. D) the field width can be adjusted for each data occurrence and the actual number of fields can vary from one data occurrence to another.

A)

What data are stored in the index of an indexed file? A) The keys and the disk addresses of the individual records B) The disk addresses of the individual records C) All essential fields for the individual records D) The keys for the individual records

D)

What defines an entire database being loaded into computer-internal high-speed random access memory or other high-speed electronic storage device? A) Internal database B) In-resident database C) RAM database D) In-memory database

D)

When preparing the transaction file in a batch processing with sequential file system, the edit program A) builds a transaction file from processed batch input. B) performs batch balancing procedures. C) ensures all documents are accounted for prior to processing. D) accumulates revised batch-control totals for the input data.

A)

Which application would not be ideally suited to processing by an OLRS system? A) Payroll B) On-line reservations C) Inventory control D) Customer accounts

B)

Which of the following is an alias? A) A file whose records consist of data item descriptions B) The use of more than one name for the same field C) The user having the final responsibility for a data item D) The physical form in which data are stored in a database

A)

________ connect(s) the business application to the database management system. A) Database driver B) Database agnosticity C) CASEwise D) Database objects

A)

________ is a multidimensional generalization of the 2-dimensional relational table which provides incredibly fast response times. A) OLAP B) UML C) RUP D) RAD

A)

Computer processing of accounting data is typically composed of A) producing preliminary reports and then final listings after submission of corrections. B) five steps which occur in four separate and distinct cycles. C) seven steps (following the typical accounting cycle). D) a series of mathematical algorithms.

100) Most firms engage auditors to conduct an examination of an information system. The focus of such an audit should be A) the information system itself. B) system utilization and performance after the implementation is complete. C) the validity and accuracy of the data processed by the system. D) the information system itself and the validity and accuracy of the data processed by the system.

D

101) To control incoming cash from the mail and ensure an accurate accounting, the department which should have complete control over the transaction is the A) mailroom. B) cash receipts. C) accounts receivable. D) No one department should have complete control over incoming cash

D

102) Data is required from which of the following to build a production data file? A) Materials requisition data B) Goods receipt data C) RTG data D) Materials requisition and RTG data are both required.

D

102) Which of the following controls would not be examined in the audit of a computer service center? A) Environmental controls B) Physical security controls C) Management controls D) Process application controls

D

103) In structured systems analysis, the data dictionary describes A) data structure. B) physical layout. C) data structure and physical layout. D) data structure and data elements.

D

103) In the program change control phase of an application systems development audit, an element that may represent a major loss exposure in terms of fraud and access to sensitive data is A) program development. B) program auditing. C) program testing and quality control. D) program maintenance.

D

103) The following are benefits of an ERP except for the ability A) to eliminate data duplication and redundancy. B) to standardize data formats. C) to easily share data from various departments. D) to easily customize software to meet company needs.

D

102) Which of the following should not have access to signed paychecks? A) Payroll and personnel B) Cash disbursement, personnel, and timekeeping C) Personnel, payroll, and timekeeping D) Cash disbursement, personnel, and bookkeeping

C

146) In the systems approach to administering a systems project, which of the following phases should be performed first? A) Creating alternatives B) Analyzing the system C) Implementing the system D) Stating the system's objectives

D

60) A procurement document that is not available in ERP is the A) quotation. B) contract. C) scheduling agreement. D) invoice.

D

31) Invigilation is a technique used by fraud investigators to authenticate documentation.

FALSE

31) Memory cards provide a high degree of security and can be used for complex financial transactions.

FALSE

31) Operational transaction cycles have traditionally grouped activities of a business into six common operational processes.

FALSE

32) A document flowchart is similar to a systems flowchart.

FALSE

33) Cookies prevent a merchant from viewing and analyzing a person's computer to determine any other Web sites that the person has visited.

FALSE

33) Criminal Code 301.2(1) makes it a federal crime in the United States to knowingly and with intent fraudulently gain unauthorized access to data stored in financial institution computers.

FALSE

33) Detective controls are not considered transaction processing controls, but rather internal audit controls.

FALSE

33) The internal audit function and the accounting functions should not be segregated in order to increase a company's internal control.

FALSE

35) Input manipulation is the least-used method in most cases of computer fraud.

FALSE

35) UML is a United States standard, not yet supported by the International Standards Organization.

FALSE

36) A negative answer given to a question on an internal control questionnaire almost always indicates a weakness in an internal control process area.

FALSE

36) ATM cards are really smart cards because they are used for both identification and payment.

FALSE

36) The essence of cloud computing is that data storage is maintained by the end-user.

FALSE

37) A trapdoor is a portion of a computer program that, upon detecting an intruder, traps; the intruder by activating a firewall to prevent unauthorized access to critical data.

FALSE

37) In UML, use case diagrams model the flow of activities involved in a single process.

FALSE

4) COBIT standard is based on 16 high-level objectives that are broken down into 318 detailed control objectives.

FALSE

4) The CSO should report directly to the president of the organization.

FALSE

4) When evaluating internal controls, auditors are usually not concerned with the flow of processing and distribution of documents within an application system.

FALSE

40) BPMN basic symbols include input/output, process, flowline, and annotation symbols.

FALSE

40) Corrective controls act to prevent errors and fraud before they happen.

FALSE

40) Quick Response code is a three-dimensional bar code.

FALSE

41) All BPDs contain at least two pools.

FALSE

41) Expert qualifications include things such as race, gender, and social status.

FALSE

44) Only active RFID tags transmit signals containing digital information to receivers.

FALSE

46) Half of all financial statement frauds involve overstating inventory.

FALSE

46) System-access controls prevent unauthorized individuals from physically accessing computer resources.

FALSE

47) In the United States, employee fraud represents a small percentage of loss for most Organizations.

FALSE

61) Audit tests that follow compliance tests and rely on the interim audit's results are called A) substantive tests. B) follow-up tests. C) internal control tests. D) evaluation tests.

A

15) Some believe that every corporation has its own corporate culture, and it is such a culture that ultimately either promotes or hinders ethical behavior within the corporation.

TRUE

16) White hat hackers legitimately probe systems for weaknesses in order to help with security control procedures.

TRUE

22) Hacker methods include social engineering, direct observation, electronic interception, and exploits.

TRUE

22) Physical and document evidence include things such as fingerprints, trace evidence, and forged or incriminating documents.

TRUE

24) An IPO chart provides a narrative description of the inputs needed to generate desired system outputs.

TRUE

24) Direct observation includes shoulder surfing and dumpster diving.

TRUE

24) ERPs should reduce data duplication, increase communication between functional areas, and reduce complications of software updates.

TRUE

24) The audit trail concept is basic to the design and audit of an accounting information system.

TRUE

49) Swapping checks for cash is a cash-register fraud that involves removing cash from the cash register and replacing it with bogus checks.

TRUE

54) Escalation procedures state the conditions under which a disaster should be declared, who should declare it, and whom that person should notify when executing the declaration.

TRUE

6) A typical CRM contains one common database in which all departments with customer contact can access and update.

TRUE

6) An information security threat is a potential exploitation of a vulnerability.

TRUE

6) Fraud detection involves identifying indicators of fraud that suggest a need for further Investigation.

TRUE

6) It is desirable for auditors to have a basic understanding of systems techniques.

TRUE

6) Recent survey results indicate that the most frequent reason frauds are discovered is due to internal controls.

TRUE

7) A company can use QR codes to provide a convenient way to direct customers to its Web site by embedding them in advertising, such as magazines or in-store displays.

TRUE

7) COSO reports contain the most authoritative framework for internal control processes.

TRUE

7) Domain names and their corresponding IP addresses are registered in electronic "phone books" at many sites on the Internet.

TRUE

7) The usual focus of an audit is to review an existing system rather than design a new system.

TRUE

8) Fraud detection software and services often use sophisticated statistical techniques.

TRUE

8) Information security is broader in concept than computer security and deals with all information, not just computerized information.

TRUE

8) Software known as firewalls limits access to information on a company's servers from the rest of the world.

TRUE

9) A systems development project generally consists of three main phases.

TRUE

9) Benford analysis exploits the pattern relating to the first digit of numbers appearing in random data set.

TRUE

9) Information security management system is an internal control process and manages risk.

TRUE

9) One common type of electronic mail server is known as POP server.

TRUE

9) Typically, an organization;s internal control process consists of five components.

TRUE

A system is a collection of related resources designed to help a company achieve specified objectives.

TRUE

B)

Which of the following is characteristic of the indexed-sequential access method? A) Processing is direct-access; queries are sequential. B) Processing is sequential; queries are handled through an index. C) Processing and queries are both handled through an index. D) Processing and queries are both sequential.

141) ____ diagrams are used to document objects (and classes of objects) and how they communicate with each other. A) UML B) ER C) Conceptual D) Data flow

A

142) Examples of social engineering include A) pretexting and phishing. B) pretexting and direct observation. C) phishing and direct observation. D) pretexting, phishing, and direct observation.

A

143) Which of the following groups would not be considered external users of the company's information? A) Factory supervisors B) Creditors C) Investors D) Labor unions

A

145) When a hacker takes advantage of a vulnerability to access the software, hardware, or data in an unauthorized manner a(n) ________ has occurred. A) exploit B) vector C) exposure D) virtualization

A

146) Object-oriented design and analysis is based on objects and relies on A) UML diagrams. B) MDA models. C) BPEL diagrams. D) None of the above aids OO analysis.

A

147) Sabotage is a(n) ________ threat. A) active B) passive C) direct D) second layer

A

148) BPEL is supported by the internationally recognized and leading IT open standards organization called A) OASIS. B) OMG. C) MDA. D) QVT.

A

148) Software that integrates business processes on a company-wide basis is called A) enterprise resource planning. B) executive information systems. C) expert systems. D) manufacturing information systems.

A

75) The ERP master records that has a hierarchical structure is the A) material master record. B) vendor master record. C) object master record. D) purchasing information master record.

A

75) The general formula for calculating the inventory reorder point is A) average inventory usage rate multiplied by lead time. B) economic order quantity less average inventory usage rate. C) lead time multiplied by economic order quantity. D) lead time multiplied by average inventory turnover rate.

A

88) Internal control is affected by an organizations A) board of directors, management, and other personnel. B) management and internal auditors. C) management and external auditors. D) board of directors, management, and shareholders.

A

88) ________ store enormous volumes of current and historical data for use in research and analysis. A) Data warehouses B) Operational databases C) Relational databases D) Data marts

A

89) The function responsible for forwarding voucher checks directly to payees is A) cash disbursements. B) accounts payable. C) internal audit. D) purchasing.

A

99) In the cash-received- on-account process, the remittance list is used to post the A) cash receipts journal. B) accounts receivable ledger. C) Answers A and B are both correct. D) None of these answers is correct.

A

99) The ________ reference model defines the typical business model in terms of infrastructure, offering, customers, and finance. A) Osterwalde B) Zachman C) federal enterprise D) open group

A

B)

A batch processing system would work best when processing A) inventory. B) payroll. C) accounts receivable. D) accounts payable.

C)

A data editing routine that compares numeric data input within a range is a(n) A) table lookup. B) hash total check. C) limit test. D) internal label test.

A)

A data item or combination of data items that uniquely identify a particular record in a file is called a(n) A) key. B) occurrence. C) attribute. D) variable-length field.

D)

A database dictionary is defined and controlled by A) the controller. B) the owner. C) DMA. D) DBA.

D)

A database has a hierarchical data structure. This is an example of defining database architecture at the A) physical level. B) conceptual level. C) sequential level. D) logical level.

B)

A database is defined in terms of the kind of information it includes and the purposes for which it is to be used. This is an example of defining database architecture at the A) logical level. B) conceptual level. C) physical level. D) relational level.

C)

A database, together with database software, is A) database objects. B) database agnosticity. C) a database management system. D) a database logical structure.

100) In the Warnier-Orr methodology, how would the repetitions associated with the input of batches of customer checks be shown? A) Use a bracket with the number 2. B) Use the subscript (n). C) Use 2 brackets. D) Use the subscript (2).

B

62) In the SAP ERP system, an outline agreement with a vendor is basically a A) request for a quotation. B) contract. C) purchase order. D) purchase requisition.

B

62) Which of the following is a procedure included in systems design? A) Computer program documentation B) Forms design C) Training personnel D) Document review

B

99) The department responsible for authorizing employee pay deductions is the A) payroll department. B) personnel department. C) independent paymaster. D) production department (for factory workers).

B

99) The phase of an information systems audit in which effort is placed on fact-finding in the areas selected for audit is the A) first phase. B) second phase. C) third phase. D) fourth phase.

B

99) The reentry of transaction data with machine comparison of the initial entry to the second entry to detect errors is called A) batch balancing. B) key verification. C) validity checking. D) a run-to- run comparison.

B

116) The internal audit function within an organization should be considered a(n) A) activity supervised by the controller. B) sub function of the treasurer. C) independent appraisal activity. D) optional service provided by the firm's external auditors.

C

118) Bid rigging frauds is an example of A) revenue cycle fraud. B) account receivable fraud. C) expenditure cycle fraud. D) fraudulent financial reporting.

C

118) Information retrieval from the organization's database using the query language feature of DBMS is a common A) programming function. B) technical support function. C) EUC application D) ES application.

C

119) Which of the following database design techniques shows the interrelationships between files, their contents, and their uses? A) Data structure diagrams B) Record layouts C) File-related matrices D) File analysis sheets

C

120) One recovery strategy in the event of a disaster is an alternative processing arrangement. An arrangement between two companies in which each company agrees to help the other if the need arises is a(n) A) commercial vendor arrangement. B) computer service bureau agreement. C) shared contingency arrangement. D) alternate site center.

C

122) The Software Versioning System keeps both current and historical versions of the A) deployment services already coded. B) objects already designed. C) software source code. D) UML diagrams.

C

122) The possibility of losing employees to a disaster should be addressed in A) a salvage plan. B) an alternative processing arrangement. C) the personnel replacement plan. D) the personnel relocation plan.

C

124) One of the major disadvantages to pulling the plug is that A) it is ineffective. B) it is inefficient. C) it leads to the loss of the computers volatile memory. D) none of the above

C

125) When a company is purchasing software, it should choose hardware A) before choosing software. B) at the end of systems analysis. C) after choosing software. D) at any time either before or after choosing software.

C

127) Which of the following is not an objective of internal control? A) Reliability of financial reporting B) Effectiveness and efficiency of operations C) Relevance of financial statements D) Compliance with applicable laws and regulations

C

129) RFID tags include all of the following except A) active tags. B) passive tags. C) inactive tags. D) semi-passive tags.

C

132) In iterative or agile approaches to systems development A) each phase of the life cycle is completed prior to moving to the next phase. B) phases can be started in any order the project manager deems appropriate. C) all phases of the life cycle are carried on simultaneously. D) the systems development life cycle is not appropriate to implement.

C

132) The most basic security procedure in system-access controls is the A) sign-countersign system. B) identification of the users ID, time, and date of each entry. C) users responsibility to protect his or her password. D) systems assignment of the user ID and password.

C

117) The fraud scheme that involves using a stolen customer check to make a payment on account is called A) stealing cash in transmission. B) shorting bank deposits. C) lapping of accounts receivable. D) check laundering.

D

117) UML includes techniques that are the functional equivalents of A) data flow diagrams. B) document flowcharting. C) analytical flowcharting. D) All of the above are included in the UML standard.

D

118) UML version 2.4 defines ________ types of diagrams, divided into two categories. A) two B) five C) ten D) more than a dozen

D

119) A Web application framework and object oriented programming language that is based on the Model-View- Controller structure is A) OO collaboration. B) Web 2.0. C) PERL. D) Ruby on Rails.

D

119) A disaster recovery plan should include A) a list of priorities for recovery. B) an evaluation of a companys needs in the event of a disaster. C) a set of recovery strategies and procedures. D) All of these answers are correct.

D

119) The technological philosophy that emphasizes "customer satisfaction" to the point of "customer obsession" is known as A) TQP. B) EDI. C) TQM.D) TQP and TQM.

D

119) Which of the following procedures can be used to detect phantom employees? A) Maintaining personnel files in an independent personnel department B) Requiring management and personnel review and approval for all personnel-related activities C) Implementing a multi-review and approval process within the purchasing department D) both A and B

D

121) Prepackaged design systems have both advantages and disadvantages in assisting the designer with the systems development cycle. A disadvantage of such prepackaged design methodologies is that they do not A) specify desired outputs. B) provide assistance in structuring a particular problem. C) adequately deal with the problem of response time. D) Answers A and C are correct.

D

123) A group of software components needed to deliver a workable application is called a(n) A) solution assessment package. B) finalized deliverable set. C) database system. D) application solution stack.

D

124) Which of the following is an ideal password? A) ABC123 B) DOG& bone C) sky& CAT D) 2s&am;Ytc8x

D

124) Which of the steps below is not part of the systems approach process? A) Creation of alternatives B) Statement of system objective(s) C) Systems evaluation D) All of the answers are steps in the systems approach process.

D

67) DWB Corporation suffered a loss due to the spoilage of certain raw materials used in the manufacturing of its products. The business transaction cycle in which this loss occurred is the A) revenue cycle. B) expenditure cycle. C) finance cycle. D) production cycle.

D

67) Which inventory control is the most critical in the production business process? A) Separation of functions B) Maintaining basic records and documentation C) Periodic physical counts and tests against independent records D) All of these controls are critical to inventory control in the production business process.

D

67) Which of the following groups of individuals should be on the special project team that executes the implementation of the design plan? A) Systems technical personnel B) Accountants and auditors C) Individuals who also participated in the design D) Design team members and affected managers

D

68) The manual input symbol could be used to represent A) the entering of data at an on-line keyboard. B) the entering of data using switch settings. C) the entering of data using touch screens. D) All of these answers are correct.

D

68) The use of information technology to perform audit work is known as auditing A) around-the- computer. B) through the computer. C) without the computer. D) with the computer.

D

81) The ________ describes the joint structure and behavior of the enterprise and its information system. A) relational architecture B) business architecture C) business modeling D) enterprise architecture

D

81) Which of the following systems development activities may require the use of systems techniques? A) Systems analysis B) Systems design C) Systems implementation D) All of these answers are correct.

D

82) A system planning and feasibility analysis involves several phases and operates in a top-Down fashion. This type of analysis is composed of how many phases? A) Three B) Five C) Six D) Seven

D

82) An audit technique not requiring the use of the client computer facilities is A) the use of snapshots. B) the test data approach. C) the integrated test facility. D) parallel simulation.

D

98) Compliance testing is the key activity performed in which phase of an information systems audit A) Second phase B) First phase C) Fourth phase D) Third phase

D

98) In a production planning system, the production status file is an input to which of the following? A) Production scheduling program B) Inventory update program C) Report generator program D) Production planning system

D

11) Some organizations that use computers to process transactional data must have an information system function.

FALSE

11) Systems analysis involves formulating a blueprint for a completed system.

FALSE

11) Under the Uniform Electronic Transaction Act, digital signatures are not legally binding in most states.

FALSE

12) Auditors primarily use IPO and HIPO charts.

FALSE

12) ISO27001 includes 132 general security controls, organized under 11 topics and further broken down into over 5000 detailed controls.

FALSE

12) The operations function allows specialization in areas such as operating systems and software and communications technology.

FALSE

12) Type 1 error occurs when a fraud indicator fails to signal fraud.

FALSE

13) Passive threats include information systems fraud and computer sabotage.

FALSE

13) The Sarbanes-Oxley Act of 2002 (SOA) allows the purchase or sale of stock by officers and directors and other insiders during blackout periods.

FALSE

13) Type 2 errors result in unnecessary fraud investigations.

FALSE

14) Most batch processing environments are JIT environments.

FALSE

27) The computer operations supervisor has a good attendance record, which demonstrates the general operating procedure of competency of personnel.

FALSE

29) A key characteristic and benefit of business processes is that they are always limited to one functional area of the information system.

FALSE

29) A systems flowchart is more detailed concerning individual processing functions than a program flowchart.

FALSE

29) Application controls are designed to provide assurance that processing has occurred.

FALSE

3) COBIT stands for Control Objectives for Businesses in Technology fields.

FALSE

3) eBusiness and eCommerce have the same meaning.

FALSE

31) A DFD may consist of either DFD or ANSI flowchart symbols.

FALSE

31) In the health insurance sector, the Gramm-Leach- Bliley Act, requires federal agencies that oversee the health insurance sector to implement regulatory standards aimed at protecting the security of critical information resources.

FALSE

31) The immediate return of input information to the sender for comparison and approval is called feedback.

FALSE

33) Calibration is part of the fraud triangle.

FALSE

34) Almost all privacy statements prohibit Web merchants from sharing their customer information with other merchants.

FALSE

34) The director of internal auditing should report directly to the controller of the company.

FALSE

35) Collusion occurs when a white-collar individual attempts to commit fraud within an organization.

FALSE

35) Individuals who respond more to audio stimuli typically look down and to the right, or simply vertically to the right, when recalling information.

FALSE

35) The treasurer is responsible for the budgeting and tax planning aspects of a business.

FALSE

37) The fraud report presents conclusions regarding a suspects guilt.

FALSE

39) DBMS is the hands-on use of computers by end users.

FALSE

41) In a denial of service attack, an intruder is denied access to an organizations Web site after the intruder attempts to break through its firewalls and proxy server countermeasures.

FALSE

42) Earnings management is always illegal and can never be justified by GAAP.

FALSE

42) In most organizations, accounting, computing, and data processing are all organized under the controller.

FALSE

43) Controls increase productivity and the reliability of resulting output.

FALSE

44) Informal pressure from employees does not cause collusion.

FALSE

44) Stock option is an executive mechanism to prevent financial statement fraud.

FALSE

44) With todays excellent computer security software, it is no longer necessary to physically separate unauthorized individuals from computer resources.

FALSE

45) COSOs next report to be published will pertain to the monitoring of internal control system in order to keep them current and effective.

FALSE

45) Lean manufacturing focuses on eliminating waste from the entire value chain.

FALSE

47) Microsoft sponsors the Web TrustTM seal of approval to certain Web sites that meet their security and integrity criteria.

FALSE

47) The ideal password should consist of easy-to- remember names such as banana, kitty, IBM, password, or Friday.

FALSE

48) Electronic data interchange (EDI) is the direct computer-to- end-user exchange of business documents via a communications network.

FALSE

5) All data processed and information stored in an accounting information system are mandatory for financial reporting purposes.

FALSE

5) Financial accounting is concerned with the prevention and detection of fraud and white-collar crime.

FALSE

5) Fraud detection includes several standalone processes such as fraud prevention, investigation, correction, reporting, and recovery

FALSE

5) Using the qualitative approach to risk assessment, each loss exposure is computed as the product of the cost of an individual loss times the likelihood of its occurrence.

FALSE

50) Fault tolerance can be applied at any of three levels: input, processing, or output.

FALSE

50) The SEC requires that all companies must file their financial reports electronically using XBRL.

FALSE

51) An incremental backup backs up all files whose archive bit is set to 0 before termination of the session.

FALSE

51) FedWire is a retail EFT system used for telephone wire transfers and payments.

FALSE

51) It is not possible for fraudsters to crack any passwords or encryption keys.

FALSE

52) E-waste refers to dollars spent on unsuccessful implementations and technologies.

FALSE

8) An extended enterprise brings suppliers and customers together in order to meet customer demand while minimizing supplier costs.

FALSE

8) Analytic and system flowcharts are seldom found in the working papers of auditors.

FALSE

8) The production cycle is defined as the events related to the distribution of goods and services to other entities and the collection of related payments.

FALSE

9) Procurement and firm infrastructure are examples of primary business processes.

FALSE

B)

Fields associated with other fields in a logical grouping are known as A) elements. B) records. C) data items. D) attributes.

D)

For a general ledger accounting system to be properly maintained, data must be A) collected. B) recorded. C) properly classified and entered into appropriate records for further summations. D) All of these answers are correct.

C)

Four records have the record structure: EQUIPMENT (EQUIP#, LOCATION). EQUIPMENT (204,1) EQUIPMENT (204,2) EQUIPMENT (208,1) EQUIPMENT (209,1) When sorting these records, which field is the primary sort key and which field is the secondary sort key? A) EQUIPMENT is primary; no secondary sort key is required. B) EQUIP# is primary; no secondary sort key is required. C) EQUIP# is primary; LOCATION is the secondary key. D) LOCATION is primary; EQUIP# is the secondary key.

D)

Four records have the record structure: PART (PART_NO, WARHSE). PART (101,1) PART (101,2) PART (103,1) PART (106,1) Which of the following would be appropriate to use as a record key? A) PART B) PART_NO C) WARHSE D) Answers B and C combined would form a record key.

25) In general, vulnerabilities arise from improperly installed or configured software and from unforeseen defects or deficiencies in the software.

TRUE

27) Three major groups of individuals that may attack information systems include information personnel, users, and hackers.

TRUE

27) Tracing involves beginning with a source document and following the related transaction through the entire accounting cycle.

TRUE

28) A list of changes to on-line computer files is stored on magnetic tape to provide a transaction trail.

TRUE

28) A program flowchart is also known as a block flowchart.

TRUE

28) Anyone can issue his or her digital notes for use in Internet transactions.

TRUE

28) Business processes are always triggered by some economic event, and all have clearly defined starting and ending points.

TRUE

28) Virtualization involves running multiple operating systems, or multiple copies of the same operating system, all on the same machine.

TRUE

28) Vouching begins with numbers in accounts and follows them backward to the source Documents.

TRUE

29) A major issue in electronic transactions is privacy.

TRUE

29) It is common for fraud investigators to question the authenticity or authorship of documents.

TRUE

29) Using cloud-based services and data storage is referred to as cloud computing.

TRUE

3) One of the duties of the CSO is to present reports to the board of directors for approval.

TRUE

3) Substantive testing involves direct verification of financial statement figures.

TRUE

3) The ISO 27000 family of standards has over 5,000 controls.

TRUE

3) The basic goal of accounting information systems is to convert financial data into information.

TRUE

30) A hash total is a meaningless number that only is important for internal control purposes.

TRUE

30) Analyzing a company's value chain aids in the identification of a company's competitive advantages.

TRUE

30) Blinding permits a bank to issue digital cash so that it is unable to link the payer to the payee.

TRUE

30) Business continuity planning and disaster recovery, in general, mean the same thing.

TRUE

30) Observational evidence can be the most powerful form of evidence.

TRUE

30) The intent of using DFDs is to clearly separate the logical process of systems analysis from the physical process of systems design.

TRUE

32) A system such as an Internet store can be fully automated with no human intervention.

TRUE

32) A trailer label is the last record of an inventory file, which contains a record count of the number of records in the file.

TRUE

32) A well-prepared interview conducted by a skilled interviewer can sometimes result in a confession that completely unwinds a complicated case.

TRUE

32) GASB statement #34 requires utility companies to maintain business continuity plans.

TRUE

32) Transactions are used by auditors to verify account balances and internal controls.

TRUE

33) The forms distribution chart is closely related to the document flowchart.

TRUE

34) Internal control should be looked upon as part of a larger process within the organization.

TRUE

34) Intruders who attack information systems for fun and challenge are known as hackers.

TRUE

34) Polygraphs may sometimes be used to detect dishonesty in fraud investigations.

TRUE

34) The sandwich rule states that every process symbol should be placed between an input and output symbol.

TRUE

35) A merchant can obtain a third-party seal of approval, such as the AICPA's Web Trust, to assure its customers their privacy will be protected.

TRUE

36) A serious business problem today is the theft of data.

TRUE

36) Fraud investigator should immediately present the suspect with a written confession to sign once an oral confession is obtained.

TRUE

36) UML is a collection of modeling tools used to model the specifics of software development including functional equivalents of data flow diagrams, document flowcharting, and analytical flowcharting.

TRUE

37) A steering committee consists of high-level members of user functions such as manufacturing and marketing, as well as the head of the information system function and several of his or her staff.

TRUE

37) A structured form of analysis relevant to internal control reviews is an applications control matrix.

TRUE

38) An information center is a support facility for end users in an organization.

TRUE

38) Logic bombs are dormant pieces of code placed in programs for activation at a later date by a specific event.

TRUE

38) Loss recovery options include accepting the loss, collecting insurance if available, and pursuing the perpetrator in court.

TRUE

38) Someone who has personally observed the activities under review should complete an internal control questionnaire.

TRUE

38) The business process diagram focuses on the sequence of activities in a business process.

TRUE

39) A worm is any type of Trojan that silently spreads from one computer to another over a network, without the intervention of any individual or server.

TRUE

39) BPMN basic symbols include the task, sequence flow, gateway, and event symbols.

TRUE

39) Expert consultants provide expert opinions and analyses to attorneys.

TRUE

39) Ratings of the relative strength or reliability of controls may be entered in a control matrix.

TRUE

4) ISO 27002 is a widely accepted international standard for best practices in information security.

TRUE

4) Quick-response systems are essential to the total quality performance movement in business.

TRUE

4) Web commerce is a type of eCommerce and eCommerce is a type of eBusiness.

TRUE

40) Discovery is a process in which opposing parties can require each other and relevant parties to produce out-of- court evidence

TRUE

40) Implementing security measures and contingency plans help to control computer information threats.

TRUE

41) An example of a suspense file is a file of back-ordered items awaiting shipment to customers.

TRUE

42) The philosophy that one should do the right thing the first time is better known as TQM or TQP.

TRUE

43) Employees should be laid off or terminated with the greatest care because terminated employees account for a significant portion of all sabotage incidents.

TRUE

43) Managers can legally manipulate or manage reported financial statement figures within GAAP.

TRUE

43) RFID tags are used for tracking objects within a quick-response system.

TRUE

45) Internal auditors should report directly to the audit committee and operate completely independent of the CEO, the CFO, and top management.

TRUE

45) Software should not be installed on any computer without prior approval of security.

TRUE

46) A just-in- time manufacturing system is one form of lean manufacturing.

TRUE

48) No password system is of much value unless the passwords themselves are protected.

TRUE

48) The corporate culture plays a key role in fostering employee dishonesty.

TRUE

49) A program kept in a locked file is one which can be run but not looked at (i.e., code) or altered in anyway.

TRUE

49) ANSI X.12 is a public EDI standard.

TRUE

5) Auditors undertake compliance testing to determine the degree of reliance of existing internal controls.

TRUE

5) One reason for the worldwide popularity of the Internet is that it has brought universal standards of communication to all networks.

TRUE

50) Computer forensics is the application of computer science to computer-related matters that might come before a court.

TRUE

52) IP tracing is not a foolproof method.

TRUE

52) The problem with Web server attacks is that the Web server is essentially an extension of the operating system.

TRUE

53) Green IT states system design should include a plan for recycling and reusing system components.

TRUE

18) If no special symbol exists to depict a function, verbal descriptions are used in the flowchart.

FALSE

121) The basic symbols in a BPMN include A) task, sequence flow, gateway, and event symbols. B) process, flowline, input/output, and annotation. C) task, flowline, event, and comments. D) input/output, sequence flow, entities, and storage.

A

100) In a production planning system, the production status file is used as an input for which of the following groups of applications? A) Scheduling and cost accounting B) Cost accounting and planning C) Scheduling and reporting D) Reporting and cost accounting

A

100) The department responsible for collecting and maintaining time cards and reconciling these to job time summary tickets is the A) timekeeping department. B) payroll department. C) personnel department. D) production department (for factory workers).

A

102) In all operational systems it becomes necessary to make changes. A change made because of a computer programming error not detected until the system begins operation is typically caused by a(n) A) bug. B) virus. C) worm. D) unexpected design contingency.

A

104) Controls can be designed to provide a defense from both active and passive threats. An example of a passive threat is A) a rolling blackout. B) a Trojan horse. C) an unhappy employee. D) a password which has been compromised.

A

105) A significant difference between a cash sales business process and a cash-received- on- account business process is that A) no previous customer account balance exists in a cash sales business process. B) the float is shorter in a cash-received- on-account business process. C) more direct supervision is required in a cash-received- on-account business process. D) There is no significant difference between the two business processes.

A

105) Employers engaged in interstate commerce are required by law to pay overtime at a minimum of one and one-half times the regular rate for hours worked in excess of 40 per week. The law that requires this is called the A) Fair Labor Standards Act (FLSA). B) Federal Unemployment Tax Act (FUTA). C) Federal Income Tax Act (FITA). D) Federal Insurance Contributions Act (FICA).

A

106) In an application control matrix, row entries are A) controls. B) processing actions. C) either controls or processing actions. D) neither controls nor processing actions

A

100) The amount of cash receipts for August 12 is $6,389.42. For general ledger to post this amount, it must receive A) a journal voucher from cash receipts. B) the deposit slip from the bank for August 12 showing $6,389.42 as a deposit. C) a control total from accounts receivable. D) a journal voucher from cash receipts and a control total from accounts receivable.

D

101) The primary way to prevent active threats concerning fraud and sabotage is to implement successive layers of access controls. The second step behind the layered approach to access control is to A) prevent unauthorized access to both data and program files. B) physically separate unauthorized individuals from computer resources. C) classify all data and equipment according to their importance and vulnerability. D) keep unauthorized users from using the system.

D

96) Physical and document evidence include A) fingerprints. B) trace evidence. C) forged document. D) all of the above

D

C)

In practice, ________ databases outperform ________ databases in a wide range of common tasks that are typically performed in a business environment. A) object-oriented, relational B) conceptual, relational C) relational, object-oriented D) object-oriented, conceptual

C)

In the CUSTOMER record, the field NAME contains the word "Jones" along with 20 spaces after the last character. This is an example of a A) variable-length record. B) data item. C) fixed-length record. D) trailer.

A)

In the entity-relationship model, a diamond shape in a diagram represents A) a relationship. B) an entity. C) an attribute. D) an object.

10) Managements consideration of the relative costs for benefits of internal controls will often be subjective in nature.

TRUE

C)

In the object-oriented database modeling technique, an object class divided into subclasses represents an A) object. B) entity. C) inheritance relationship. D) object class.

D)

In data management terminology, a record occurrence is a A) secondary sort key. B) trailer record containing additional data. C) method of specifying variable-length records. D) specific example of a record structure.

C)

In the object-oriented modeling technique, an object class has the following structure: PAPER_INVENTORY (SUPPLIER_NO, DISCOUNT) What is the structure of the subclass COPY having the unique attributes QUANTITY and TYPE? A) COPY (QUANTITY, TYPE) B) COPY (SUPPLIER_NO, QUANTITY, TYPE) C) COPY (SUPPLIER_NO, DISCOUNT, QUANTITY, TYPE) D) COPY (PAPER_INVENTORY, QUANTITY, TYPE)

C)

In the record format STORE (STORE_NO, CITY, VEND#1,VEND#2) which field is repeated? A) STORE B) CITY C) VEND D) STORE_NO

B)

In the record format STORE (STORE_NO, CITY, VEND#1,VEND#2) which field is the key? A) STORE B) STORE_NO C) VEND D) CITY

A)

In the record format STORE (STORE_NO, CITY, VEND#1,VEND#2) which field is the parent? A) STORE B) CITY C) VEND D) STORE_NO

10) Systems techniques assist the analyst in the collection and organization of facts.

TRUE

D)

The basic economics of file processing are largely determined by the activity ratio, which is the A) number of times a master file is accessed during a period. B) average number of transactions contained in a transaction file. C) number of accessed records times the number of records in the file. D) number of accessed records divided by the number of records in the file.

27) Digital cash and real cash are virtually identical because digital cash can only be "spent" once.

FALSE

27) ERP II adds an Enterprise Application Suite (EAS) to aid in the communication between functional areas.

FALSE

27) HIPO structures a "bottom-up" strategy in structured systems analysis and design.

FALSE

140) Hackers can be categorized as white, black, or ________ hat hackers. A) gray B) green C) top D) None of these answers is correct.

A

115) The preparation of forecasts and analyses used by management in planning and controlling the operations of the organization is generally a(n) A) budgeting function. B) tax planning function. C) accounting manager function. D) treasurer function.

A

137) Rational Unified Process relies on a(n) A) iterative approach. B) traditional approach. C) object oriented approach. D) It does not use any of these approaches.

A

106) Individuals who respond more to audio stimuli typically A) look down and to the left when recalling information. B) look up and to the left when recalling information. C) look down and to the right when recalling information. D) look up and to the right when recalling information.

A

106) Regarding Web application coding, one could correctly say that A) server-side scripting is more popular than client-side scripting. B) server-side scripting is less popular than client-side scripting. C) server-side scripting and client-side scripting are equally popular. D) None of the above is correct.

A

106) Systems design follows the top-down approach; This means A) going from the general to the specific. B) beginning with the needs and desires of top management and then considering other users needs down to the factory-floor level. C) going from specific program code to general descriptions of the system. D) starting with a central computer system and then implementing systems for individual departments.

A

106) The label "www.google.com" is an example of a A) domain name. B) fixed IP address. C) domain name server. D) dynamic IP address.

A

106) What language facilitates business-to- business commerce through the extended value chain, which includes both manufacturers and their suppliers?a) VCML B) XBRL C) HTML D) COBOL

A

107) An example of a fault tolerance at the network communications level is A) a watchdog processor. B) disk mirroring. C) rollback processing. D) an uninterruptable power supply.

A

107) If the treasury and controller functions are independent, which of the following should be assigned to the controller to maintain effective control? A) Approval of disbursements B) Responsibility for check signing C) Custody of short-term investment securities D) Authorization of write-offs of accounts receivable

A

107) The Public Company Accounting Oversight Board (PCAOB) has encouraged a risk-based approach to test the effectiveness of ___ as they relate to financial audits. A) internal controls B) security processes C) financial misstatements D) fraud exposure

A

107) The predetermined overhead application rate is computed as A) budgeted overhead cost divided by budgeted activity. B) total labor cost divided by total machine hours. C) budgeted activity divided by budgeted overhead cost. D) total machine hours divided by total labor cost.

A

107) Which is an example of server-side scripting? A) Java B) PHP C) Ruby D) None of the above is server-side scripting.

A

108) Ben Black works as an instructor at Cheyenne School, whose domain name is Chey. Ben Blacks user name is bblack. Cheyenne School;s e-mail system uses the POP protocol. Ben Black;s e-mail address is A) [email protected]. B) [email protected]. C) [email protected]. D) [email protected].

A

108) Since many personal computer users do not properly back up their files, a system that centralizes the backup process is essential. A backup of all files on a given disk is known as a(n) A) full backup. B) differential backup. C) incremental backup. D) emergency backup.

A

109) Once system design alternatives have been laid out and documented, they must be evaluated. The primary criteria for selecting the alternative for implementation purposes should Be A) cost versus benefits. B) simplicity versus complexity. C) user acceptance of the alternative. D) feasibility.

A

110) COBIT has four domains that include A) plan and organize, acquire and implement, deliver and support, and monitor and evaluate. B) analysis, design, implement, and feedback. C) plan, build, implement, and evaluate. D) analysis, build, train, and implement.

A

110) Financial statement fraud differs from earnings management in terms of A) legality. B) terminology. C) procedures. D) the parties involved.

A

110) Under the SPICE approach, the processes are categorized into the below except A) communicating. B) customer-supplier. C) engineering. D) supporting.

A

111) A design proposal explains that the system will include both manual and computer procedures for reconciling batch totals. This explanation A) shows internal control effectiveness exists at the cost of some efficiency. B) is not accurate. C) should not be included in the design proposal. D) should be included in both the systems analysis report and the design proposal.

A

111) Monitoring, the fifth component of internal control, involves A) assessing the quality of internal controls over time and taking corrective actions if necessary. B) studying the methods used and records established to identify, assemble, analyze, classify, record, and report the organizations transactions. C) maintaining accountability for the financial structure (i.e., assets and liabilities) of the organization. D) assessing and managing the risks that affect the organizations objectives.

A

111) The bill of material module in the MRP II system is used to communicate the structure of a product, as it is in MRP. The MRP II system extends this module's capability to include A) maintenance of engineering or product drawings from a CADD system. B) the sequence of operations required to manufacture a component or assembly. C) maintaining the assembly schedules for specific configurations. D) creating a packet that contains order, material list, routing, and drawing information.

A

112) The primary way to prevent active threats concerning fraud and sabotage is to implement successive layers of access controls. However, the widespread adoption and use of the Internet has made it impossible to completely implement which layer of the layered-access approach to security? A) Site-access B) System-access C) File-access D) None of these answers is correct.

A

114) In the project development environment, serving to manage the communication chain is the A) project collaboration platform. B) software versioning system. C) integrated development environment. D) application solution stack.

A

114) Which of the following design considerations applies to report or document outputs? A) Relevance B) Integration C) Uniformity D) Accuracy

A

138) The object-oriented approach focuses on defining A) objects. B) services. C) units. D) All of the above are a part of the object-oriented approach.

A

115) Which item listed below is a weakness of using a firewall for Internet security? A) IP addresses can be spoofed. B) Firewalls can block incoming access on computer networks. C) Firewalls can block outgoing access on computer networks. D) Firewalls can be set to only allow limited outgoing access to particular programs or servers.

A

115) Which of the following best describes the fraud scheme that involves an employee pocketing cash but not recording its collection? A) Sales skimming B) Robbing the cash register C) Swapping checks for cash D) Shortchanging the customer

A

116) Which of the following procedures would deter the lapping of accounts receivable? A) Segregation of accounting duties B) Training cashiers to follow strict procedures for making change C) Performing reconciliations on a register-by- register basis and separately for each cashier shift D) Limiting employee after-hours access to company resources

A

118) The general trend is toward more ___ development, and some feel that eventually all end-user software will run in Web browsers. A) client-side B) server-side C) end-user D) object-oriented

A

118) Which of the following database design techniques shows the interrelationships between various kinds of records? A) Data structure diagrams B) Record layouts C) File-related matrices D) File analysis sheets

A

120) An imprest fund accounting system can be used to minimize A) theft of petty cash. B) fraudulent financial reporting. C) theft of company checks. D) fraudulent returns.

A

120) In service-oriented architecture (SOA), an important part of the application development framework is the A) BPEL. B) IDE. C) UML. D) OMG.

A

121) A company which specializes in processing the data of other companies, but not its own, is a(n) A) computer service bureau. B) commercial vendor of disaster services. C) emergency response center. D) flying-start site.

A

121) The primary objectives of computer forensics include studying computers and computer networks in order to A) identify perpetrators of crimes or undesirable behavior. B) locate existing data. C) deconstruct databases D) identify alternate site centers.

A

121) Which of the following is not a benefit of electronic data interchange (EDI)? A) Electronic mail messges are interpreted by humans. B) EDI eliminates paper. C) EDI saves time. D) EDI may allow for EFT payments to vendor accounts.

A

123) Comparison analysis involves the process of A) comparing the content of computer files in order to determine any differences between them. B) determining the content of files and electronic communications. C) locating and extracting data of interest from computer-storage devices. D) converting data from one format to another.

A

124) When evaluating purchased software it is often helpful to use a decision table format to consider various issues and potential problems with the software. A question (or questions) to be asked in a decision table which might uncover any skeletons in the closet regarding a software package is A) How many other installations that are second-reference organizations; have used the software, and for how long? B) How stable is the software vendor? C) How closely does the software fit the needs of the company? D) How flexible is the software?

A

125) If users are permitted to choose their own passwords, the best procedure is to A) forbid users from choosing certain ;easy-to- guess; passwords. B) forbid users to change their passwords later. C) allow users to choose passwords they can easily remember. D) allow users to choose the appropriate expiration date for their passwords.

A

125) Which of the following is not one of the criteria of the design specification step of the systems approach to design? A) Using a team approach in many cases B) Sufficient detailed specifications for implementation process C) Identification of system inputs D) Strategies for producing system outputs

A

126) Which of the following is not an objective of a design group or project team charged with creating and implementing a new information system? A) Securing funding for a new information system B) Identifying needs to be satisfied by a new system C) Developing technical specifications for a new system D) Implementation of a new system

A

127) After a planning committee has been appointed and the support of senior management has been obtained, the first step in designing a disaster recovery plan is A) determining what computer-related resources are critical. B) naming an emergency response team. C) finding a suitable alternative processing site to use in an emergency. D) listing the company's recovery priorities.

A

128) It is normal for deficiencies in a systems plan to only become obvious during the A) design and implementation phases. B) planning and analysis phases. C) planning and design phases. D) If the systems plan is correctly executed, deficiencies will not be present.

A

130) Systems development means defining, shaping, and reshaping the four enterprise architectural domains of A) business, information, application, and technical architectures. B) business, software, implementation, and training architectures. C) software, hardware, training, and maintenance architectures. D) software, information, hardware, and reporting architectures.

A

131) A type of processing that writes a transaction to disk only if it has been completed successfully is A) rollback processing. B) disk mirroring. C) fault-tolerant processing. D) read-after- write checking.

A

132) Green IT is concerned with A) reducing e-waste by reusing and or refurbishing IT products. B) using less fuel in the creation of IT systems. C) designing more efficient systems in order to reduce necessary storage requirements. D) Green IT is concerned with all of the above.

A

135) The three objectives of information security include A) confidentiality, integrity, and availability. B) protection, responsibility, and continuity. C) confidentiality, protection, and continuity. D) responsibility, integrity, and availability.

A

136) Which officer, department, or division within an organization is responsible for monitoring the other departments to ensure that the organization's policies and procedures are being carried out? A) Internal auditing B) Vice President for Administration C) Chief Information Officer D) A steering committee

A

150) Which statement regarding internal control is false? A) Documentation is not a critical component of an internal control system. B) Ideally, a task can be divided to make job functions as natural checks on each other. C) A specific person should ideally be responsible for each task or job function. D) All records should allow cross-referencing from one area of responsibility to another.

A

151) ________ computing involves clusters of interlinked computers that share common workloads. A) Grid B) Cloud C) Networked ]D) Malware

A

156) In the following, which source of information security frameworks or standards targets managers rather than IP professionals? A) COSO B) ISMS C) COBIT D) ISO

A

57) Management and auditors must be concerned with evaluating the existence and functioning of controls as they are necessary to protect against the risk of A) material misstatements. B) fraud. C) management misrepresentations. D) human errors.

A

60) A domain name is A) an alias name that can be used in place of an IP number. B) an alias name that can be used in place of an ISP. C) a series of numbers such as 207.49.159.2. D) used by a firewall to keep intruders out of a network.

A

61) ERP can check to see whether a contract exists with a vendor to fill the requirements of a purchase requisition. If no vendor is available, ERP will A) prepare a request for quotation. B) prepare a quotation. C) select an appropriate vendor. D) issue a warning diagnostic to the user about the situation.

A

61) One major difference between an organization's intranet and the Internet is A) the intranet may be totally unavailable to outsiders. B) the Internet may be totally unavailable to outsiders. C) an intranet user almost never can access the Internet. D) the Internet operates over a local area network.

A

62) A list of activities that is strategic to the project to keep it on schedule is called A) the critical path. B) a PERT diagram. C) a Gantt chart. D) the manager priority matrix.

A

63) Confirming the existence, assessing the effectiveness, and checking the continuity of the operation of the internal controls upon which reliance is placed is called A) compliance testing. B) financial statement auditing. C) auditing around-the- computer D) substantive testing.

A

64) GTIN stands for A) Global Trade Item Number. B) Global Tracking Item Number. C) Global Tracking Identifying Number. D) Global Trade Identifying Number.

A

64) The protocol that specifies the format of all documents on the World Wide Web is A) HTML B) hyperlinks C) URL D) ciphertext

A

64) Which of the following symbols should not be used to specify an input/output operation? A) Decision symbol B) Document symbol C) Off line storage symbol D) Communication link

A

66) An outline agreement detailing the total quantity of material to be ordered over a period of time is a A) quantity contract. B) value contract. C) scheduling agreement. D) subcontract.

A

66) Intentional or reckless conduct, whether intentional or not, and which results in materially misleading financial statements, is called A) fraudulent financial reporting. B) corporate crime. C) management fraud. D) None of these answers are correct.

A

66) The comparison of input to output is known as auditing A) around-the- computer. B) through the computer. C) with the computer. D) without the computer.

A

66) Which of the following contain subsets of the data contained in the operational database and data warehouse? A) Data marts B) Data mining warehouse C) OLAP D) All of these answers are correct.

A

68) An outline detailing the goods or services to be provided to a customer is a(n) A) contract. B) inquiry. C) quotation. D) sales order.

A

69) Perhaps the most important step regarding the success of a systems development project is A) employee training. B) conversion. C) detailed system design. D) operational training.

A

69);Amounts due to vendors should be accurately and promptly classified, summarized, and reported" is a representative control objective of the A) revenue cycle. B) finance cycle. C) production cycle. D) expenditure cycle.

A

70) Information technology is used to perform some audit work that otherwise would be done manually. The use of information technology by auditors is A) essential. B) mandatory under AICPA Statements of Auditing Standards. C) optional. D) at the sole discretion of the manager in charge of the audit.

A

70) The document which gives authorization to the production department to manufacture a product is a A) production order. B) materials requisition. C) purchase order. D) sales forecast.

A

71) A warehouse employee uses a document to fulfill a customer order. The employee is most likely using a A) picking list. B) packing list. C) bill of lading. D) shipping advice.

A

72) An internal auditor conducts an information systems audit using the professional standards promulgated by the A) Institute of Internal Auditors. B) American Institute of Certified Public Accountants. C) Institute of Management Accountants. D) Information Systems Audit and Control Association.

A

72) The department that receives copies of materials requisitions from both the inventory control function and the production department is A) accounting. B) sales. C) accounts payable. D) purchasing.

A

72) Which of the following activities occurs during the detailed systems design phase? A) Computer programming B) File conversion C) Documentation D) Evaluation

A

73) In the SAP ERP system, how many types of customer records must be created and maintained? A) Four B) One C) Six D) Two

A

73) The Sarbanes-Oxley Act of 2002 imposes certain requirements and restrictions on A) management. B) auditors. C) audit committees. D) All of these answers are correct.

A

75) Which feature below would not be considered a highly convenient feature for consumers of an Internet store transaction? A) Consumers usually must wait for delivery of items purchased via delivery by third parties. B) Internet store transactions can be completed without any human intervention on the part of the vendor. C) Internet stores are "open" 24 × 7 with virtually worldwide access. D) Internet stores accept most credit cards.

A

75) Which of the following analytic flowcharting symbols is most appropriate to represent the accounts receivable subsidiary records? A) The basic input/output symbol B) The basic manual operation symbol C) The document symbol D) None of these answers are correct.

A

75) Which of the following procedures uses only auditor-prepared test transactions? A) The test data approach B) Integrated test facility C) Parallel simulation D) Embedded audit routines

A

76) In a HIPO chart of a payroll system, which of the following activities would appear higher in the chart than the other activities? A) Calculate gross pay B) Accumulate hours worked C) Find correct pay rate D) Look up authorized deductions

A

79) Which of the following is not a concern regarding the storage and handling of inventory items? A) Price paid per unit B) Protection against damage or spoilage C) Avoidance of obsolescence D) Security against embezzlement

A

79) ________ servers and ________ servers make applications and data in databases available to remote clients. A) Application; database B) Application; mail C) File; database D) Web; mail

A

80) From a cost standpoint, the phase of systems development in which major errors can become quite costly in later stages of development is A) systems analysis. B) systems design. C) systems implementation. D) systems planning.

A

80) In a logical data flow diagram for a payroll system, the employees' time cards would best be represented by which of the following symbols? A) The terminator symbol B) The process symbol C) The data store symbol D) The data flow symbol

A

80) Input concerning whether manual invoicing is required or if a customer is entitled to rebates in the SAP ERP system can be found in the A) billing screen. B) sales screen. C) payment transactions screen. D) account management screen.

A

80) The most expensive approach to final systems testing is A) parallel operation. B) modular conversion. C) the direct approach. D) the file conversion approach.

A

81) The department or division of larger organizations which is responsible for monitoring and evaluating controls on an ongoing basis is A) internal auditing. B) external auditing. C) internal affairs. D) division monitoring.

A

81) To do a blind count, the receiving department A) should receive a copy of the purchase order with the quantities omitted. B) should not receive a copy of the purchase requisition. C) should not receive a copy of the purchase order. D) should prepare the receiving report only after the count is completed.

A

82) The SAP ERP system requires a customer master record for each customer. A one-time customer of the company A) can be passed through the system by using a dummy customer master record. B) should be manually billed using a 30-day account, thus bypassing the SAP ERP system. C) must pay cash and pick up the goods from the companys shipping dock. D) must be set up using detailed records in the SAP ERP system like any other customer.

A

83) With respect to the segregation of duties, the main function of cash disbursements is A) custody of assets. B) authorization. C) reconciliation. D) recording of transactions.

A

84) Which of the following is the best internal control over fixed assets? A) Analyze monthly variances between authorized and actual expenditures. B) Establish a written company policy distinguishing between capital and revenue expenditures. C) Require acquisitions to be authorized by user departments. D) Use a budget to control acquisitions and retirements.

A

85) The main responsibility of the systems development steering committee is A) overall planning and control of the systems development effort within the organization. B) to oversee the work of systems analysts. C) to become involved in the details of specific development projects. D) to provide a positive image of the establishment of systems development.

A

85) Which of the following is not a specialized process symbol? A) The connector symbol B) The manual operation symbol C) The decision symbol D) The preparation symbol

A

86) A significant benefit of the quantitative approach to risk assessment is that A) often the most likely threat to occur is not the one with the largest exposure. B) the relevant cost of the loss occurrence is an estimate. C) the likelihood of a given failure requires predicting the future. D) the approach estimates the costs and benefits to the perpetrators of attacks.

A

86) Using embedded audit routine technology, an auditor may program a module so that the test limits can be altered as desired. This approach has been termed A) sample audit review file. B) in-line coding. C) system control audit review file. D) off-line auditing.

A

87) In addition to project team organization, the project leader has several other primary responsibilities. Which of the following would not be a primary responsibility of the project leader? A) Database administration B) Allocation of resources C) Task assignment D) Status reporting

A

87) Which of the following describes the point at which systems project costs should be quantified? A) Identifying and prioritizing potential projects for systems development B) Developing a strategic information systems plan C) Assembling the project team D) Preparing the systems proposal

A

87) Which of the following is not a common internal accounting control procedure in a property business process? A) Having physical inventories of property taken periodically under the supervision of staff who are responsible for the custody of the assets B) Requiring authorization by an official or committee for expenditures over a certain amount C) Reconciling detailed subsidiary property records with the control accounts at least annually D) Having the property appraised periodically for insurance purposes

A

89) The guiding philosophy behind factoring a project into detailed activities is A) top-down design with successive refinement. B) to schedule all activities according to CPM methodology. C) to use analytic flowcharts to factor a project into modules. D) to allow individual personnel to choose their own assignments.

A

89) The method used to exploit an interesting pattern relating to the first digit of numbers appearing in a random data set is called A) the Benford analysis. B) the regression analysis. C) the vulnerability analysis. D) the pattern analysis.

A

89) Which of the following would not be appropriate to head a column in an analytic flowchart? A) Remittance advice B) Production department C) Purchasing department D) Cashier

A

89) Which two information system auditing technologies are very similar? A) Snapshot and extended records B) ITF and ACL C) Snapshot and ACL D) Extended records and ITF

A

91) An analysis of the systems survey contains a A) summary of the systems strengths and weaknesses. B) cost comparison of different software packages. C) review of information needs. D) listing of input requirements.

A

91) Type 2 errors occur when A) a fraud indicator fails to signal fraud. B) a fraud indicator falsely signals fraud. C) a fraud indicator turns out not to be a fraud indicator. D) all of the above

A

92) Which individual listed below is placed in a position of great trust, normally having access to security secrets, files and programs? A) Systems supervisor B) Programmer C) Computer maintenance person D) Data control clerk

A

93) A manufacturing systems flexibility and speed of response depends largely on the degree to which its components are integrated. Which technology below would effectively integrate the companys system with the systems of its suppliers and customers? A) EDI B) Automatic identification C) Distributed processing D) All of these answers are correct.

A

93) One process, which is transparent to customers and has a beneficial effect on the companys cash flow, is to A) implement a cycle billing plan. B) factor accounts receivable. C) decrease the amount of time in which customers have to pay their monthly invoices. D) Answers B and C are both correct.

A

93) The auditor performs a review of systems documentation A) during the initial audit phase. B) throughout the audit at the beginning of each audit phase. C) during the intermediate phase, after becoming familiar with the basic approach to be taken. D) during the final audit phase, giving the auditor a chance to first become familiar with all of the company operations.

A

93) The second major phase of systems analysis is information needs analysis. This phase A) focuses on the general information needs of particular applications. B) concentrates on the report formats that the new systems will output. C) is concerned with specific managerial decisions and their inputs. D) None of these answers is correct.

A

93) Which one of the following identifies the necessary information to maintain a built-up voucher system? A) All approved invoices awaiting payment, paid invoices, and the vendor subsidiary ledger B) All approved invoices awaiting payment C) All paid and unpaid invoices D) A vendor subsidiary ledger and paid invoice file

A

94) The ________ serves as a central switchboard for communications between all enterprise services and applications. A) enterprise service bus (ESB) B) application interface (AI) C) enterprise architecture (EA) D) data warehouse (DW)

A

95) A defrauder substitutes his own version of a companys master file for the real one. This method of computer fraud is known as A) direct file alteration. B) data theft. C) misappropriation of information resources. D) Answers B and C above are both correct.

A

95) A(n) ________ is a group of loosely connected companies that work together to maximize the value of their economic outputs. A) extended enterprise B) enterprise resource planners C) enterprise suite D) value chain consortium

A

95) The marking of a form or document to direct or restrict its further processing is called A) an endorsement. B) a restriction. C) blocking. D) a cancellation.

A

96) Identifying transaction documents to prevent their further or repeated use after they have performed their function is known as A) cancellation. B) restriction. C) blocking. D) endorsement.

A

96) In the ERP HR modules, several infotypes for the same object can exist at the same time, but only one infotype for the object is valid. In such a case, the other infotypes are referred to as A) delimited. B) invalid. C) archived. D) parents.

A

96) Materials costs in system application development projects primarily consist of A) computer use charges for program development and testing. B) wages and salaries paid to project team members. C) supplies used by the project team during the course of the project. D) pro-rated amounts for temporary office space used by the project team.

A

97) A signed confession is A) a court-admissible evidence. B) protected under the umbrella of attorney-client privilege. C) a physical evidence. D) not admissible in court.

A

97) The component of an audit whose objective is to establish the degree of reliance that can be placed on the organization's internal control structure is called A) the interim audit. B) the financial statement audit. C) work paper verification.D) the internal audit.

A

97) The phase of an information systems audit in which an audit program is created is the A) first phase. B) second phase. C) third phase. D) fourth phase.

A

98) A formal technique used by the systems analyst to summarize related data inputs and outputs is A) matrix analysis. B) work measurement. C) flowcharting. D) decision analysis.

A

99) A form of sabotage in which very large numbers of requests flood a Web server within a short time interval is known as a A) denial of service attack. B) logic bomb. C) macro virus. D) grid overload.

A

D)

A transaction log that is "tagged" means that A) it has been catalogued in the EDP library. B) it is full and cannot hold any more information. C) it has been key verified and data edited. D) additional, audit-oriented information is included with original transaction data.

B)

An essential input field that should contain data is empty. The data edit control that would detect this error is a A) limit check. B) completeness check. C) sequence check. D) hash total check.

C)

An extra digit added to a code number verified by applying mathematical calculations to the individual code number characters is a A) control digit. B) hash digit. C) check digit. D) verification digit.

D)

As a control procedure, key verification requires that A) user departments key all of their own data. B) input fields are visually verified. C) key mismatches are electronically corrected. D) each source document is key-transcribed a second time.

100) Information systems application audits differ from information systems audits because application audits A) are divided into four general areas, each of which has three phases. B) involve reviewing input, processing, and output controls. C) are directed at the activities of systems analysts and programmers. D) focus primarily on fact-finding in the areas selected for audit.

B

102) The primary way to prevent active threats concerning fraud and sabotage is to implement successive layers of access controls. Withholding administrative rights from individual PC users is an example of a A) file access control. B) system access control. C) site access control. D) None of these answers are correct.

B

104) A branching table may be used to A) validate the degree of reliance placed on an organization's internal controls. B) document the decision logic in a computer program. C) document work measurement analysis. D) validate the computing speed of a program.

B

105) After the introductory and informational questions, suspects will be presented with A) additional informational questions. B) admission seeking questions. C) assessment questions. D) concluding questions.

B

105) Which of the following reports specifies production cost variances? A) Completed production cost report B) Resource usage report C) Factor availability report D) Production order report

B

106) A grocery store customer will be given a gallon of ice cream if his or her receipt has a red star stamped on it. The idea behind this technique from an accounting control standpoint is to A) promote the dairy industrys ;Got Milk; campaign. B) have the customer audit his or her cash receipt. C) keep the customer happy. D) Answers A and C are both correct.

B

107) Which illustration is not an example of a customer audit technique? A) Providing a customer with a remittance advice that must be returned with payment B) Pricing items at $1.00 rather than 99 cents so the customer does not expect change C) Entering the customer in a prize contest if he or she calls a number and provides feedback about the purchase D) All of these answers are correct.

B

109) Which of the following would impair the effectiveness of the separation of incompatible functions in an organization? A) The personnel director reports to the vice president for administration. B) The controller reports to the vice president of sales. C) The cashier reports to the treasurer. D) The director of budgeting reports to the controller.

B

110) Flowchart symbols that represent the I/O function and the medium upon which the information is recorded, and/or the manner of handling such information, are known as A) basic input/output symbols. B) specialized input/output symbols. C) LDFD symbols. D) HIPO hierarchy chart modules.

B

110) One Internet security problem arises from configuration problems in the area of configuring permissions for directories. This is an example of A) an operating system vulnerability. B) a Web server vulnerability. C) a private network vulnerability. D) server program vulnerability.

B

110) The SEC Interpretive Guidance & Managements Report on Internal Control Over Financial Reporting; approved in 2007, focuses management on internal controls that best protect against risk of material ________ in financial statements. A) fraud B) misstatements C) negligence D) mistakes

B

111) Under SPICE a process is scored based on a 6-point A) difficulty level. B) capability level. C) scale of intelligence. D) management rating.

B

111) When information levels within an organization are viewed as a pyramid, strategic information is used primarily by A) lower-level management. B) top-level management. C) middle management. D) lower-level and middle management.

B

125) _______is the only IP that is visible on the Internet. A) LAN IP B) WAN IP C) Dynamic IP D) ISP IP

B

128) Sandra Johnson is her company's chief security officer. She is interested in obtaining fault tolerance at the direct-access storage device level. Which of the following methods would be of most interest to her? A) Rollback processing B) Disk mirroring C) Consensus-based protocols D) Database shadowing

B

133) Service-oriented architecture relies on developing small independent pieces of software Called A) groups. B) services. C) units. D) prototypes.

B

134) The ________ makes it a federal felony for anyone other than law enforcement or intelligence officers to pretext phone records. A) Computer Fraud and Abuse Act of 1986 B) Telephone Records and Privacy Protection Act of 2006 C) Gramm-Leach- Bliley Act D) Health Insurance Portability and Accountability Act

B

145) A report prepared exclusively for use by this group is almost always mandatory. A) The company's labor union B) The Internal Revenue Service C) The company's main bank D) The company's main supplier of its raw materials

B

149) An accounting information system plays a key role in the internal control process, thereby helping management with its major responsibility of A) managing the internal audit function. B) stewardship. C) global-level marketing. D) managing the production cycle.

B

150) All software and data is stored by the SaaS provider in the A) hypervisor. B) cloud. C) stars. D) grid.

B

153) Botnets are normally used for which of the following? A) Grid computing B) Denial of service attacks C) Continuity planning D) Cloud computing

B

155) On the local workstation, cloud computing A) complicates security considerations. B) simplifies security considerations. C) is not involved with security considerations. D) affects security minimally but still must be considered under ISO 27000.

B

59) The final step in the procurement process should be A) preparation of the purchase order. B) vendor payment. C) receipt of the goods. D) invoice verification.

B

60) The acronym for the organization responsible for standardizing flowchart symbols is A) FASB. B) ANSI. C) AICPA. D) CMA.

B

61) Auditing through the computer refers to A) substantive tests. B) compliance tests. C) transaction tests. D) application control tests.

B

64) A financial statement audit A) consists only of compliance testing of account balances. B) has the objective of verifying financial statement figures to render a professional opinion of the financial statements. C) has the objective of establishing the degree to which the internal control system can be relied Upon. D) None of these answers is correct.

B

64) The first major step in systems implementation is A) review the systems design. B) establish plans and controls. C) evaluate the new system. D) execute activities.

B

65) Which of the following activities is optional in the customer order business management process? A) Order entry B) Contract creation C) Shipping D) Billing

B

66) The document that shows the order in which activities may be performed and may be expanded to include estimated times for each individual activity is the A) Gantt chart. B) network diagram. C) PERT diagram. D) CPM diagram.

B

67) In an analytic flowchart, the symbol which could be used to indicate the payroll data is the A) connector symbol. B) magnetic disk symbol. C) terminator symbol. D) decision symbol.

B

67) The verification of controls in a computer system is known as auditing A) around-the- computer. B) through the computer. C) with the computer. D) without the computer.

B

68) Goods receipt documents can be prepared in several ways. Which way below would not be used when preparing a goods receipt document? A) By the Inventory Management system B) By allowing accounts payable to prepare the document C) By reference to the purchase order D) Posting the goods receipt document into quality inspection

B

68) Which of the objectives listed below is not considered part of the internal control process? A) Compliance with applicable laws and regulations B) The prevention of fraud and embezzlement C) Effectiveness and efficiency of operations D) Reliability of financial reporting

B

71) An external auditor conducts an information systems audit using the professional standards promulgated by the A) Institute of Internal Auditors. B) American Institute of Certified Public Accountants. C) Institute of Management Accountants. D) Information Systems Audit and Control Association.

B

71) Section 102 of the Federal Foreign Corrupt Practices Act of 1977 (FCPA) applies to A) all public and privately held U.S.-based companies. B) all companies subject to the Securities Exchange Act of 1934. C) any publicly held company, whether it is a for-profit or non-profit entity. D) all foreign-owned companies currently operating in the United States.

B

74) The Sarbanes-Oxley Act of 2002 explicitly deals with the non-audit services which auditors can provide to their audit clients. Certain non audit services may be permissible, without prior approval of a companys audit committee, if the non-audit services A) constitute less than 5% of the audit fees for the corporation. B) constitute less than 5% of the audit fees for the corporation and are not specifically identified as being barred by SOA 2002. C) constitute less than 20% of the audit fees for the corporation D) Auditors are barred from any and all non-audit services for their audit clients according to SOA 2002.

B

76) Electronic commerce poses many problems with consumer;s privacy. Small pieces of information that are placed on a user's computer by an electronic merchant are called A) spybots. B) cookies C) worms. D) viruses.

B

76) The information systems auditing technique that uses special software to monitor the execution of a program is called A) embedded audit routines. B) mapping. C) a snapshot. D) tracing.

B

77) The process of changing input data into a format readable by the new system hardware is called A) testing. B) file conversion. C) evaluation. D) documentation.

B

78) Which of the following accesses the purchase order database during the processing of a purchase order? A) General ledger and accounts payable B) Accounts payable, stores, and the receiving department C) Receiving department, stores, and the general ledger D) Accounts payable, stores and the general ledger

B

79) A company that uses the SAP ERP system wants to identify the areas within their company that have responsibility to a certain customer. The screen that should be used to enter this information is A) correspondence. B) sales. C) billing. D) initial.

B

79) The testing approach in which the new system is phased in a segment at a time is A) parallel operation. B) modular conversion. C) the direct approach. D) the file conversion approach.

B

82) The two broad categories of transaction control are A) general controls and specific controls. B) general controls and application controls. C) general controls and basic controls. D) basic controls and application controls.

B

83) The ________ architecture defines the needed data and how it is to be stored, processed, utilized, and integrated with other domains. A) business B) data C) application D) technical

B

85) Which of the screens listed below in SAP ERP system is not optional when a company records information relating to a sale? A) Pricing B) Create sales order C) Business data header D) Scheduling

B

87) The technique that is characterized by a series of charts that represent the system at increasing levels of detail is called A) analytic flowcharting. B) HIPO. C) IPO. D) logical data flow diagram.

B

87) ________ store relatively current transaction data for quick access by management in support of tactical decision making. A) Data warehouses B) Operational databases C) Relational databases D) Data marts

B

88) Solids modeling, finite-elements analysis, and automated drafting are common capabilities of A) CIM. B) CADD. C) CAM. D) MRP II.

B

88) The major problem faced by any project team is A) scheduling. B) uncertainty. C) resources. D) managerial support.

B

88) Which of the following is not a major control feature of the cash disbursements business process? A) Use of a voucher system B) Use of an imprest fund C) An independent bank reconciliation D) Separation of approval from actual payment

B

88) Which of the following is often the key motivation for the system developers to establish good relationships with current and future users of the system? A) The users expertise is essential to designing the technical specifications of the new system. B) The success or failure of the new system will depend heavily on the support of the eventual users. C) Users often are responsible for the subsequent evaluation of the developers. D) Users often determine budgets and timetables for systems projects.

B

90) A ________ interface is used for access and manipulation of data in the operational database. A) decision support B) transactional C) graphical user D) relational

B

90) Organizational structure is part of which component of internal control? A) Control activities B) Control environment C) Information and communication D) Monitoring

B

90) The system that uses statistical process control to determine whether a manufacturing process is within limits is A) CADD. B) CAM. C) CIM. D) MRP II.

B

90) Type 1 errors occur when A) a fraud indicator fails to signal fraud. B) a fraud indicator falsely signals fraud. C) a fraud indicator turns out not to be a fraud indicator. D) all of the above

B

90) Which of the following information system auditing technologies produces a printed audit trail of computer processing? A) Extended records B) Snapshot C) Sample audit review file D) System control audit review file

B

91) There are various approaches to an accounts receivable application. The approach in which a customers remittances are applied against a customers total outstanding balance is called A) aging schedule processing. B) balance-forward processing. C) open-item processing. D) None of these answers is correct.

B

93) There is no general agreement of standard project phases and tasks in current project management literature and therefore there are no commonly accepted time estimates or standard processing rates. However, there is agreement as to several points related to the estimation process. Which of the following is not an agreed-upon point in the estimation process? A) Estimates are only estimates no matter how well thought out. B) Initial estimates regarding time and costs are almost always too high. C) The accuracy of estimation improves considerably as a project proceeds toward completion. D) Costs are frequently higher than originally estimated.

B

94) A system that manages all contacts with customers is a ________ system. A) customer value chain B) customer relation management C) customer supply chain management D) customer requirements planning

B

94) SAP ERP contains more than one human resource module. The module that incorporates organizational structure represented as an administrative hierarchy composed of units is A) time management. B) personnel planning and development. C) payroll. D) personnel administration.

B

94) The method used in most cases of computer fraud is A) program alteration. B) input manipulation. C) data theft. D) sabotage.

B

94) To provide an adequate separation of functions in the accounts receivable business process, maintaining the subsidiary accounts receivable ledger should be the responsibility of A) billing. B) accounts receivable. C) cash receipts. D) general ledger.

B

94) Which of the following is false regarding the standard UPC bar code system? A) Both customer and supplier can use the same UPC product code. B) Problems with vendor-based coding usually result when a vendor uses different codes for different items. C) UPC assigns a six-digit code to each vendor. D) UPC coding is vendor-based coding which can be applied at any point.

B

95) Which of the following is not true with respect to the use of systems techniques by auditors? A) Systems techniques assist the auditor in evaluating a client's internal control. B) Systems techniques replace audit working papers. C) Auditors rely on systems techniques to assist with compliance testing. D) Auditors use systems techniques as part of their documentation for their audit working papers.

B

96) A(n) ________ system encompasses the planning and management of all activities involved in sourcing, procurement, conversion, and logistics management activities. A) CRM B) SCM C) DSD) ES

B

96) Primary value chain activities include all the following activities except A) inbound logistics. B) accounting. C) marketing. D) manufacturing.

B

96) Which of the following elements is contained in the systems analysis report? A) Specific timetables for project completion B) Descriptions of any overall problems in the specific subsystem being studied C) A summary of the current system strengths and weaknesses D) A systems proposal to serve as the framework for the project

B

98) Certain performance measures for hardware, software, and personnel are important from a control point of view. Which method listed below is not used to evaluate these items? A) Processing time B) Dollars C) Performance D) Quality of documentation or quantity of program code produced

B

98) In an information security system, security measures focus on A) correcting the effects of threats. B) preventing and detecting threats. C) management philosophy and operating style. D) the internal audit function.

B

98) The activities related to moving a product are referred to a A) value chain activities. B) supply-chain activities. C) logistical activities. D) primary activities.

B

98) The business process used when there is an existing customer account balance is A) accounts receivable. B) cash-received- on-account. C) cash sales. D) aged trial balance.

B

99) An order from a government agency or officer of a court that compels the recipient, under penalty, to produce physical evidence, documents, or testimony is called A) a search warrant. B) a subpoena. C) a notification. D) an interview.

B

99) In a production planning system, output from the production planning program includes which of the following? A) Production loading file B) Routings C) Completed production order file D) Finished goods stock status report

B

115) Which part of the Sarbanes-Oxley Act requires annual filings of publicly traded companies to include a statement of management's responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting? A) ISO 404 B) ANSI X3.5 C) Section 404 D) Section X3.5

C

78) The testing approach in which the old system is abandoned and the processing is switched to the new system is called A) parallel operation. B) modular conversion. C) the direct approach. D) the file conversion approach.

C

100) What act recognizes electronic signatures as legally binding in commerce and business- related transactions? A) Sarbanes-Oxley Act B) Section 404 Act C) Uniform Electronic Transactions Act D) Contract Validation Act

C

101) An audit that examines the controls governing the systems process and which directly affect the reliability of the application programs created is called a(n) A) general information system audit. B) information system applications audit. C) application systems development audit. D) information system computer service center audit.

C

115) COSO;s Guidance on Monitoring Internal Control Systems includes the following phases Except A) establishing a foundation for monitoring. B) designing and executing monitoring procedures that are based on risk. C) developing the objectives for the level of risk that can be tolerated by management. D) assessing and reporting the results.

C

103) The primary way to prevent active threats concerning fraud and sabotage is to implement successive layers of access controls. Such an approach involves erecting multiple layers of controls that separate the would-be perpetrator from his or her potential targets. One file-access control system that will prevent unauthorized access is (are) A) a password management system. B) biometric hardware authentication. C) locked files. D) a firewall.

C

104) A company located in Delaware has customers nationwide. The most effective system to deal with the issue of float is to A) use one lock-box collection system located in the Midwest. B) have customers send their remittances to the company's corporate office in Delaware. C) use several regional lock-box systems located geographically around clusters of customers. D) factor its accounts receivable to a collection agency.

C

105) A Web server is part of a(n) A) IDE. B) DB system. C) application solution stack. D) None of the above includes a Web server.

C

105) The goal of RBA to auditing is to apply audit efforts to areas in proportion to their likelihood to A) reduce exposures in areas of high risk. B) reduce the exposure and occurrences of fraud. C) significantly impact the auditor's overall audit conclusions. D) All of the above are goals of RBA.

C

105) What is an example of fault tolerance applied at the transaction level? A) Consensus-based protocols B) Read-after- write checks C) Database shadowing D) Flagging

C

106) The FCPA requires that a system of internal accounting controls A) guarantee that profits are correctly stated in a firms audited financial statements. B) provide absolute assurance that transactions are executed only in accordance with managements authorization. C) provide reasonable assurance that access to assets is permitted only in accordance with managements authorization. D) ensure the long-run profitability of an organization.

C

107) The staff position which would generally report to the treasurer rather than to the controller is A) budgeting. B) accounts payable. C) credit manager. D) cost accounting.

C

108) Which illustration is not an example of a supervision technique? A) Using professional shoppers in a retail environment B) Using a test package for a bank teller or cash counter C) Having a cash register make sound when it is opened in the presence of a customer D) All of these answers above are correct.

C

108) Which of the following is not true of a software versioning system? A) It can keep old copies of application software. B) It can be used to rollback mistakes after they are made. C) It works mainly as standalone software. D) All of the above are true of versioning software.

C

109) Activity-based costing (ABC) systems allocate overhead differently than traditional cost accounting systems. The difference between an ABC and a traditional cost accounting system is that A) traditional systems calculate several overhead rates, one for each manufacturing activity. B) an ABC system uses a single allocation overhead rate. C) ABC systems calculate several overhead rates, one for each manufacturing activity. D) a traditional cost accounting system uses two overhead allocation rates: one for actual activity and one for estimates (or standards).

C

109) An IT governance framework such as ___ can be a critical element in ensuring proper control and governance over information and the systems that create, store, manipulate, and retrieve that information. A) CISA B) SOA C) COBIT D) RBA

C

109) Software project collaboration platforms focus on A) implementing IDEs. B) debugging projects. C) communications. D) generating code automatically.

C

111) A Trojan horse program placed on one computer with the objective of attacking another computer is an example of which Internet security vulnerability? A) A Web server and its configuration B) An operating system and its configuration C) A private network and its configuration D) A general security procedure

C

112) Items that should be provided in any detailed design proposal are A) the resumes and qualifications of systems analysts and designers. B) discussions of similar systems that competitors have implemented. C) specific volume and cost information. D) critiques of problems encountered with the prior (or existing) system.

C

113) Risk assessment should evaluate whether controls sufficiently address identified risks of material misstatements due to fraud and A) controls specifically designed to prevent fraud. B) controls intended to address the risk of collusion. C) controls intended to address the risk of management override of these controls. D) controls specifically designed to prevent material misstatements.

C

113) The on-line storage symbol would be used to represent A) a deck of cards. B) a magnetic tape. C) an optical disk. D) a punched tape.

C

113) Totally computerized systems such as a quick response systems A) eliminate traditional internal control problems. B) still require human intervention in the transaction processing cycle. C) intensify certain internal control problems. D) still require paper documents in EDI applications.

C

113) Which item listed below is not considered a primary business process? A) Marketing B) Outbound sales logistics C) Technology development D) Service

C

113) Which one of the following is not an element of the internal control process? A) Control environment B) Risk assessment C) Risk response D) Monitoring

C

114) General security procedures are essential in Internet security. One especially important weakness that hackers may attempt to exploit in this area is to A) guess at passwords. B) rewrite computer source code. C) alter log files to "cover their tracks.; D) steal the hard drives of personal computers used as Web servers.

C

114) Which of the following best describe the fraud scheme that involves removing cash from the cash register and replacing it with bogus checks? A) Sales skimming B) Robbing the cash register C) Swapping checks for cash D) Shortchanging the customer

C

114) ___ is the most recent certification programs and for individuals interested in Governance of Enterprise IT. A) CISA B) CISM C) CGEIT D) COBIT

C

133) Jennifer Nguyen is interested in archiving several data files. She should A) use a full backup for each file. B) use an incremental backup for each file. C) store the data files on media suitable for long-term storage. D) use a differential backup for each file and restore each file.

C

135) Which of the following is not an example of good internal control? A) Having adequate records B) Being sure that everyone clearly understands his or her own responsibilities C) Making sure that each department is responsible for keeping its own accounting records D) Having periodic physical checks (or counts) of the inventory

C

137) Guidelines and standards that are important to Information Security Management Systems include all the following except A) COSO. B) COBIT. C) ERM. D) ISO 27000 series.

C

141) Which of the following information characteristics pertains to the situation when a lower- level manager receives a well-defined, narrowly focused report, while a top-level manager receives a report covering more general topics? A) Level of aggregation B) Time horizon C) Scope D) Required accuracy

C

143) MDA stands for A) Model Diagram Assurance. B) Methods, Development, Assessment. C) Model Driven Architecture. D) Method Driving Assessment.

C

143) Viruses and denial of service attacks are examples of A) electronic interception. B) spyware. C) malware. D) exploits.

C

144) The ________ makes it a federal crime, with a mandatory prison sentence, to pretext any kind of information that relates to a relationship between a consumer and a financial institution. A) Computer Fraud and Abuse Act of 1986 B) Telephone Records and Privacy Protection Act of 2006 C) Gramm-Leach- Bliley Act D) Health Insurance Portability and Accountability Act

C

146) In general, ________ arise from improperly installed or configured software and from unforeseen defects or deficiencies in the software. A) exploits B) virtualizations C) vulnerabilities D) exposures

C

147) A way of viewing company activities that breaks the activities down into components that can be individually optimized in terms of goals and strategies is known as the A) primary business process. B) accounting information system. C) value chain. D) internal control process.

C

149) ________ involves running multiple operating systems, or multiple copies of the same operating system, all on the same machine. A) Hypervisor B) Business continuity planning C) Virtualization D) Subscriber Identity Module (SIM)

C

55) Risk ________ for payroll, procurement, and customer order management business processes is required for compliance with Sarbanes-Oxley A) control B) compliance C) assessment D) assertions

C

62) The following are reasons RFID tags are not widely used except A) RFID is more costly that printed bar codes. B) there is a much higher error rate in RFID than in scanning printed bar codes. C) RFID cannot be used in lean manufacturing. D) All of the above are reasons RFID tags are not widely used.

C

63) How does ERPs materials management module assist in vendor selection? A) It links the quotation documents with the requisition. B) It downloads product information from the vendors system. C) It provides a 100-point scoring system to evaluate vendors. D) It sends rejection letters to vendors whose bids are not accepted.

C

65) GTIN is an identifier used to look up product information in A) GS1 tables. B) Web-based list structures. C) databases. D) eBXML.

C

68) The document which specifies detailed labor operations, their sequencing, and their related machine requirements is A) the bill of materials. B) the master operations list. C) either the bill of materials or master operations list. D) the product specification and design abstract.

C

70) The "hierarchy" aspect of HIPO charts refers to the fact that this technique factors a task into modules by A) using the entity's organization chart. B) utilizing a horizontal approach. C) going from the general to the specific. D) None of these answers are correct.

C

70) The internal control premise that concerns the relative costs and benefits of controls is known as A) responsibility. B) risk. C) reasonable assurance. D) exposure.

C

70) When implementing a new system, management often has to decide whether to train existing employees or hire new employees. Many times it is best to retain and retrain current employees Because A) current employees are already familiar with the firm operations. B) overall employee morale is enhanced. C) current employees are already familiar with the firm's operations and overall employee morale is enhanced. D) None of these answers is correct.

C

71) The charting technique which emphasizes a logical rather than a physical description of a system is a(n) A) analytic flowchart. B) forms distribution flowchart. C) data flow diagram. D) document flowchart.

C

73) A code is not used in ERP master records to identify a(n) A) plant. B) accounting unit. C) specific invoice. D) purchasing organization.

C

73) The design specifications for a computer program are determined by A) top management. B) users. C) the design team. D) the computer programmer.

C

73) There are different types of electronic wallet-sized cards used in virtual cash transactions. ATM cards are classified as A) shared-key cards. B) signature-creating cards. C) memory cards. D) signature-transporting cards.

C

76) A manufacturing company wants to know the optimal amount to order of part number 45612. It should gather appropriate inventory information about the part and then calculate the parts A) inventory usage rate. B) lead time. C) economic order quantity. D) reorder point.

C

78) In the SAP ERP system, if a company wishes to initiate a dunning procedure against a customer, input will be made in the A) account management screen. B) payment transactions screen. C) correspondence screen. D) control data screen.

C

78) Which is the best way for a company to prevent having outdated inventory on hand? A) Store inventory securely B) Classify inventory according to location in the companys records C) Evaluate inventory turnover D) Write down the inventory balance when a warehouse employee finds outdated inventory

C

79) Which of the following normally receives a copy of the purchase requisition? A) Vendor B) Stores C) Purchasing D) Receiving department

C

79) Which of the following statements is a disadvantage to using the integrated-test- facility (ITF) approach in information systems auditing? A) When carefully planned, the costs of using ITF are minimal. B) No interruption of normal computer activity is involved in using ITF. C) Fictitious data must be excluded from output reports. D) ITF is used in large computer application systems that use real-time processing.

C

80) A three-tiered application architecture involves applications that contain ________ tiers. A) conceptual, logical, and physical B) conceptual, knowledge, and functional C) presentation, logic, and data D) planning, design, and implementation

C

82) The Northwest Savings Bank is implementing a new computer system. It requires that the final testing systems approach is both safe and cost-effective. The bank has planned to implement the new system over the course of the next 18 months. The bank should choose A) parallel operation. B) the direct approach. C) modular conversion. D) the cutoff approach.

C

84) The purpose of a systems development steering committee is to A) inquire of top management as to the problems encountered with current systems. B) oversee the work of the systems analysts. C) focus on the overall current and future information needs of the company. D) provide a positive image of the development of new systems and to keep criticism within the organization to a minimum.

C

85) In a relational database model, operations on data are performed by using A) EA. B) Java. C) SQL. D) UML.

C

85) The technology that involves the modification of actual computer programs for audit purposes is called A) generalized audit software (GAS). B) ACL. C) embedded audit routines. D) record extension.

C

85) Which of the following is the best internal control over disposals of fixed assets? A) Periodically analyze the scrap sales revenue and the repairs and maintenance expense accounts. B) Periodically compare removal work orders and disposal authorization. C) Separate the duties of the official authorizing a disposal and the official approving removal work orders. D) Use serial numbers to identify fixed assets that could be sold.

C

86) An exposure is A) synonymous with risk. B) equal to risk multiplied by the likelihood of detection. C) equal to risk multiplied by the financial consequences. D) not possible with a good system of internal controls in place.

C

86) The employee who is responsible for the custody of investments should A) authorize the purchase of additional investments. B) maintain the investment register. C) open the safety deposit or depository area only when a second employee is present. D) conduct periodic physical inventories comparing the investment register to the investments on hand.

C

86) The individual who formally approves a system design and implementation project at its completion is the A) the project team leader. B) the chairperson of the steering committee. C) the manager of the department for which the application has been developed. D) the chief information officer.

C

86) The key to the success of the attribute rating approach to vendor selection is A) attributes must be identified and listed. B) a weight must be assigned to each identified attribute. C) individual evaluators should rank attributes independently of each other. D) attribute numerical rankings should be multiplied by their appropriate weights.

C

87) A sales order is A) the same as the purchase order. B) an external use document. C) an internal use document. D) optional when selling to established customers.

C

89) The company should inform users that a new system is being developed A) as late as possible, to eliminate the possibility that some employees might oppose the new system. B) after the design plan is complete, to avoid employee interference and confusion. C) as soon as possible, to maximize user acceptance of the new system. D) as soon as the users seem ready to accept the new system.

C

89) The term that best describes an information system that is tailored to the strategic information needs of top-level management is a(n) A) accounting information system B) expert system. C) executive information system. D) EDP system.

C

90) The function responsible for reconciling the bank account upon which voucher checks are drawn is A) cash disbursements. B) accounts payable. C) internal audit. D) purchasing.

C

90) The operational principle behind factoring a project into phases and tasks is A) top-down design with successive refinement. B) to schedule all activities according to CPM methodology. C) that each specific task or phase should provide a deliverable at its completion. D) to use analytic flowcharts to factor a project into modules.

C

94) A computer-produced document that is intended for resubmission into the system, such as the part of the utility bill that the customer returns with payment, is a(n) A) invoice. B) dual-submit document. C) turnaround document. D) automated input document.

C

94) Routines that collect and summarize statistics concerning program resource utilization are called A) embedded audit routines. B) mapping. C) job accounting routines. D) tracing.

C

94) Which of the following is not an aspect of good project control? A) Setting measurable goals for each phase and task in the overall project B) Reporting actual performance against the established project goals C) Establishing and revising estimates of system utilization D) Evaluating any significant deviations from the project plan

C

95) A timekeeping system in which all employee attendance and absence information is maintained is A) comprehensive time management. B) negative timekeeping system. C) positive timekeeping system. D) complex timekeeping system.

C

95) The third phase of systems analysis results in decisions regarding A) input requirements for the new system. B) output requirements for the new system C) both input and output requirements for the new system. D) priorities for ranking the different subsystems projects, but not specific system requirements.

C

97) The Bad Luck Fortune Cookie Company has a 360-day past-due balance of $1,300.00. After repeated attempts at collection, the account is deemed worthless. The departments involved with processing this transaction up to the point of issuing an approved write-off memo are the A) credit and accounts receivable departments. B) treasurer, billing, and accounts receivable departments. C) credit, treasurer, accounts receivable, and internal audit departments. D) credit, treasurer, cash receipts, and internal audit departments.

C

97) The fundamental benefits of information technology for AISs include the following except A) communication B) information organization. C) systems development. D) automation.

C

98) Evidence is collected in the following order: A) Observations, physical and document evidence, and interviews. B) Observations, interviews, and physical and document evidence. C) Physical and document evidence, observations, and interviews. D) Physical and document evidence, interviews, and observations.

C

98) To confirm the existence and assess the effectiveness of an organization's internal controls, Auditors A) create systems techniques. B) perform substantive testing. C) perform compliance testing. D) create HIPO and IPO charts.

C

98) Totals of homogeneous amounts for a group of transactions or records, usually expressed in dollars or quantities, is known as a(n) A) batch control total. B) hash total. C) amount control total. D) line total.

C

A)

Check digits are especially effective at detecting A) transposition errors. B) accidental keying mistakes. C) incorrect account numbers. D) customer accounts that were never assigned.

117) The area of functional specialization which is responsible for the design, coding, testing, and debugging of computer programs is the A) technical support function. B) user function. C) operations function. D) programming function.

D

103) Using a lock-box system A) expedites the cash flow for a company. B) helps to reduce interest income lost due to delays in depositing out-of- state-checks. C) promotes the segregation of duties because a third-party handles cash receipts. D) All of these answers are correct.

D

104) After the introductory and informational questions, non-suspects will be presented with A) additional informational questions. B) admission seeking questions. C) assessment questions. D) concluding questions.

D

104) Research indicates that the most expensive type of fraud is A) patent infringement. B) false financial statements. C) credit card fraud. D) All of these types of fraud are equally expensive.

D

104) The federal tax which requires that employees and employers contribute equally for old age, survivors disability, and hospital insurance benefits is A) federal unemployment tax. B) federal income tax. C) workers' compensation. D) social security tax.

D

104) Which of the following is a standard communications protocol in SOA? A) XML B) URL C) XBRL D) SOAP

D

105) A group of individual software applications designed to run in Web browsers and facilitated through a service oriented architecture (SOA) is referred to as a(n) A) ERP II. B) application architecture. C) value chain application suite. D) enterprise application suite.

D

107) A block flowchart is also known as a(n) A) data flow diagram. B) HIPO chart. C) analytic flowchart. D) program flowchart.

D

107) t;207.49.159.2; is an example of a(n) A) domain name. B) domain name server. C) transmission control protocol D) Internet protocol address.

D

108) A clerk accidentally posts a prenumbered sales invoice of $625 as $265 to a customers account. What control would detect this error? A) A hash total of the invoice numbers B) A sequence check of the numbers of the invoices which are to be posted C) A document count of the invoices D) A control total of the amounts to be posted

D

108) A tabular technique used to represent a decision function in a flowchart is known as a A) block flowchart.B) logical data flow diagram. C) decision table. D) branching table.

D

108) CIM affects manufacturing overhead primarily by A) increasing direct materials costs and decreasing direct labor hours. B) decreasing manufacturing overhead overall. C) increasing manufacturing overhead overall. D) increasing machine costs and decreasing direct labor hours.

D

67) A purchase order prepared under an existing contract or scheduling agreement is called a A) consignment purchase order. B) stock transport purchase order. C) standard purchase order. D) release order.

D

108) Discovery is the process in which A) opposing parties cannot require each other and relevant parties to produce out-of- court evidence. B) opposing parties can prohibit each other and relevant parties to produce out-of- court evidence. C) opposing parties can require each other and relevant parties to reproduce previously court-admissible evidence. D) opposing parties can require each other and relevant parties to produce out-of- court evidence.

D

108) Risks associated with implementing new technologies include A) IT strategies not aligned with business strategies. B) control framework for IT does not exist. C) IT performance is not measured and evaluated. D) All of the above are risks associated with new technologies.

D

108) Which of the following design alternatives is the most difficult to evaluate? A) Deciding whether reports should be generated automatically or on-demand B) Deciding whether processing should be in batch mode or online C) Deciding whether the alternatives meet all major objectives for the system D) Deciding whether existing personnel can manage the system

D

109) Rule 702 permits those qualified as experts to present expert testimony in court if A) the testimony is based upon sufficient facts or data. B) the testimony is the product of reliable principles and methods. C) the witness has applied the principles and methods reliably to the facts of the case. D) all of the above

D

109) The display symbol in a flowchart represents information displayed for human use using a device such as a A) video monitor. B) plotter. C) console printer. D) All of these answers are correct.

D

109) The three general phases of systems development projects and the order in which they occur are A) systems design, systems implementation, and systems analysis. B) systems design, systems implementation, and systems auditing. C) systems design, systems analysis, and systems programming. D) systems analysis, systems design, and systems implementation.

D

109) The type of backup which avoids the problems which arise from restoring incremental backups is a(n) A) full backup. B) partial backup. C) archive restoration. D) differential backup.

D

110) A well planned system of internal accounting control normally would include procedures that are designed to provide reasonable assurance that A) employees act with integrity when performing their assigned tasks. B) decisions leading to managements authorization of transactions are sound. C) collusive activities would be detected by segregation of employee duties. D) transactions are executed in accordance with management;s general or specific authorization.

D

110) Quick Response reader application can typically ________. A) open a Web site B) display a video C) display text D) All of these answers are correct.

D

110) Which of the following is a way to identify cost drivers for activity-based costing? A) Analytical review B) Time-in- process measures C) Volume measures D) Regression analysis

D

111) Effective internal control provides ________ assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. A) little B) adequate C) total D) reasonable

D

111) Example of financial statement fraud red flags include A) weak internal control. B) inadequate personnel-related practices. C) irregular accounting practices. D) all of the above

D

112) A company may overstate its reported assets by A) avoiding depreciation. B) inflating asset valuations. C) understating bad-debt allowances. D) all of the above

D

112) ERM contains eight components. Which one of the following is not a component of ERM? A) Internal environment B) Risk assessment C) Risk response D) Risk elimination

D

112) From an organization's viewpoint, a distinction can be drawn between the following two broad classes of accounting information. A) Historical and future B) Strategic and operational C) Internal and external D) Mandatory and discretionary

D

112) The tools and technologies used to implement a given project are in the A) the physical design. B) the conceptual framework. C) enterprise architecture. D) project development environment.

D

113) The most important consideration for output design is A) relevance. B) integration. C) uniformity. D) cost-effectiveness.

D

113) The project development environment includes the following except A) project collaboration platform. B) integrated development environment. C) software versioning system. D) customer-supplier stacks.

D

114) Guidance for Section 404 compliance can be found in A) COSO reports. B) ISO 27002. C) the United States Federal Sentencing Guidelines. D) Guidance can be found in all of the above.

D

116) Disaster risk management is concerned with A) the prevention of disasters. B) the layered-access approach to security. C) contingency planning. D) Answers A and C are both correct.

D

116) The design criterion concerned with using the same format and name for data items used in more than one place is A) uniformity. B) flexibility. C) integration. D) standardization.

D

116) The problems small businesses encounter with internal control that are addressed by COSO include the following except A) effective boards of directors. B) limited segregation of duties and increased focus on monitoring. C) compensating for limitations in information technology. D) outsourcing increased reporting requirements.

D

117) Individual server-side development frameworks tend to be related to specific programming languages such as A) Java. B) PHP. C) PERL. D) All of the above pertain to server-side development.

D

117) Small and large companies can gain cost efficiencies in internal control by A) focusing financial items that have changed the most from period to period. B) managing reporting objectives. C) effectively managing the amount and types of documentation on adequate controls. D) All of the above will enable small companies to gain cost efficiencies.

D

126) One reason to put off the purchase of computer hardware or software is A) the price of hardware and software will drop shortly. B) a new version of hardware or software will be available soon. C) the company wants the latest state-of- the-art system. D) None of these answers is a good reason to put off the purchase of computer hardware or software.

D

127) Actively involving the ultimate users in the development of a system might help to limit A) communications problems. B) unrealistic or vague requirements during the analysis phase. C) disillusionment and confusion during the design phase. D) All of these answers are correct.

D

129) The best way to test the integrity of a computer system is to A) review all system output thoroughly. B) review all system input thoroughly. C) sample the system's actual transactions. D) process hypothetical transactions through the system.

D

131) Each domain in the enterprise architecture is subject to A) cost overruns if planning is not carefully completed upfront. B) government review if the company is publicly traded. C) the four phases of RUP development. D) analysis, planning, design, and implementation.

D

131) The following are EDI standards except A) ANSI X.12. B) AS2. C) eBXML. D) ISO-95.

D

134) An iterative approach using prototypes is called A) service-oriented development. B) waterfall development. C) object-oriented design. D) rapid application development.

D

134) Which of the following specialized information systems would be the most useful in providing information for routine decisions? A) Decision support system B) Expert system C) Executive information system D) Accounting information system

D

136) The phase of the Rational Unified Process where the software is deployed to end users for testing and training is the ___ phase. A) inception B) elaboration C) implementation D) transition

D

137) Which of the following is used to ensure a high degree of user involvement in the control of an information systems department? A) Maintenance programmers B) Operations manager C) Technical support committee D) Steering committee

D

140) When should the actual users of a system be involved when a new system is being developed? A) As soon as the new system is implemented B) After all unexpected bugs and glitches have been found and corrected C) Only after all employees have been thoroughly trained to use the new system D) Throughout the design of the new system

D

141) Hacker methods include all of the following except A) social engineering. B) direct observation. C) electronic interception. D) continuity prevention.

D

142) UML diagrams directly match objects in computer programs which greatly facilitate communication between the analysts, designers, and programmers A) forcing objects to be defined in numerous languages. B) forcing all objects to be identified. C) eliminating the need for an iterative approach. D) eliminating a language gap between DFDs and programming code.

D

147) BPEL is an executable computer language that facilitates interactions between A) objects and services. B) objects and methods. C) business processes and data diagrams.D) business processes and Web services.

D

152) When viewing a typical organization chart, the individual responsible for the finances of the business is the A) controller. B) president. C) vice president. D) treasurer.

D

152) Which of the following forms of social engineering involves impersonation? A) Contexting B) Phishing C) Hypervising D) Pretexting

D

56) For compliance with SOX, assessed risk for business processes must be clearly A) tested and reported to FASB. B) documented on form Circular E and submitted to the SEC. C) tested and checked for material irregularities. D) documented and controls selected for testing and evaluation.

D

57) The Electronic Bank of America might digitally sign a message that contains which of the following information? A) The bank's name and address B) The dollar value of the bank note being created C) A unique serial number D) All of the above

D

58) Which of the following is considered a virtual electronic cash card? A) Memory card B) eBusiness card C) Signature-transporting card D) Answers A and C are correct.

D

60) Auditing with the computer; A) is only performed by external auditors. B) involves activities related to compliance testing. C) is only performed by internal auditors. D) involves activities related to substantive testing of account balances.

D

63) Good project management uses plans for implementing a system. The plans should provide A) specific budget information. B) a breakdown of the project into various phases. C) specific timetables for completion. D) All of these answers are correct.

D

63) ________ is a bar coding standard which is a superset of the original 12-digit UPC system. A) RFID-12 B) GS1-12 C) GTIN-13 D) EAN-13

D

65) In an analytic flowchart, the symbol which could be used to indicate the computation of gross pay is the A) connector symbol. B) terminal symbol. C) input/output symbol. D) process symbol.

D

65) SQL allows user to A) define data in a relational database. B) access data in a relational database. C) manipulate data in a relational database. D) All of these answers are correct.

D

65) The type of purchase order a vendor receives when the vendor must receive and assemble parts into an end product is known as a A) third-party purchase order. B) standard purchase order. C) stock transport purchase order. D) subcontract purchase order.

D

66) The customer order business management process begins when a A) customer order is entered into the system. B) customer order is shipped. C) customer invoice is generated and sent to the customer. D) potential customer makes an inquiry or requests a quotation.

D

66) Which of the following controls is not a typical function found in the production business process of manufacturing firms? A) Cost accounting B) Production control C) Property accounting D) Capital expenditure review and authorization

D

69) A message which contains a digital signature A) must be encrypted along with the signature. B) must be sent once as plaintext and once as ciphertext if no message digest exits. C) does not have to be encrypted when a message digest is used as a digital signature. D) Answers B and C are correct.

D

69) In ERP, the invoice verification component ensures that A) cost requirements have been met. B) quantity requirements have been met. C) shipping deadlines have been met. D) Answers A and B are correct.

D

69) Information system audits to verify compliance with internal controls are performed by A) internal auditors only. B) external auditors only. C) outside third-party consultants only. D) both internal and external auditors.

D

69) The document prepared when a customer is requesting the delivery of goods that are detailed in a contract is called a A) sales order. B) release order. C) call-off. D) Answers B and C are both correct.

D

69) The off-line storage symbol could be used to represent data stored A) on a USB thumb drive. B) on a magnetic tape or disk. C) in paper form. D) on all of these named media.

D

70) A customer has placed an order. The customer credit has been checked and is satisfactory. When the availability of the goods is checked, it is found that some items are in stock and the vendor has backordered other items. At this point the customer A) may cancel the order. B) may request the order be held until all goods can be shipped. C) may request partial shipment of the goods currently in. D) All of these answers are correct.

D

70) The ERP system compares which of the following documents in its invoice verification procedure? A) Purchase order and goods receipt document B) Goods receipt document, invoice, and requisition C) Goods receipt document, invoice, purchase order, and requisition D) Goods receipt document, invoice, and purchase order

D

71) To provide the proper environment for computer equipment operations, the company must control A) security. B) wiring. C) access. D) temperature and humidity.

D

72) The Omnibus Trade and Competitiveness Act of 1988 (OTCA) amends the A) Securities Exchange Act of 1934. B) accounting provisions of the FCPA. C) antibribery provisions of the FCPA. D) accounting and antibribery provisions of the FCPA.

D

73) Instead of using the on-line storage symbol, a systems analyst wants to use an analytic flowcharting symbol that represents the medium that is used for the file. Which of the following would be the best symbol to use in place of the on-line analytic storage symbol? A) The display symbol B) The magnetic tape symbol C) The document symbol D) None of these answers are correct.

D

73) Which of the following is a possible benefit of using information systems technology in the conduct of an audit? A) Increased independence from information systems personnel B) Elimination of most manual calculations, footing, and cross-footing C) Standardization of audit working papers and correspondence D) All of these answers are correct.

D

74) There are different types of electronic wallet-sized cards used in virtual cash transactions. The card that shows the most promise for wide-scale retail transaction use in the foreseeable future is the A) shared-key card. B) signature-creating card. C) memory card. D) signature transporting card.

D

74) Which document is not updated when a manufacturing order is complete and goods are transferred to stores? A) Production order B) WIP record C) Finished goods inventory records D) Materials requisition

D

75) Hierarchy assignment includes a customers A) distribution channel. B) geographical location. C) credit approval. D) All of these answers are correct.

D

75) The component of internal control that is the foundation for all other components is A) risk assessment. B) information and communication. C) control activities. D) control environment.

D

75) Which of the following can serve as both a training tool for new employees and a help for future computer programming? A) Testing B) Evaluation C) Systems analysis D) Documentation

D

76) What standard should be used to evaluate the quality of documentation produced by a programmer? A) The number of pages produced B) The number of logical flow diagrams and analytic flowcharts produced C) The amount of time spent to produce the documentation D) Whether a different programmer can use the documentation at a later date to modify the Program

D

77) The AICPA's Web Trust attestation program provides assurance that a merchant's Web site has A) some type of functioning information protection. B) business practices disclosure. C) transaction integrity. D) All of these answers are correct.

D

78) Servers that exist to support eBusiness are A) mail servers. B) file servers. C) Web servers. D) All of the above support eBusiness.

D

78) Which of the following statements is an advantage to using the test data technique in information systems auditing? A) The test can be run only on a specific program at a specific point in time. B) The test must be announced. C) Test data is limited to certain combinations of processing conditions. D) The technique is used for testing programs in which calculations such as interest or depreciation are involved.

D

80) Control over inventory includes A) storing. B) handling. C) spoilage. D) Answer A and B are correct.

D

80) Many aspects of computer processing tend to significantly A) decrease an organization's exposure to undesirable events. B) strengthen the corporate culture's ethical behavior in the long-term analysis. C) increase employee productivity through the use of monitoring software. D) increase an organization's exposure to undesirable events.

D

80) Which of the following reviews and approves the purchase order prior to its further processing? A) Stores B) Receiving C) Internal audit D) The requesting department

D

81) Inventories serve as a buffer between different operations in a A) just-in- time production system. B) materials as needed system. C) perpetual inventory system. D) Answers A and B are correct.

D

82) The documents which accounts payable should use to verify a purchase transaction are A) purchase requisition, receiving report, and invoice. B) receiving report and purchase order. C) invoice, purchase requisition, and purchase order. D) purchase requisition, invoice, receiving report, and purchase order.

D

83) Application controls are often classified as A) general, processing, and specific. B) basic, specific, and accounting. C) general, application, and output. D) input, processing, and output.

D

83) The selection of projects for development is usually the responsibility of A) the chief information officer. B) the board of directors of the organization. C) the chief financial officer. D) the steering committee or other organization-wide unit.

D

83) When a sold-to customer record is created in the SAP ERP system, other master records are automatically created using the same information. The input screen in which these records are associated with each other is the A) output screen. B) billing screen. C) account management screen. D) partner functions screen.

D

84) For an applications system project, the individual who should be included in the project team because he or she has the best working knowledge of how the application should function in the actual work environment is A) an analyst. B) the chief information officer. C) a computer programmer. D) a representative from the user department for which the application is being developed.

D

84) The ________ architecture defines standards, principles, procedures and best practices to govern the information technology architecture. A) business B) data C) application D) technical

D

86) A major output of a systems development steering committee or the individual in charge of systems development is a written document outlining short- and long-term goals relating to the company's development effort. This document is called A) Key Systems Development Success Factor B) The Systems Development Life Cycle C) Objectives of Systems Analysis D) Strategic Systems Plan

D

86) Information security management systems (ISMS) have which of the following objectives? A) Confidentiality B) Integrity C) Availability D) All of the above are correct.

D

86) The corporate information factory model includes A) data acquisition. B) data management. C) data delivery. D) data acquisition, data management, and data delivery.

D

86) Which of the following flow directions is(are) assumed in a flowchart? A) From top to bottom B) From left to right C) Neither answer A nor B is correct. D) Answers A and B are both correct.

D

87) Fraudulent financial reporting A) involves intentional or reckless conduct. B) may be due to an act of omission or commission. C) results in misleading financial statements. D) All of these answers are correct.

D

87) The extended record technique provides a way to reconstruct an audit trail by A) adding specific "dummy" test data processed by the system in the extended record for examination by the auditor after processing is complete. B) processing real data through a test program and comparing the simulated and regular output after processing is complete. C) capturing a detailed listing of the sequence of program statement executions in the extended record that would not normally be saved. D) tagging specific transactions and capturing intervening processing steps in the extended record that would not normally be saved.

D

87) Vendors found on a company's approved vendor list should possess the attribute(s) of A) financial soundness. B) reliability. C) no conflicts of interest. D) An approved vendor should possess all of these attributes.

D

87) When the qualitative approach to risk assessment is used, costs might be estimated using A) replacement costs. B) service denial costs. C) business interruption costs. D) All of these answers are correct.

D

88) An example of fraud indicators is A) mismatch in an inventory count. B) a cash register that doesnt balance. C) a suspicious invoice. D) All of the above are correct.

D

88) As part of adequate transaction cycle controls in order processing, after the finished goods department has picked a customer's order according to a delivery document, the records which should be updated to reflect actual quantities picked are found in the A) order database. B) credit files. C) master price list. D) inventory database.

D

88) The snapshot technique involves capturing and dumping A) selected transaction data. B) the program code itself. C) selected master file contents. D) selected memory contents.

D

88) Which of the following is not a basic symbol used in logical data flow diagrams? A) Terminator B) Data store C) Data flow D) Manual input

D

89) Software that often includes components to facilitate process planning, line analysis, and statistical process control, among other tasks, is called A) CIM. B) MRP II. C) CADD. D) CAM.

D

89) ________ works better with tables that have more than two dimensions for complex analyses. A) OLTP B) ETL C) SQL D) OLAP

D

90) Which of the following would be an appropriate source of information to obtain during the survey of the current system? A) Professional journals and industry publications B) Minutes of board meetings, financial statements, and charts of accounts C) Organization charts, job descriptions, and policy manuals D) All of these answers are correct.

D

90) ________ are the only physical items that are absolutely required for a user of cloud computing. A) A data storage unit and an Internet connection B) A Web browser and a RFID card C) A QR reader and an Internet connection D) A Web browser and an Internet connection

D

91) An audit committee is required by A) the AICPA. B) the Securities and Exchange Commission. C) generally accepted accounting principles. D) both the New York Stock Exchange and the Sarbanes-Oxley Act of 2002.

D

91) One goal of factoring a project into detailed activities is to A) decrease the total project cost. B) decrease the total amount of time devoted to the project. C) assist in organizing the project's documentation. D) assist in assigning individual employees to tasks.

D

91) The greatest amount of internal and business process control in the cash disbursements process comes from A) the signing of voucher checks by an authorized party. B) the prenumbering of vouchers and voucher checks. C) the accounts payable function. D) a final review of transaction documents prior to the authorization of payment.

D

91) Which group of people listed below would not pose a high degree of threat to an organizations information system? A) Systems personnel B) Users C) Intruders D) External auditors

D

92) MRP systems integrate several subsystems. Which subsystem below is not integrated into the MRP system? A) Production planning B) Production scheduling C) Reporting D) Procurement

D

92) The best standard to use in developing estimates for the completion time of systems development projects in an organization is A) a vendor-developed standard. B) an industry-average standard. C) a standard recommended by a consultant. D) a standard developed by the organization's experience.

D

92) To maintain adequate separation of functions, accounts receivable should not have access to A) cash received from customers. B) checks received from customers. C) invoices and credit memos. D) Answers A and B are both correct.

D

92) Which of the following are examples of risks that are relevant to the financial reporting process? A) Changes in the operating environment B) Changes in personnel C) Changes in the information system D) All of these answers are correct.

D

92) Which of the following is an example of narrative techniques? A) In-depth interviews B) Open-ended questionnaires C) Document reviews D) All of these answers are correct.

D

92) Which of the following transaction processing cycles concerns events related to the distribution of goods and services to other organizations and the collection of related payments? A) Production B) Expenditure C) Financial reporting D) Revenue

D

93) Which of the following is part of the fraud investigation process? A) Conducting the initial notifications and evaluation B) Considering legal issues C) Defining the scope, objectives, and costs of the investigation D) Engaging a fraud indicator

D

93) ________ drivers connect applications to databases. A) Application interface B) Warehouse C) Middleware D) Database

D

94) In many fraud cases, the best approach is to A) immediately stop a recurring fraud. B) allow the fraud to continue. C) hire forensic specialists. D) both A and B

D

94) Systems techniques may be used to A) assist in designing computer programs. B) give an overall picture of transaction processing in the organization. C) assist a systems analyst in organizing facts about a system. D) All of these answers are correct.

D

94) Which of the following is most relevant in gaining an understanding of a managers decisions and information needs? A) Information about the major problems the manager normally deals with B) Knowledge about the managers self-assessment criteria C) Details concerning the manager job responsibilities D) Knowledge of the criteria used to evaluate the manager job performance

D

95) Evidence may include A) tangible objects. B) documents. C) testimony. D) all of the above

D

95) The ________ framework views the organization from the perspectives of the different stakeholders. A) Osterwalder B) federal enterprise C) open group D) Zachman

D

95) The information system auditing technology that originated as a technique to assist in program design and testing is A) tracing. B) parallel simulation. C) snapshot. D) mapping.

D

95) To provide an adequate separation of functions in the accounts receivable business process, maintaining the accounts receivable control account should be the responsibility of A) billing. B) accounts receivable. C) cash receipts. D) general ledger.

D

96) A sales return occurs when a customer actually returns goods that have been shipped. The departments involved with processing this transaction up to the point of issuing a credit memo are the A) shipping, receiving, and billing departments. B) receiving, billing, and accounts receivable departments. C) shipping, receiving, and credit departments. D) receiving, credit, and billing departments.

D

96) Sometimes computer programs are used to commit acts of sabotage. A destructive program masquerading as a legitimate one is called a A) logic bomb. B) worm. C) virus. D) Trojan horse.

D

96) Systems techniques may be used by A) internal auditors. B) external auditors. C) systems personnel. D) All of these answers are correct

D

96) The production planning report that discloses the availability of labor and machine resources is the A) production schedule. B) sales forecast. C) raw materials status report. D) factor availability report.

D

97) A key input that is needed for the project accounting program to estimate future costs to complete projects are A) computer usage reports. B) overhead rates. C) time sheets. D) progress reports.

D

97) In the ERP system, which one of the following is an ;infotype;? A) Hiring B) Leaving employment C) Changing jobs D) Employee personnel data

D

97) Sometimes computer programs are used to commit acts of sabotage. A computer program that actually grows in size as it infects more and more computers in a network is known as a A) Trojan horse B) logic bomb. C) virus. D) worm.

D

97) The Warnier-Orr methodology is a technique used for A) flowcharting. B) document review. C) evaluating work distributions. D) analyzing information flows.

D

97) The general term for any type of control total or count applied to a number of transaction documents is A) amount control total. B) line control total. C) hash total. D) batch control total.

D

97) The value reference model depicts the value chain at ________ levels of abstraction. A) one B) two C) three D) four

D

98) ________ involves the process of ensuring the suite of organization's applications work together as a composite application according to the goals and objectives of the organization. A) Applications requirements planning B) Enterprise application structure C) Enterprise resource planning D) Applications architecture

D

99) Material requirements planning software assists management in managing A) inventories. B) overhead. C) scheduling production. D) both inventories and scheduling production.

D

99) One benefit of using the Warnier-Orr methodology as a fact-gathering technique is that it A) is easy to understand and use. B) can be used to document any type of system. C) forces a top-down, structured approach to analysis. D) All of these answers are correct

D

14) Section 404 of the Sarbanes-Oxley Act requires that monthly filings of publicly traded companies include a statement of management& responsibility for establishing and maintaining adequate internal control as well as an assessment of the effectiveness of that internal control.

FALSE

14) The enterprise architecture involves five enterprise architectural domains.

FALSE

15) All hackers are malicious.

FALSE

15) Human resources is part of the application architecture of a company.

FALSE

15) Manual input/output and connector symbols are among the basic flowchart symbols.

FALSE

15) The fraud engagement process includes various steps in which evidence is collected in support of the scope and objectives of the investigation.

FALSE

16) In the United States, the AICPA is responsible for establishing standard flowchart symbols.

FALSE

16) Most control processes can function irrespective of the competence of employees.

FALSE

16) The relational data model is a three-dimensional structure similar in look to that of a cube.

FALSE

17) A company-generated incident report may serve as the basis of a probable-cause justification that would be required to obtain subpoenas, search warrants, and even arrest warrants.

FALSE

17) A decision support system (DSS) is tailored to the strategic information needs of top-level management.

FALSE

17) Black hat hackers formally probe systems for legitimate purposes in order to help with security control procedures.

FALSE

18) Audit committees are usually charged with evaluation and assessment of a corporation;s internal control processes.

FALSE

18) Data modeling is a database design process that proceeds through the conceptual, logical, and implementation phases.

FALSE

19) AIS application architecture currently focuses on automating the traditional accounting cycle.

FALSE

19) The decision symbol represents a named procedure consisting of one or more operations or program steps that are not specified within the set of flowcharts.

FALSE

2) Accounting information systems are designed to gather and utilize information which may cost more to provide than it is worth to the user.

FALSE

2) Fraud prevention requires implementing control checklists that contain items such as firewalls and anti-virus software.

FALSE

2) The interim audit requires some type of substantive testing.

FALSE

2) The objective of the first phase of the security system life cycle is to design risk control measures such as various security measures and contingency plans.

FALSE

2) eBusiness refers to the use of information technologies in some aspect of the business or organization.

FALSE

20) Malware is short for malicious hardware that compromises the security of the victims computer.

FALSE

20) The first question a fraud investigator should always ask is ;why;

FALSE

20) The third component of internal control is risk assessment.

FALSE

20) The transactional interface is used for queries, analysis, and research whereas the decision support interface is used for access and manipulation of data in the operational database.

FALSE

21) In CIM systems, computers control management-designed parts of the manufacturing process.

FALSE

22) Database drivers connect applications to printers.

FALSE

22) Physical theft is only a minor threat to the solvency of most business organizations.

FALSE

23) Approval (authorization) limits the initiation of a transaction or performance of an activity to selected individuals.

FALSE

23) Direct observation includes shoulder surfing and piggybacking.

FALSE

23) Physical and document evidence include audio or video recordings of suspects' activities.

FALSE

23) The enterprise service bus (ESB) transfers data to users through a graphical user interface.

FALSE

23) The process management approach aids in the management and improvement of a company's processes in order to increase customer satisfaction while ignoring the company's cost structure.

FALSE

23) When the flow is bidirectional, it can only be shown by double lines.

FALSE

24) A guessed plaintext attack will succeed even though the sender adds a few random numbers at the end of a message.

FALSE

26) A digital time-stamping service can be used to securely store private keys.

FALSE

26) A search warrant is an order from a government agency or officer of a court that compels the recipient, under penalty, to produce physical evidence, documents, or testimony.

FALSE

26) An IPO chart can provide much detail concerning the processing function.

FALSE

26) ERPs are inexpensive and relatively easy to implement.

FALSE

26) General controls can be a substitute for application controls.

FALSE

26) Three major groups of individuals that may attack information systems include information personnel, users, and employees.

FALSE

25) A subpoena is an order from a government agency or officer of a court that compels the recipient, under penalty, to produce physical evidence, documents, or testimony.

TRUE

25) Another name for a digital ID is a digital certificate.

TRUE

25) ERPs can either be industry-specific or based around "best practices" of various sized companies.

TRUE

C)

In an electronic input system requiring human intervention, the main processing phases and their proper sequence are A) (1) data input and (2) data editing. B) (1) data editing and (2) data input. C) (1) data input and editing, and (2) transfer to the host application system. D) (1) data input, (2) transfer to the host application system, and (3) data editing.

B)

In an entity-relationship data model, the concepts of part number, type, and cost are known as A) entities. B) attributes. C) relations. D) objects.

A)

In a database management system, defining an individual user view of the database is known as defining the A) subschema. B) name of a data element. C) schema. D) number of positions of the data element.

B)

In a general ledger accounting system, the link created between the general ledger accounts and the report(s) in which they appear is called A) a line locator. B) line coding. C) soft coding. D) hard coding.

D)

In a general ledger file update, all entries into the general ledger are A) first documented using a journal voucher. B) updated by each user department as necessary. C) dumped and not processed if any invalid data is found in any entry. D) first documented using a journal voucher, then are used to build a journal voucher file.

C)

In a manual input system, batch controls are prepared initially by the A) EDP department. B) computer software. C) user department. D) general ledger department.

C)

In a real-time sales system, which transaction-processing step below would not be performed entirely by using EDI? A) Receiving and translating an incoming customer order B) Sending an acknowledgement of the incoming order C) Sending the customer a three-ring bound catalogue using the U.S. mail D) Transmitting an advanced shipping notice to the customer

D)

In a relational database, tables in which no key field is allowed to determine the values of any nonkey field are said to be A) unnormalized. B) in the third normal form. C) in the first normal form. D) in the second normal form.

C)

In a relational database, tables that do not have any nonkey fields determining the values of other nonkey fields are said to be A) in the first normal form. B) in the second normal form. C) in the third normal form. D) unnormalized.

A)

In a system using batch processing with sequential file updating, at what point is the general ledger updated? A) After all master files are updated B) After each transaction batch is entered C) After all transactions are entered D) After each transaction batch is edited

C)

In an SQL query, ________ is the comparison operator used to specify "greater than." A) >= B) => C) > D) =>>

25) In an internal audit function, the nature of independence is different than that of an external auditor.

TRUE

A)

Key verification is often used A) to verify only selected essential fields. B) to verify essential and nonessential numeric fields. C) to verify all input fields, both alpha and numeric. D) when two or more people key input data in unison.

A)

Output systems can be manual, electronic, or something in between. Irrespective of the media used in an output system, output distribution should be controlled using a A) distribution register. B) transaction register. C) check register. D) POS terminal.

C)

Overflow in a directly-accessed file means A) hashing a record to an address. B) vacant storage space created by the hashing results. C) extra storage space is required because the hashing results in more than one record being assigned to the same address. D) a separate section of the disk is allocated for file additions.

1) Fraud examination and fraud investigation both refer to the application of accounting and other specialized skills to the prevention, detection, investigation, correction, and reporting of Fraud.

TRUE

1) Tools used in the analysis, design, and documentation of system and subsystem relationships are known as system techniques.

TRUE

10) Good documentation means that records should be maintained by all parties involved in a transaction.

TRUE

11) Fraud detection is often an imperfect process.

TRUE

11) ISO 27000 family of standards defines standards for building, operating, and maintaining ISMSs.

TRUE

12) File servers exist mainly as storage for electronic files.

TRUE

12) The CEO and CFO must prepare a statement to accompany the audit report to certify that the companys reported financial statements are presented fairly in all material respects

TRUE

13) Cloud computing describes the increasing trend for data processing capabilities to be provided as a service via the Internet.

TRUE

13) Section 404 of the Sarbanes-Oxley Act requires that annual filings of publicly traded companies include a statement of management& responsibility for establishing and maintaining adequate internal control as well as an assessment of the effectiveness of that internal control.

TRUE

13) The enterprise architecture describes the joint structure and behavior of the enterprise and its information system.

TRUE

14) Many companies have adopted ethics codes of conduct which provide guidance for conducting business in an ethical manner.

TRUE

14) System faults represent component equipment failures such as disk failures and power outages.

TRUE

14) Total fraud cost is defined as the summation of costs of prevention, costs of investigations, costs of detections, and costs of losses.

TRUE

15) XBRL is a language that facilitates the exchange of financial statements over the Internet.

TRUE

16) A fraud incident report can be anything from a red flag to a formal report written by a responsible person.

TRUE

16) External users of accounting information include stockholders, investors, creditors, government agencies, customers and vendors, competitors, labor unions, and the public at large.

TRUE

17) The board of directors serves as an interface between the stockholders of an organization and its operating management.

TRUE

17) The data model uses structured query language to perform operations on data within a database.

TRUE

17) The four basic symbols corresponding to basic data processing functions are the input/output symbol, the process symbol, the flowline symbol, and the annotation or comment symbol.

TRUE

18) CEO/owner, legal counsel, and the internal auditors are among the possible candidates to receive notifications regarding a fraud investigation.

TRUE

18) Social engineering is a form of manipulation of people in order to trick them into divulging privileged information.

TRUE

18) The AIS benefits of information technology include automation, information organization, and communication.

TRUE

19) Control is established in the budgeting process by comparing the results of activity to the budget for each activity.

TRUE

19) Evidence is anything that relates to the truth or falsity of an assertion made in an investigation or legal proceeding.

TRUE

19) Pretexting and phishing are forms of social engineering.

TRUE

19) The corporate information factory can be represented by a 3-part model including data acquisition, management, and delivery.

TRUE

2) Selecting the best opportunities and managing uncertainties is part of Enterprise Risk Management (ERM).

TRUE

20) MRP and MRP II software was created to aid in Supply Chain Management (SCM).

TRUE

20) The decision symbol represents a decision or switching type of operation that determines which of a number of alternative paths is to be followed.

TRUE

21) A fraud theory provides answers to the basic question regarding who, what, when, where, how, and why.

TRUE

21) Malware can be hidden in email, downloaded software, disk or Web browser.

TRUE

21) Service-oriented architecture is an applications architecture design framework that facilitates the development of application suites that share information with each other.

TRUE

21) The segregation of authorization from the recording of transactions and custody of assets is an essential internal control process.

TRUE

22) Flexible manufacturing systems can be reprogrammed to produce entirely different products.

TRUE

24) Evidence should be collected in a specific order.

TRUE

25) A HIPO chart contains two segments: a hierarchy chart and one or more IPO charts.

TRUE

C)

The first step in a batch-processing environment using sequential file updating is A) preparing general ledger reports. B) updating the master file. C) preparing the transaction file. D) updating the general ledger.

D)

The logical structure most commonly used in business today is the A) tree structure. B) network structure. C) hierarchical structure. D) relational structure.

A)

The master file in a computer system is equivalent to which one of the following manual system features? A) Subsidiary ledger B) Journal C) Register D) Log

D)

Third party reporting solutions can provide end users the ability to easily extract reports and queries from the application database. Examples of these reporting solutions include A) Crystal Reports. B) MicroStrategy. C) OLAP. D) Crystal Reports and MicroStrategy are both examples of 3rd party reporting solutions.

B)

To process and locate records in files, it is necessary to use a(n) A) attribute. B) key or record key. C) parent. D) element.

B)

When a system sorts edited data immediately before a master file update in a batch-oriented system, the operation sequence for editing and sorting is called A) sort and edit. B) edit and sort. C) sort and update. D) edit and update.

B)

________ permit(s) the data to be physically stored apart from the application which facilitates a client-server, tiered architecture environment, in which multiple client users access a shared database. A) Database objects B) Database agnosticity C) Database management system D) Database logical structure