CIA Unit 7
Which of the following is not required by ISO 9000 standards?
Consistent high quality products.
Which of the following is considered an application input control?
Edit check.
Which of the following types of controls is not described in the IT Governance Institute's Control Objectives for Information and Related Technology (COBIT)?
**Exchange controls** Process controls General Controls Business controls
An organization should document its IT control framework for the following: 1. Compliance with applicable regulations and legislation 2. Consistency with the organization's goals and objectives 3. Reliable evidence that activities comply with management's governance policies and are consistent with the organization's risk appetite
1, 2, & 3
Which of the following are key technologies of big data? 1. In-memory analytics 2. Data mining 3. Text mining
1, 2, & 3
Effective IT general controls (ITGCs) are measured by the number of which of the following? 1. IT systems change requests 2. Incidents that damage public reputation 3. Systems that do not meet security criteria 4. Violations of segregation of duties
2, 3, & 4
Devlin Company's rate of return on assets for the year ended May 31, Year 2, was
7.5%
Batch processing
Accumulates transaction records into groups for processing against the master file on a delayed basis.
What technique could be used to prevent the input of alphabetic characters into an all-numeric identification number?
A format check.
Which of the following is a major element of the ISO 9000 quality management system standards?
A requirement for organizations to monitor information on customer satisfaction as a measure of performance.
COBIT 4.1 is
A set of guidelines to assist in implementing adequate controls over IT processes.
All of the following are correct statements regarding businesses deciding to utilize cloud computing for big data projects except
Analysts are not required to have a detailed understanding of the available data and possess some sense of what answer(s) they're looking for.
Which of the following types of control plans is particular to a specific process or subsystem, rather than related to the timing of its occurrence?
Application.
A clerk recorded a sales invoice as US $13.66 when the actual amount was US $133.66. Which control should detect this error?
Batch input totals.
All of the following are correct statements regarding big data except
Big data is an evolving term that describes any voluminous amount of structured data that has the potential to be mined for information.
Control objectives regarding effectiveness and efficiency, reliability, and compliance are the basis of which control framework?
COSO
Which of the following control frameworks was acknowledged by the U.S. Securities and Exchange Commission as an appropriate model for designing internal controls under the requirements of the Sarbanes-Oxley Act of 2002?
COSO.
An employee in the receiving department keyed in a shipment to the accounts payable system and inadvertently omitted the purchase order number. The best systems control to detect this error is
Completeness test
According to the leadership grid developed by Blake and Mouton, which of the following reflects primary concern for people and little concern for production?
Country club management.
Unauthorized alteration of online records can be prevented by employing
Database access controls.
A system that has several computers connected for communication and data transmission purposes but also enables each computer to process its own data is known as a
Distributed network.
Which of the following statements is inconsistent with the key principles of the COBIT 5 framework?
Enterprise governance and management are treated as the same activity.
Which of the following should the auditor recommend as the most economical point at which to correct input errors in an online system?
Entry of data into each field of a record is completed.
A firm should state its primary competitive scopes when it
Formulates its mission
Which standard specifically applies to requirements for a quality management system (QMS)?
ISO 9001.
Why have many European Union countries not adopted ISO 14000 environmental standards?
Individual European Union countries' standards are typically more strict than ISO 14000 standards.
Which of the following best describes unstructured data?
Information that is not organized in a pre-defined manner (e.g., text-heavy facts, dates, numbers, and images).
A validation check used to determine if a quantity ordered field contains only numbers is an example of a(n)
Input control
Which application controls monitor processed and stored data to ensure they are consistent and complete?
Integrity Controls
Which of the following is a correct statement regarding in-memory analytics?
It analyzes data from system memory instead of hard drives.
Which of the following is false with respect to the COBIT maturity model?
It focuses on both capability and performance.
Which of the following is a correct statement regarding Hadoop?
It is open source software framework that stores large amounts of data and runs applications on clusters of commodity hardware.
Which of the following statements most likely represents a disadvantage for an entity that keeps data files on a server rather than on a manual system?
It is usually easier for unauthorized persons to access and alter the files
A large data processing center has processing bottlenecks at peak batch processing hours. The center is sometimes unable to complete all batch processing by the start of the next business day, creating difficulties in starting online systems. When investigating this problem, the internal auditor initially should focus on controls over
Job scheduling.
Which one of the following input controls or edit checks would catch certain types of errors within the payment amount field of a transaction?
Limit check.
Which of the following is not a typical output control?
Matching input data with information on master files and placing unmatched items in a suspense file.
According to the leadership grid developed by Blake and Mouton, which management style reflects moderate concern for production and people?
Middle-of-the-road management.
All of the following represents a characteristic of big data except
Mixture Speed **Uniformity** Size
Departmentation is a common form of business integration. Grouping together all related jobs, activities, and processes for a given business objective into a major organizational subunit is an example of
Product-service departmentation.
Omen Company is a manufacturer of men's shirts. It distributes weekly sales reports to each sales manager. The quantity 2R5 appeared in the quantity sold column for one of the items on the weekly sales report for one of the sales managers. The most likely explanation for what has occurred is that the
Program did not contain a data checking routine for input data.
A new production team has been formed by taking experienced high achievers from existing teams within the factory. The members of the new team have not been required to learn any new skills, and the machines used are identical to those used in their former teams. The team's production supervisor is a longtime employee of the organization but has not previously worked with any members of the new team. Despite the abilities and previous individual achievements of the individual team members, management is surprised by the mediocre performance of the new team. The best approach for the production supervisor to improve performance would be to
Provide opportunities for the team members to socialize with each other.
An employee mistakenly enters April 31 in the date field. Which of the following programmed edit checks offers the best solution for detecting this error?
Reasonableness
Mill Co. uses a batch processing method to process its sales transactions. Data on Mill's sales transaction file are sorted by customer number and are subjected to programmed edit checks in preparing its invoices, sales journals, and updated customer account balances. One of the direct outputs of the creation of this file most likely would be a
Report showing exceptions and control totals.
In testing controls over cash disbursements, an auditor most likely would determine that the person who signs checks also
Responsible for mailing the checks
All of the following are part of a control framework that provides reasonable assurance of preventing computer fraud except
Segregation of duties between the programmer and operating systems and compilers.
COBIT 4.1 is targeted at all of the following except
Shareholders *COBIT 4.1 is targeted to 3 audiences: management, users, and auditors
According to eSAC, accountability is
The control attribute that identifies the source of a transaction.
The online data entry control called preformatting is
The display of a document with blanks for data items to be entered by the person entering the data.
Which of the following is a correct statement regarding volume-based value?
The more data businesses have on the customers, both recent and historical, the greater the insights.
Which of the following statements is not true regarding ISO 9000 standards?
The objective of ISO 9000 standards is to ensure high quality products and services.
A firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automatic system?
Traditional duties are less segregated
Which management principle is violated when an employee answers to several bosses?
Unity of command. *each subordinate should only have one superior
The control known as closed-loop verification would be most useful for
Updating and verifying customer addresses.
The data entry clerk was unable to find the customer's name when inputting the order. This is an example of
Validity Checks
A national retailer required more detailed data to help stock its stores with the right products and to increase its turnover. Such data amounted to several gigabytes per day from each store. A new high-speed company-wide network was needed to transmit and analyze the data. The company wanted the features, functionality, and control of a sophisticated voice and data network without the cost of the components or the staff to maintain it. Which of the following options would be most suitable?
Virtual private network.
The accounting manager was reviewing batches of journal entries for the day. One of the journal entries for a loan payment was rejected by the system. The entry was as follows: Account Name Debit Credit Loan Payable US $22,000 Interest Expense 2,250 Checking $25,000 Which online input control rejected this transaction?
Zero-balance checks
Which of the following control frameworks groups IT business assurance objectives into the five categories of availability, capability, functionality, protectability, and accountability?
eSAC.