ACCT 4540/5540 Final Exam
A study from McKinsey Global Institute estimates that Big Data could generate up to $_____ trillion in value per year in just a subset of industries impacted.
3
Data analytics professionals spend up to _____ % of their time cleaning data for analysis?
90
Select all that apply What is a smart contract used in a blockchain network? a. A smart contract is written in software code. b. A smart contact defines the transaction rules in Bitcoin. c. A smart contract defines the digital assets that could be transferred in transactions. d. A smart contract defines the terms and business rules to be used in conducting transactions.
a. A smart contract is written in software code. c. A smart contract defines the digital assets that could be transferred in transactions. d. A smart contract defines the terms and business rules to be used in conducting transactions.
Natural language processing (NLP) applications communicate using written and spoken _____.
Language
Computer frauds also happen during the systems development _____ cycle (SDLC).
Life
AI is intelligence exhibited by _____ rather than humans.
Machines or Computers
Management controls are security controls that focus on _____ of risk and information system security.
Management
The processes of making sure changes to programs and applications are authorized and documented are called change _____ controls. Changes should be tested prior to implementation so they do not affect system availability and reliability.
Management
In a machine learning context, a model is a _____ representation of some process.
Mathematical
To create a digital signature, the document creator must use his or her own private key to encrypt the _____ _____ (MD), so the digital signature also authenticates the document creator.
Message Digest
Understanding the data also includes selection of appropriate _____.
Metrics
A common security threat, _____, is that the attacker steals or makes unauthorized use of a service.
Misappropriation
During the "Objective Setting" process, firms set specific objectives based on their _____ and _____.
Mission and Vision
Neural networks are mathematical _____ that convert inputs to outputs/predictions.
Models or Algorithms
In the COSO ERM framework, _____ is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model.
Monitoring
You can use Value Field Settings to specify a Custom _____ for a field.
Name
The more _____ the question is, the better chance it has of being answered.
Narrow
Measures are _____ fields.
Numeric
The _____ system is the most important system software because it performs the tasks that enable a computer to operate.
Operating
Security controls for wireless networks can be categorized into three groups: management, _____, and technical controls.
Operating(tional)
In supervised learning, the _____ is a known set of values that the neural network seeks to predict.
Output
Under the _____ simulation approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results to audit the system.
Parallel
Control activities are the policies and procedures that help ensure that necessary actions are taken to address risks to achieving the firm's objectives. There are two categories of control activities: _____ controls and _____ controls.
Physical and IT
Regression problems seek to _____ real numbers, such as house prices.
Predict
Forecasting whether a company will go bankrupt is an example of ______ analysis.
Predictive
Requiring a signed source document before recording a transaction is a _______ control.
Preventive
_____ controls require compliance with preferred procedures to deter undesirable issues from happening.
Preventive
To create relationships among Excel tables, you link foreign keys to _____ keys.
Primary
In using asymmetric-key encryption, each user has a pair of two keys, the _____ key and the _____ key.
Private and Public
To authenticate the receiver (B), the sender (A) e-mails a challenge message to B. B will use her _____ key to encrypt the challenge message and send it to A. If A is able to use B's _____ key to decrypt and get the plaintext of the challenge message, A has authenticated B successfully.
Private and Public
During the objective setting stage, management should have a _____ in place to set strategic, operations, reporting, and compliance objectives.
Process
Internal control is a _____ consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.
Process
Audit data standards were developed by the following party to facilitate audits. a. American Institute of Certified Public Accountants b. New York Stock Exchange c. Public Company Accounting Oversight Board d. Securities and Exchange Commission
a. American Institute of Certified Public Accountants (AICPA)
In auditing information systems, auditors use parallel _____ to verify the firm's key features or processes. Under this approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results.
Simulation
The theft, misuse, or misappropriation of computer hardware is a common computer fraud. The illegal copying of computer _____ is another commonly observed computer fraud.
Software or Applications
Part of understanding the data is to find relevant _____ for the data.
Sources
The COSO ERM framework categorizes objectives in the following four categories: _____, operations, reporting, and compliance.
Strategic
Encryption algorithms are grouped into two categories: _____-_____ and asymmetric-key encryption methods.
Symmetric-key
Part of getting the Excel data is to convert the raw data into _____.
Tables
Security controls for wireless networks can be categorized into three groups: management, operational, and _____ controls.
Technical
The _____ _____ technique uses a set of input data to validate system integrity in auditing a system. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.
Test Data
Select the correct definition of a digital signature. a. A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's hashing key. b. A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's private key. c. A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's public key.
b. A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's private key.
According to the textbook, companies are empowered by using data analytics to do all but the following: a. forecast future behavior b. prevent fraud c. investigate anomalies d. discover various patterns
b. prevent fraud
The "S" in the AMPS model stands for _____. a. share the report b. share the story c. share the results d. share the findings
b. share the story
Select all that apply. Select the principles related to review and revision in the COSO ERM 2017 framework. a. Define risk appetite b. Leverage information and technology c. Evaluate alternative strategies d. Assess substantial change e. Review risk and performance
d. Assess substantial change e. Review risk and performance - a. & c. Strategy and Objective Setting - b. Information Communication and Reporting
Firms continue to monitor system availability. Fault _____ uses redundant units to provide a system with the ability to continue functioning when part of the system fails. Many firms implement a redundant array of independent drives (RAID) so that if one disk drive fails, important data can still be accessed from another disk.
Tolerance
In machine learning, the model learns from _____ cases or data.
Training
T/F: Auditors may monitor blogs and social media to assess the probability of a goodwill write-down.
True
T/F: Business intelligence allows firms to monitor competitors, customers and suppliers.
True
T/F: Common benefits of using wireless technology include mobility, rapid deployment, and flexibility and scalability of a network.
True
T/F: Data analytics is defined as the science of examining raw data (now often Big Data), removing excess noise from the dataset, and organizing the data with the purpose of drawing conclusions for decision making.
True
T/F: Integrity and individual ethics are formed through a person's life experience.
True
T/F: Most threats with regard to wireless networks typically involve an attacker with access to the radio link between a station and an access point, or between two stations.
True
T/F: The internal environment of the COSO ERM framework provides the discipline and structure for all other components of enterprise risk management. It is the most critical component in the framework.
True
T/F: The reason why a digital signature can be used to ensure data integrity is because of the hashing process is not reversible.
True
T/F: In Excel, a slicer can be used to filter pivot table and pivot chart output.
True - A slicer is a visual filter.
T/F: AI applications are also called cognitive technologies.
True - AI applications are cognitive technologies.
T/F: Data analytics is useful for a business to examine patterns and trends in large datasets.
True - Data analytics is used to examine patterns and trends in large datasets.
T/F: The phrase "Your data won't speak unless you ask it the right data analysis questions" really speaks to the expertise the accountant can offer by asking questions that are answerable by data.
True - The accountant has expertise knowing what data is available to answer the question.
T/F: A data visualization is a graphical means of presenting information to decision makers.
True - This is the purpose of a data visualization.
T/F: One reason for the paradigm shift suggests that auditors will stay engaged with clients beyond the audit since data analytics allows them to offer value to their clients.
True - We expect auditors will stay engaged with clients beyond the audit since data analytics allows them to offer value to their clients.
Deep learning networks have more than _____ non-output layers.
Two
Firms continue to monitor system availability. Backups are used to alleviate problems of file or database corruptions. An _____ power supply is a device using battery power to enable a system to operate long enough to back up critical data and shut down properly during the loss of power. Both are corrective controls.
Uninterruptible or Uninterrupted
To audit a system, auditors use the test data technique to _____ system integrity. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.
Validate
A _____ _____ _____ (VPN) securely connects a firm's WANs by sending/receiving encrypted packets via virtual connections over the public Internet to distant offices, salespeople, and business partners.
Virtual Private Network
We often define _____ as weaknesses or exposures in IT assets or processes that may lead to a business risk, compliance risk, or security risk.
Vulnerabilities
A data _____ is a centralized collection of firm-wide data for a relatively long period of time.
Warehouse
The data in a data _____ are pulled periodically from each of the operational databases (ranging from a couple of times a day to once a year) and often maintained for 5 to 10 years.
Warehouse(s)
To use the _____-box approach to audit systems, auditors need to understand the internal logic of the system/application being tested.
White
A _____ _____ network (WAN) links different sites together; transmits information across geographically dispersed networks; and covers a broad geographic area such as a city, region, nation, or an international link.
Wide Area
Select all that apply What is cloud computing? Select correct statements in describing cloud computing. a. A cloud user company often shares the computing resources with other user companies, and a cloud provider is responsible for managing the resources. b. Most cloud computing service providers charge on a per-user basis. c. Most companies have no issues in using cloud computing and may consider storing critical and sensitive data in the cloud. d. A third-party service provider offers computing resources including hardware and software applications to users over the Internet cloud.
a. A cloud user company often shares the computing resources with other user companies, and a cloud provider is responsible for managing the resources. b. Most cloud computing service providers charge on a per-user basis. d. A third-party service provider offers computing resources including hardware and software applications to users over the Internet cloud.
Which of the following is NOT true about modern neural networks? a. A neural network with more than 100 layers cannot be effectively trained b. Neural networks have been used to solve sophisticated problems like computer vision. c. Most business problems require only two or three hidden layers d. More layers increasing the complexity of the models
a. A neural network with more than 100 layers cannot be effectively trained
What is a message digest? a. It is an encrypted message. b. It is a result of an encryption process such as using asymmetric-key encryption. c. It is a result of an authentication process such as using asymmetric-key encryption. d. It is a result of a hashing process such as using the SHA-256 algorithm.
d. It is a result of a hashing process such as using the SHA-256 algorithm.
Which of the following is NOT a well-known visualization tool? a. Power BI Desktop b. SPSS Statistical Software c. Microsoft Excel d. Microsoft Access
d. Microsoft Access
Who is responsible to prevent and catch fraud? a. Controller b. Treasurer c. IT professionals d. The management
d. The management - An entity's management has primary responsibility for establishing and monitoring all aspects of the entity's fraud risk-assessment and prevention activities, and has both the responsibility and the means to implement measures to reduce the incidence of fraud.
Addressing the question, "What should we do, based on what we expect will happen" is an example of ______ analysis. a. predictive b. diagnostic c. descriptive d. prescriptive
d. prescriptive
Man-in-the-middle
the attacker actively intercepts communication between wireless clients and access points to obtain authentication credentials and data
Computer frauds also happen during the systems _____ life cycle (SDLC).
Development
T/F: Each company should use only one of the control/governance frameworks in corporate and IT governance.
False - Companies may choose to use multiple frameworks in corporate and/or IT governance.
One of the COSO ERM framework components, _____ _____, encompasses the tone of a firm, influences the risk consciousness of its people, and sets the basis for how risk is viewed and addressed by the firm.
Internal Environment
1. ensuring the authorization, entry, and verification of data entering the system 2. ensuring that data and transactions are processed accurately 3. providing output to authorized people and ensuring the output is used properly
1. Input controls 2. Processing controls 3. Output controls
1. ensure the characters in a field are of the proper type 2. compare data entering the system with existing data in a reference file to ensure only valid data is are entered 3. ensure the data fit into the size of a field 4. ensure all required data are entered for each record
1. Field checks 2. Validity checks 3. Size checks 4. Completeness checks
1. Anonymous peer-to-peer transactions, no middleman involved. 2. Uses smart contracts
1. Bitcoin 2. Ethereum
1. One block is added to the blockchain every 10 minutes. 2. One block is added to the blockchain every 12 to 15 seconds.
1. Bitcoin 2. Ethereum
1. a general internal control framework that can be applied to all firms 2. a framework expands from internal control to risk management that can be applied to all firms 3. a comprehensive framework for IT governance and management 4. a framework focusing on IT infrastructure and IT service management 5. a framework for information security management
1. COSO 2. COSO ERM 3. COBIT 4. ITIL 5. ISO 27000 Series
Common security objectives for both wired and wireless networks include: confidentiality, integrity, availability, and access control. Select the correct explanation for each term. 1. confidentiality 2. integrity 3. availability 4. access control
1. Communication cannot be read by unauthorized parties. 2. Detect any intentional or unintentional changes to the data during transmission. 3. Devices and individuals can access a network and its resources whenever needed. 4. Restrict the rights of devices or individuals to access a network or resources within a network.
Match individual computer fraud schemes with the oversights. 1. 195 illegitimate drivers' licenses are created and sold by a police communications officer 2. An employee entered fake health insurance claims into the system, and profited $20 million. 3. A computer technician uses his unrestricted access to customers' systems to plant a virus on their networks that brings the customers' systems to a halt. 4. A foreign currency trader covers up losses of millions over a 5-year period by making unauthorized changes to the source code.
1. Lack of authentication and role-based access control requirements 2. Lack of consideration for security vulnerabilities posed by authorized system access 3. Lack of access control to all customers' systems 4. Lack of code reviews; improper change management
1. test a numerical amount to ensure that it is within a predetermined range 2. compares data entering the system with existing data in a reference file to ensure only valid data is are entered 3. retrieve and display related information to ensure accurate data entry 4. ensure the logical relationship between two data values is correct
1. Range checks 2. Validity checks 3. Closed-loop verifications 4. Reasonableness checks
Define the following batch totals. 1. the total records in the batch 2. the sum of a field containing dollar values 3. the sum of a numeric field, such as employee number, which normally would not be the subject of arithmetic operations
1. Record count 2. Financial total 3. Hash total
ITIL organizes IT service management into five high-level categories. Define each category. 1. the strategic planning of IT service management capabilities and the alignment of IT service and business strategies 2. the design and development of IT services and service management processes 3. the transition from strategy to design, and maintaining capabilities for the ongoing delivery of a service 4. the effective and efficient delivery and support of services, with a benchmarked approach for event, problem, and access management 5. ongoing improvement of the service and the measurement of process performance required for the service
1. Service strategy 2. Service design 3. Service transition 4. Service operation 5. Continual service improvement
Match each situation below with the correct type of vulnerability. 1. No regular review of a policy that identifies how IT equipments are protected against environmental threats 2. Poor user access management allows some users to retrieve sensitive information not pertaining to their roles and responsibilities 3. Failure to terminate unused accounts in a timely manner
1. Vulnerabilities within a physical IT environment 2. Vulnerabilities within the processes of IT operations 3. Vulnerabilities within an information system
1. to ensure transactions are valid 2. to prevent fraud and mistakes 3. to compensate imperfect segregation of duties 4. to maintain audit trails and accuracy of the financial data 5. to ensure only authorized personnel have access to physical assets and information 6. to double check for errors and misrepresentations
1. authorization 2. segregation of duties 3. supervision 4. accounting documents and records 5. access control 6. independent verification
Provide the process of risk assessment in correct sequence (i.e., seven steps). The last step is to base on the results of the cost/benefit analysis, determine whether to reduce the risk by implementing a control, or to accept, share, or avoid the risk.
1. identify risks to the firm 2. estimate the likelihood of each risk occurring 3. estimate the impact 4. identify controls to mitigate the risk 5. estimate the costs and benefits of implementing the controls 6. perform a cost/benefit analysis for each risk and corresponding controls
Match the devices used in each type of networks. 1. LAN 2. VPN 3. WAN
1. switches 2. access points 3. firewalls
Find proper definitions of techniques for white-box approach in auditing systems. 1. test data technique 2. parallel simulation 3. integrated test facility
1. uses a set of input data to validate system integrity 2. attempts to simulate the firm's key features or processes 3. enables test data to be continually evaluated during the normal operation of a system
Management selects risk responses and develops a set of actions to align risks with the entity's risk tolerances and risk appetite. The four options to respond to risks are: reducing, sharing, avoiding, and _____ risks.
Accepting or Accept
A wireless network is comprised of two fundamental architectural components: _____ points and _____.
Access and Station(s)
Management selects risk responses according to the entity's risk tolerances and risk _____.
Appetite
IT controls are a subset of a firm's internal controls and are categorized as IT general and _____ controls.
Application
Machine learning is a subset of _____ intelligence.
Artificial
Firms use two encryption methods, _____ encryption and _____ encryption, in data transmission and electronic communication in e-business.
Asymmetric-key or Two-key and Symmetric-key or One-key
Management is responsible for fraud risk assessments, while the _____ _____ typically has an oversight role in this process.
Audit Committee
Using the asymmetric-key encryption method, _____ can be achieved for electronic transactions.
Authentication
The term "computer-assisted audit techniques (CAATs)" refers to any _____ audit techniques that can be used by an auditor to perform audits or achieve audit objectives.
Automated
T/F: Data analytics comes up with computer algorithms that make decisions automatically without human intervention.
False - Data analytics are suggestive. They examine raw data, remove excess noise, and organize the data with the purpose of assisting with decision making.
T/F: Excel is always the best visualization tool.
False - Excel is good but far from the best.
T/F: Since blockchains are immutable, auditors do not need to audit blockchain transactions.
False - For most companies, smart contracts will need to be audited to verify the business rules.
T/F: Given the popularity of the Internet, mobile devices, and the complexity of computer technologies, important business information and IT assets are exposed to risks and attacks from external parties such as hackers, foreigners, competitors, etc. Today's employees are well trained and always support the firm to prevent the attacks.
False - Given today's environment
T/F: Supervised learning is a type of machine learning but it is seldom used in practice.
False - It is the most often used.
To authenticate the receiver (B), the sender (A) e-mails a challenge message to B. B will use _____ (tip: A's or B's) private key to encrypt the challenge message and send it to A. If A is able to use _____ (tip: A's or B's) public key to decrypt and get the plain text of the challenge message, A has authenticated B successfully.
B's and B's
T/F: Vulnerability assessment and management are often required by laws. Hence, management's commitment and support are not as critical as in enterprise risk assessment and management.
False - Management's commitment and support and the integration of vulnerability management efforts within all levels of the firm are critical success factors for vulnerability management.
T/F: Raw data must have blank rows or columns to be easily turned into an Excel table.
False - Must not have blank rows or columns.
To use the Tableau Show Me tool, select one or more of the _____ of interest while holding down the control (CTRL) key.
Fields
T/F: Information security is a critical concern to the chief information officer (CIO) and maybe also to the internal auditors. In general, practicing certified public accountants (CPAs) do not need to know much about information security management.
False - Per AICPA, in the past 10 years, information security management has been ranked as the top one technology issue for CPAs.
T/F: Classification problems seek to minimize the differences between predicted and actual values.
False - Regression problems do this, not classification problems.
T/F: In Tableau, there is one best type of visualization for each combination of dimensions and measures.
False - The Show Me tool will show the various best visualizations but there are often more than one type that can be used.
T/F: Most companies prefer to use the symmetric-key encryption method than the asymmetric-key encryption method in conducting e-business.
False - To conduct e-business, most companies use a hybrid combination of both symmetric-key encryption and asymmetric-key encryption methods.
T/F: In general, data analytics requires the auditor to pull data at the client site before an external audit is completed.
False - With data analytics, auditors will be able to work from anywhere, anytime, without the need to pull data at the client site.
T/F: Unlike Microsoft Access, you can't create relationships among tables in Excel.
False - You can create relationships among tables in Excel much like you set relationships in Access.
Dimensions in Tableau are _____ fields.
Categorical
When joining two tables in Tableau, the overlapping _____ indicate the type of join.
Circles
Most machine learning applications are designed to perform either some sort of _____ or regression.
Classification or Categorization
Virtualization and _____ computing are considered good alternatives to back up data and applications.
Cloud
According to AICPA, "the primary focus of information security is the balanced protection of the _____ _____ and availability of data while maintaining efficient policy implementation.
Confidentiality and Integrity
The success of an artificial neural network can be measured by using a _____ matrix.
Confusion
List the key characteristics of blockchain technology: distributed and decentralized, _____, and _____.
Consensus, and Immutability
With _____ auditing, theoretically, an audit report/opinion can be issued simultaneously with, or shortly after, the occurrence of the events under review.
Continuous
In today's electronic world, most accounting records are stored in a _____.
Database(s)
In developing the visualization, it is important to keep the _____ maker in mind.
Decision
Machine learning applications improve their ability to analyze patterns as they process more _____.
Data
A type of attack called _____ could be described as the attacker passively monitors wireless networks for data, including authentication credentials.
Eavesdropping
According to the COSO 2.0 framework, operations objectives are about _____ and _____ of a firm's operations on financial performance goals and safeguarding assets.
Efficiency and Effectiveness
The _____ _____ module is a programmed audit module that is added to the system under review. Hence, the auditors can monitor and collect data over online transactions. The collected data are analyzed by auditors in evaluating control risks and effectiveness.
Embedded Audit
Artificial neural networks are the _____ of machine learning.
Engine
Organizations derive their code of _____ from cultural values, societal traditions, and personal attitudes on issues of right and wrong.
Ethics
In the COSO ERM framework component _____ _____, firms identify events affecting achievement of their objectives.
Event Identification
Computer-assisted audit techniques enable auditors to gather and analyze audit _____ to test the adequacy and reliability of financial information and internal controls in a computerized environment.
Evidence
Given the popularity of the Internet, mobile devices, and the complexity of computer technologies, business information and IT assets are exposed to risks and attacks from _____ parties such as hackers and _____ parties such as disgruntled employees.
External and Internal
T/F: Data analytics allows auditors to vastly expand sampling beyond current traditional sample sizes, but does not allow the ability to test the full population of transactions.
False
T/F: A blockchain network is a distributed ledger system and all transactions must be verified by a central authority.
False - A central authority is not needed in a blockchain network.
T/F: A local area network is a group of computers, printers, and other devices connected to the same network and covers a large geographic range such as a city, a county, or a state.
False - A local area network (LAN) is a group of computers, printers, and other devices connected to the same network and covers a limited geographic range such as a home, small office, or a campus building.
T/F: Cybersecurity is highly technical and not relevant to CPA.
False - AICPA indicates that cybersecurity is an important part of risk management and it is relevant to CPA's.
T/F: Audit data standards are a set of data standards in preparation for the internal audit.
False - Audit data standards are a set of data standards for the external audit.
T/F: Audits do not provide value beyond the financial perspective and providing assurance.
False - Audits not only yield important findings from a financial perspective, but also information that can help companies refine processes, improve efficiency and anticipate future problems.
T/F: It is important to provide the decision maker more information than he or she can process.
False - Avoid information overload.
T/F: The most recent control framework designed by COSO is called control objectives for information and related technology (COBIT).
False - COSO 2.0 (or COSO 2013)
If there are two possible classifications, then the confusion matrix would show _____ cells with the prediction options.
Four
The first step in preparing the data and developing visualizations is to _____ data.
Get or Obtain
An important part of understanding the data involves questioning how the data supports the overall _____ of the visualizations.
Goal(s) or Objective(s)
We define corporate _____ as a set of processes and policies in managing an organization with sound ethics to safeguard the interests of its stakeholders.
Governance
Robotic process automation is used to reduce the _____ labor required.
Human
The risk assessment process starts with _____ the risks.
Identifying
Authentication is a process that establishes the origin of information or determines the _____ of a user, process, or device. It is critical in e-business because it can prevent _____ while conducting transactions online.
Identity and Repudiation
IT vulnerabilities can be categorized depending on whether they exist in the physical IT environment, within an _____ _____, or within the processes of IT operations.
Information System(s)
IT application controls are activities specific to a subsystem's or an application's _____, processing, and output.
Input, Inputting, or Inputs
Most mistakes in an accounting information systems occur while entering data. Control efforts are focused on _____ rather than processing and output activities.
Input, Inputting, or Inputs
The _____ _____ _____ (ITF) approach is an automated technique that enables test data to be continually evaluated during the normal operation of a system. The auditor creates fictitious situations and performs a wide variety of tests over the system.
Integrated Test Facility
General security objectives for both wired LANs and wireless LANs include: _____, _____, _____, and access control.
Integrity, Confidentiality, and Availability
List the three types of blockchain: _____ blockchain, _____ blockchain, and _____ blockchain.
Public, Private, and Consortium
Two common names for asymmetric-key encryption are _____ or _____ encryption.
Public-key and Two-key
Disaster _____ planning (DRP) is a process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations when the events occur.
Recovery
The second step in preparing the data and developing visualizations is to set _____ among tables to exploit any database structure.
Relationships or Associations
After connect to data sources in Tableau, the next step is to create _____ among the tables.
Relationships, Associations, or Joins
According to the COSO 2.0 framework, reporting objectives are about the _____ of a firm's internal and external financial reporting.
Reliability
RPA is a tool that can perform high-volume, _____, tasks such as preparing tax returns or managing accounts payable.
Repetitive
The COSO 2.0 (COSO 2013) framework indicates that an effective internal control system should consist of three categories of objectives: operations objectives, _____ objectives, and _____ objectives.
Reporting and Compliance
The COSO ERM framework indicates that an effective internal control system should consist of four categories of objectives: _____ objectives, operations objectives, _____ objectives, and _____ objectives.
Reporting, Compliance, and Strategic
Cloud computing refers to a service model where third-party service providers offers computing _____ including hardware and software applications to cloud users over the Internet, and the service provider charges on a per-user basis.
Resource(s)
Disaster recovery planning (DRP) is a process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations when the events occur. A DRP should be _____ and _____ periodically to analyze weaknesses and explore possible improvements.
Reviewed and Tested
Internal and external events affecting achievement of a firm's objectives must be identified. When using COSO ERM framework, management must distinguish between _____ and _____ after identifying all possible events.
Risk(s) and Opportunity(ies)
Information technology controls involve processes that provide assurance for information and help to mitigate _____ associated with the use of _____. Firms need such controls to protect information assets, remain competitive, and control costs in implementing IT projects.
Risk(s) and Technology
The attacker of a wireless network sometimes uses a _____ access point to set up an unsecured wireless network near the enterprise with an identical name and to intercepts any messages sent by unsuspecting users that who log onto it.
Rouge
_____ _____ published a white paper in 2008 to introduced a concept on distributed ledger system which is the foundation of the blockchain technology.
Satoshi Nakamoto
Select all that apply Select correct statements regarding asymmetric-key encryption methods. a. Asymmetric-key encryption is slow and is not appropriate for encrypting large data sets. b. Asymmetric-key encryption is also called two-key encryption. c. Asymmetric-key encryption is also called public-key encryption. d. Asymmetric-key encryption method has problems in key distribution and key management.
a. Asymmetric-key encryption is slow and is not appropriate for encrypting large data sets. b. Asymmetric-key encryption is also called two-key encryption. c. Asymmetric-key encryption is also called public-key encryption. - d. Symmetric-key encryption method has problems in key distribution and key management.
Select all that apply What is the white-box approach in auditing systems? Select all statements that apply. a. Auditors need to create test cases to verify specific logic and controls in a system. b. It requires auditors to understand the internal logic of the system/application being tested. c. The white-box approach is also called auditing around the computer.
a. Auditors need to create test cases to verify specific logic and controls in a system. b. It requires auditors to understand the internal logic of the system/application being tested. - c. It is called auditing through the computer.
Select all that apply Select the benefits of using wireless technology. a. Convenient online access without a physical network using cables for connections b. Secured data transmission using a wireless network c. Freely setting up or removing wireless networks at different locations
a. Convenient online access without a physical network using cables for connections c. Freely setting up or removing wireless networks at different locations - b. The security level depends on the protocol and setting of the wireless devices. Many wireless networks are not secure.
Select all that apply Management controls are security controls that focus on management of risk and information system security. Give examples of management controls in wireless networks. a. Creating policies and procedures regarding security issues b. Preventing and detecting physical security breaches c. Conducting risk assessment regarding security issues d. Assigning roles and responsibilities of end users
a. Creating policies and procedures regarding security issues c. Conducting risk assessment regarding security issues d. Assigning roles and responsibilities of end users - b. This is an operational control.
Which of the following is NOT true about data visualizations. a. Data visualizations are the only way to present data b. Data visualizations present information to decision makers c. Data visualizations are graphical representations d. There are many ways to develop data visualizations
a. Data visualizations are the only way to present data
The data analytics skill sets that should be developed are all but the following: a. Decision making b. Mining/Analyzing data c. Creating data structures/models d. Acquiring/cleansing data
a. Decision making
Select the principle related to governance and culture in the COSO ERM 2017 framework. a. Demonstrate commitment to core values b. Evaluate alternative strategies c. Leverage information and technology d. Prioritize risks e. Define risk appetite
a. Demonstrate commitment to core values - b. & e. Strategy and Objective Setting - c. Information Communication and Reporting - d. Performance
ETL stands for which process for scrubbing raw data to make it ready for analysis? a. Extract, Transform, and Load b. Extrapolate, Transform, and Load c. Extract, Translate, and Load d. Evaluate, Translate, and Load
a. Extract, Transform, and Load
Select all that apply What is fraud? a. Frauds are perpetrated by parties to obtain money, property, or services. b. Frauds are perpetrated by organizations to avoid payment or loss of services. c. Frauds are perpetrated by parties to secure personal or business advantage. d. A legal act characterized by deceit, concealment, or violation of trust.
a. Frauds are perpetrated by parties to obtain money, property, or services. b. Frauds are perpetrated by organizations to avoid payment or loss of services. c. Frauds are perpetrated by parties to secure personal or business advantage. - d. An illegal act characterized by deceit, concealment, or violation of trust.
According to the textbook, audits are expected to provide all but the following above and beyond the assurance perspective. a. Help companies reduce future audit fees b. Help companies anticipate future problems c. Help companies improve efficiency d. Help companies refine processes
a. Help companies reduce future audit fees
Which of the following is an example of IT general controls (ITGC)? a. IT control environment b. Access control to a specific file in payroll c. Input controls regarding data entry
a. IT control environment - b. & c. application control
Select all that apply Select correct statement regarding information technology governance and corporate governance. a. Information technology governance is the responsibility of management. b. COSO is a generally accepted framework for IT governance and management. c. Information technology governance is a subset of corporate governance. d. IT governance is the responsibility of CIO and internal auditors.
a. Information technology governance is the responsibility of management. c. Information technology governance is a subset of corporate governance. - b. COBIT is a generally accepted framework for IT governance and management.
Anomaly detection algorithms address which of the following questions? a. Is it different? b. What should I do next? c. How much is the predicted price? d. Is it A or B?
a. Is it different?
Select all that apply Select correct statements regarding a virtual private network (VPN). a. It is commonly used for employees to have remote access to their firm's network. b. Encryption technology is required in designing a VPN. c. A VPN is designed to ensure security for transmitting data to trading partners only. d. VPNs are for LANs only.
a. It is commonly used for employees to have remote access to their firm's network. b. Encryption technology is required in designing a VPN. - c. It can be used for employees' remote access. - d. VPNs allow for companies to utilize a WAN for secured data transmission.
Select all that apply What are the success factors for vulnerability management? a. Management's commitment and support b. A firm should determine the main objectives of its vulnerability management after considering the firm's resource constraints. c. Independent effort of vulnerability management across all levels of the firm d. A firm should assign roles and responsibility for vulnerability management.
a. Management's commitment and support b. A firm should determine the main objectives of its vulnerability management after considering the firm's resource constraints. d. A firm should assign roles and responsibility for vulnerability management. - c. The integration of vulnerability management efforts within all levels of the firm is one of the critical success factors.
Select all that apply. Select the principles related to performance in the COSO ERM 2017 framework. a. Prioritize risks b. Develop portfolio view c. Demonstrate commitment to core values d. Evaluate alternative strategies e. Leverage information and technology
a. Prioritize risks b. Develop portfolio view - c. Governance and Culture - d. Strategy and Objective Setting - e. Information Communication and Reporting
Which of the following have not yet been implemented in AI applications? a. Reacting emotionally b. Translating languages c. Recognizing speech d. Driving cars
a. Reacting emotionally
Encryption algorithms are grouped into two categories: symmetric-key and asymmetric-key encryption methods. Select the correct statement regarding these two methods. a. Symmetric-key encryption is fast and suitable for encrypting large data sets or messages. b. Key distribution and key management are problematic when using asymmetric-key encryption method. c. Each user has a pair of two keys when using symmetric-key encryption method.
a. Symmetric-key encryption is fast and suitable for encrypting large data sets or messages. - b. Key distribution and key management are problematic when using symmetric-key encrypting method. - c. When using symmetric-key encryption method, one key is used by each pair of users for communication.
Select all that apply What is continuous auditing? a. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance. b. Continuous auditing is to perform audit-related activities on a continuous basis. c. Continuous auditing is to automate all audit-related activities.
a. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance. b. Continuous auditing is to perform audit-related activities on a continuous basis. - c. Not all audit-related activities are automated in continuous audits.
Select all that apply A fraud prevention and detection program starts with a fraud risk assessment across the entire firm. Select correct statements on the role(s) of the audit committee on fraud risk assessment, prevention and detection. a. The audit committee works with the internal audit group to ensure that the fraud prevention/detection program remains an ongoing effort. b. The audit committee has an oversight role in the fraud risk assessment process. c. The audit committee interacts with external auditor to ensure that fraud assessment results are properly communicated. d. The audit committee is responsible to assess fraud risks and to identify approaches to detecting frauds.
a. The audit committee works with the internal audit group to ensure that the fraud prevention/detection program remains an ongoing effort. b. The audit committee has an oversight role in the fraud risk assessment process. c. The audit committee interacts with external auditor to ensure that fraud assessment results are properly communicated. - d. Management is responsible for fraud risk assessments, while the audit committee typically has an oversight role in this process.
Select all that apply What are the main purposes of corporate governance? a. To protect the interests of a firm's stakeholders b. To identify approaches to manage disgruntled employees c. To promote accountability and transparency in a firm's operations d. To encourage the efficient use of the resources a firm has
a. To protect the interests of a firm's stakeholders c. To promote accountability and transparency in a firm's operations d. To encourage the efficient use of the resources a firm has
Select all that apply Identify the main purposes for a wide area network (WAN). a. To provide remote access to employees or customers b. To ensure secured access from each office in different cities c. To provide corporate access to the Internet d. To link various sites within the firm
a. To provide remote access to employees or customers c. To provide corporate access to the Internet d. To link various sites within the firm
Diagnostic analysis addresses which of the following questions? a. Why did it happen? b. What happened? c. Will it happen in the future? d. What should we do based on what we expect will happen?
a. Why did it happen?
Select all that apply Given your understanding of COSO ERM framework, select factors regarding internal environment. a. a firm's organizational structure, board of directors and the audit committee b. a firm's risk management philosophy and risk appetite c. a firm must have strong internal controls tested regularly d. a firm's human resource policies/practices and development of personnel e. a firm's integrity and ethical values
a. a firm's organizational structure, board of directors and the audit committee b. a firm's risk management philosophy and risk appetite d. a firm's human resource policies/practices and development of personnel e. a firm's integrity and ethical values
Select all that apply The operating system performs the tasks that enable a computer to operate. It is comprised of system utilities and programs that: a. allocate computer resources to users and applications. b. it is the main function in managing a database. c. control the flow of multiprogramming. d. ensure the integrity of the system.
a. allocate computer resources to users and applications. c. control the flow of multiprogramming. d. ensure the integrity of the system.
Which of the statements below best defines an embedded audit module? a. A parallel simulation module that uses a set of input data to validate system integrity. b. A programmed module added to the system so that the auditors can monitor and collect data over online transactions. c. A module in which the auditors create fictitious situations and perform a wide variety of tests over the system. d. A test data technique that enables test data to be continually evaluated during the normal operation of a system.
b. A programmed module added to the system so that the auditors can monitor and collect data over online transactions. - a. The test data technique uses a set of input data to validate system integrity. - c. & d.Integrated Test Facility (ITF)
In an example where the goal is to identify spam email, which of the following best describes the difference between a true positive (TP) and a false negative (FN) in a confusion matrix? a. A true positive is the correct classification of a good email; a false negative is the incorrect classification of a good email b. A true positive is a correct classification of a spam email message; a false negative is an incorrect classification of a spam email message c. A true positive is the incorrect classification of a good email; a false negative is the incorrect classification of a spam email d. A true positive is a correct classification of a spam email; a false negative is a correct classification of a good email
b. A true positive is a correct classification of a spam email message; a false negative is an incorrect classification of a spam email message
Select the best answer in describing virtualization and cloud computing. a. Cloud computing are considered as a bad alternative to backup data because companies should never trust any cloud computing service providers. b. A virtual machine containing system applications and data backups is often resides in the cloud off-site or at various locations. c. Cloud computing uses redundant servers at an on-site location of the company such as its warehouse.
b. A virtual machine containing system applications and data backups is often resides in the cloud off-site or at various locations. - a. Using virtualization and cloud computing for system availability could be cost-effective. They are often considered good alternatives to backup data and applications. - c. Cloud computing uses redundant servers in multiple locations to host virtual machines.
Select a wrong statement about blockchain concepts. a. Blockchain technology uses a distributed ledger system and each copy of the ledger containing the same transaction records. b. All transactions on a blockchain network must be verified by a central authority. c. Participants on a blockchain network must reach consensus before transactions are committed to the blockchain. d. Past information recorded on a blockchain cannot be edited or altered.
b. All transactions on a blockchain network must be verified by a central authority. - A central author is not needed for a blockchain network.
Select all that apply Common computer frauds include the following: a. Installing new applications without testing b. Altering computer-readable records and files c. Altering the logic of computer software d. Misuse of computer hardware
b. Altering computer-readable records and files c. Altering the logic of computer software d. Misuse of computer hardware
Select all that apply What are the potential impacts of blockchain on accounting and audit practice? a. Auditors will not need to audit blockchain transactions since transactions cannot be modified or deleted. b. Blockchain technology increases the possibility of conducting continuous audit. c. Auditors will need to review business rules coded in smart contracts.
b. Blockchain technology increases the possibility of conducting continuous audit. c. Auditors will need to review business rules coded in smart contracts.
Select all that apply What is the common practice in using symmetric-key encryption and asymmetric-key encryption methods in conducting e-business? a. Both parties use the asymmetric-key encryption method to maintain confidentiality in data transmission. b. Both parties use the asymmetric-key encryption method to distribute the symmetric key securely. c. Both parties use the asymmetric-key encryption method to authenticate each other.
b. Both parties use the asymmetric-key encryption method to distribute the symmetric key securely. c. Both parties use the asymmetric-key encryption method to authenticate each other. - a. Both parties use the symmetric-key encryption method to maintain confidentiality in data transmission.
The data analytics skill sets that should be developed are all but the following: a. Creating data structures/models b. Decision making c. Mining/Analyzing data d. Acquiring/cleansing data
b. Decision making
Which of the following is NOT true about the relationship between AI, machine learning, and deep learning. a. Machine learning encompasses deep learning b. Deep learning involves less complexity than machine learning c. Artificial intelligence includes both machine and deep learning d. Deep learning involves more complexity than machine learning
b. Deep learning involves less complexity than machine learning
Select all that apply Select the correct concepts regarding encryption. a. Once a plaintext is encoded into a cyphertext, it cannot be returned to its original plaintext form. b. Encryption provides confidentiality and privacy for data transmission and storage. c. Encryption is a preventive control.
b. Encryption provides confidentiality and privacy for data transmission and storage. c. Encryption is a preventive control. - a. The receiver of the encrypted text uses a "key" to decrypt the message, returning the cypertext to its original plaintext form.
The main factors in encryption are key length, encryption algorithm, and key management. Select the correct statement regarding encryption. a. Most encryption algorithms have similar strength in security. b. Establishing a policy on key management is essential for information security. c. Shorter key length provides for stronger encryption.
b. Establishing a policy on key management is essential for information security. - a. Different encryption algorithms provide different strengths in security. - c. Longer key length provides for stronger encryption.
Which of the following is NOT a technique to train a neural network system? a. Unsupervised learning b. Incentive-based learning c. Reinforcement learning d. Supervised learning
b. Incentive-based learning
The AMPS model is performed ______. a. once to comprehensively address all questions b. once or many times to address questions c. many times
b. once or many times to address questions
Select all that apply Select the correct statement(s) regarding the concepts on internal control defined under COSO 2.0. a. Internal control can provide absolute assurance to an entity's management and board. b. Internal control is geared toward the achievement of objectives in one or more separate but overlapping categories. c. Internal control is about policy manuals, systems, and forms, not affected by people. d. Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.
b. Internal control is geared toward the achievement of objectives in one or more separate but overlapping categories. d. Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.
Anomaly detection algorithms address which of the following questions? a. Is it A or B? b. Is it different? c. How much is the predicted price? d. What should I do next?
b. Is it different?
Select the correct statement regarding the black-box approach in auditing systems. a. The systems are often interrupted for auditing purposes. b. It is also called auditing around the computer. c. Auditors must have detailed knowledge of the systems' internal logic.
b. It is also called auditing around the computer. - a. The systems are not interrupted for auditing purposes. - c. Auditors do not need to gain detailed knowledge of the systems' internal logic.
_____ controls provide output to authorized people and ensure the output is used properly. a. Processing b. Output c. Input
b. Output
Which of the following components is not part of COSO ERM 2017 framework? a. Strategy and Objective Setting b. Risk Assessment c. Performance d. Governance and Culture e. Review and Revision
b. Risk Assessment
Which of the following is NOT an important consideration for developing and presenting visualizations? a. Choose the right chart b. Selecting appropriate metrics c. Create or reinforce knowledge d. Direct user to most important information
b. Selecting appropriate metrics - This is an element of understanding the data that happens prior to developing the visualization.
Which of the following is NOT part of selecting and modifying the visualization? a. Select the right type of chart b. Set relationships among tables c. Select relevant filters d. Add titles, legends, colors as appropriate e. Ensure clear presentation of message
b. Set relationships among tables - This is an earlier step.
Select all that apply Select a correct statement on the monitoring component of the COSO ERM framework. a. Monitoring is accomplished through occasional management activities. Deficiencies are reported only when the problems cannot be resolved. b. The ERM components and internal control process should be monitored continuously and modified as necessary. c. It is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model.
b. The ERM components and internal control process should be monitored continuously and modified as necessary. c. It is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model.
Select all that apply What is the black-box approach in auditing systems? a. Auditors must gain detailed knowledge of the systems' internal logic. b. The advantage of this approach is that the systems will not be interrupted for auditing purposes. c. It is to audit around the computer. d. It is adequate when automated systems applications are relatively simple.
b. The advantage of this approach is that the systems will not be interrupted for auditing purposes. c. It is to audit around the computer. d. It is adequate when automated systems applications are relatively simple. - a. Auditors do not need to gain detailed knowledge of the systems' internal logic.
Select all that apply What is a digital signature? a. When conducting e-business, each trading partner has one digital signature for different transactions. b. The process of getting a message digest (MD) is called hashing. c. It is a message digest (MD) of a document or a data file. d. It is encrypted using the private key of the creator of document or data file.
b. The process of getting a message digest (MD) is called hashing. c. It is a message digest (MD) of a document or a data file. d. It is encrypted using the private key of the creator of document or data file. - a. Since each digital signature is an encrypted MD and each MD is document or data dependent, each party in conducting e-business has many digital signatures.
Select all that apply How can a business make a wide area network secure? a. Use a local area network b. Use dedicated leased lines c. Use a virtual private network
b. Use dedicated leased lines c. Use a virtual private network
Select all that apply Select correct statements regarding "digital signature." a. We use it to maintain privacy and confidentiality. b. We use it to ensure data integrity. c. We need to use a hashing process and encryption technology to get a digital signature. d. Each ebusiness conductor (e.g. document or data creator) uses one digital signature in operating business. e. We use it to authenticate the data/document sender.
b. We use it to ensure data integrity. c. We need to use a hashing process and encryption technology to get a digital signature. e. We use it to authenticate the data/document sender.
Select all that apply Define vulnerability. a. External attacks authorized by management and designed by technology experts to crash a company's system b. Weaknesses or exposures in IT processes that may lead to a business risk, compliance risk, or security risk c. Characteristics of IT resources that can be exploited by a threat to cause harm to a firm
b. Weaknesses or exposures in IT processes that may lead to a business risk, compliance risk, or security risk c. Characteristics of IT resources that can be exploited by a threat to cause harm to a firm
Descriptive analysis addresses which of the following questions? a. What should we do based on what we expect will happen? b. What happened? c. Why did it happen? d. Will it happen in the future?
b. What happened?
In our electronic world, all or most accounting records are stored in a database. A database is: a. a centralized repository that collects data from the beginning of a company's operation until today b. a shared collection of logically related data that meets the information needs of a firm c. a file with big data collected from various sources inside and outside a company
b. a shared collection of logically related data that meets the information needs of a firm
Select the best answer in describing the authentication process. a. For authentication purpose, the one being authenticated must use his/her public key to encrypt the message. b. To authenticate is to determine the identity of a user, not about the device being used. c. Authentication can prevent repudiation while conducting transactions online.
c. Authentication can prevent repudiation while conducting transactions online. - a. For authentication purpose, the one being authenticated must use his/her private key to encrypt the message and send the message back to the party who would like to authenticate him/her. - b. Authentication is a process that establishes the origin of information or determines the identity of a user, process, or device.
Which party would have the most interest in monitoring blogs and social media to assess the probability of the collectibility of bad debts? a. Suppliers b. Stock exchange c. Company accountant d. Customers
c. Company accountant
What is a concurrent update control? a. Concurrent update controls ensure a batch of data is in sequence for batch processing. b. Concurrent update controls compare totals provided in multiple methods to ensure accurate processing. c. Concurrent update controls prevent two or more users updating the same record simultaneously.
c. Concurrent update controls prevent two or more users updating the same record simultaneously. - a. Sequence checks ensure a batch of data is in sequence for batch processing. - b. Cross-footing balance tests compares totals provided in multiple methods to ensure accurate processing.
Which of the following is NOT true about artificial neural networks? a. Connections between nodes can include loops b. Information moves through hidden layers c. Information moves from the output layer to the input layer d. They can be nested so the overall network includes multiple layers
c. Information moves from the output layer to the input layer
What are the purposes of the standards of ISO 27000 series? a. It is designed for IT governance and provides audit guidelines for both internal and external auditors. b. It is designed to provide guidance on IT service management. c. It is designed to address information security issues.
c. It is designed to address information security issues.
Select all that apply Select the principles related to information communication and reporting the COSO ERM 2017 framework. a. Formulate business objectives b. Prioritize risks c. Leverage information and technology d. Communicate risk information e. Analyze business context
c. Leverage information and technology d. Communicate risk information - a. & e. Strategy and Objective Setting - b. Performance
Select the best statement in describing the concept of miners in blockchain. a. Miners can use various consensus algorithms while creating blocks on a blockchain network. b. Miners are any nodes/machines in a blockchain network. c. Miners are the nodes/machines creating and validating blocks.
c. Miners are the nodes/machines creating and validating blocks.
Why do we need to use digital signatures in conducting e-business? a. Maintain confidentiality b. It is the only way to ensure the receiver's identity. c. Obtain data integrity d. Ensure privacy in data transmission
c. Obtain data integrity
Select the correct statement on the three types of blockchain. a. Consortium blockchain is permissionless. b. A public blockchain requires permission to join. c. Private blockchain is also called enterprise blockchain.
c. Private blockchain is also called enterprise blockchain. - Consortium blockchain is a permissioned blockchain allowing several organizations to participate in its management. - A public blockchain is a permissionless blockchain.
Select all that apply Using the two-key encryption method for authentication, we need to be careful about how the keys are used. Select all correct answers regarding key usage in authentication from the list below. a. To be able to authenticate a trading partner, we must have his or her private key to do so. b. Keys from different users could be used for encryption and decryption purposes. c. Public key management is very important because we use public keys to authenticate others in conducting e-business. d. Only the pair of one user's two keys is used for encryption and decryption.
c. Public key management is very important because we use public keys to authenticate others in conducting e-business. d. Only the pair of one user's two keys is used for encryption and decryption. - a. To be able to authenticate a trading partner, we must have his or her public key to do so.
What is the original purpose of using a distributed ledger system with the blockchain technology? a. To reduce transaction cost b. To reduce transaction time c. To eliminate intermediaries/middlemen in perform transactions d. To simplify accounting concepts involved in conducting transactions
c. To eliminate intermediaries/middlemen in perform transactions
What kinds of business questions would a reinforcement learning algorithm help answer? a. What is this house price? b. Will a 20% discount attract buyers? c. What action should I take next? d. Is this website safe?
c. What action should I take next?
The first step in the AMPS model is to _____. a. address the question b. ask management what questions they have c. ask the question d. assess the data
c. ask the question
The application controls are grouped into three categories to ensure information processing integrity: input, _____, and output controls.
processing
