4D - Processing Integrity (Input/Processing/Output Controls)

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

The "T" in "COBIT" stands for:

Technology

A fast-growing service company is developing its information technology internally. What is the first step in the company's systems development life cycle?

Testing

The input device used in a department store where the sales clerk passes a light pen over the price tag to record the purchase is:

a barcode scanner.

To avoid invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as:

a check digit.

A program that converts a source program into instruction codes that the central processing unit can execute is called:

a compiler.

A validation check used to determine if a quantity ordered field contains only numbers is an example of:

a data security control.

Because much of the data involved in daily operations would be helpful to competitors if they had access to it, a company authorizes access for employees to only the data required for accomplishing their jobs. This approach is known as access on:

a need-to-know basis.

A compiler is:

a program that converts high-level programming language into machine language.

A software tool used for ad hoc, online access to items in a database would most likely be:

a query utility program.

A software tool used to infrequently select or access items in the database would most likely be:

a query utility program. Query utility programs enable a user to query or interrogate a database. Typically this is done on an as-needed basis.

Queries are a request for a specific piece of information. All of the following describe queries except: the system finds information, retrieves it, and displays it. giving suppliers access to the company's database so the suppliers may better meet the company's needs. a regular periodic document to control operational activities. information that is not satisfied by documents or periodic reports.

a regular periodic document to control operational activities.

A control designed to catch errors at the point of data entry is:

a self-checking digit.

In a computerized billing system, the computer generates a form that has two parts. The first part is a bill that customers are to retain and the second part is to be returned by customers with their payments. The return portion of the form is referred to as:

a turnaround document.

Transaction files contain data

about transactions over a specific period of time,

A company is very conscious of the sensitive nature of company information. Because company data are valuable, the most important thing that the security administrator should monitor is:

access to operational data by privileged users.

A database management system (DBMS) is a complex software package that allows all of the following except: concurrent use of data. provides for access and identification security. accesses information from the database. be application dependent.

be application dependent.

An advantage of having a computer maintain an automated error log in conjunction with computer edit programs is that:

better editing techniques will result.

Machine language is the

binary code (the on/off electrical switches: zero and one) that can be interpreted by the internal circuitry of the CPU. The binary code is usually arranged as a hexadecimal (base 16) code. It is a very time-consuming, error-prone programming process.

The responsibility of user departments

is to interact with application systems as planned. User departments typically do not have the expertise necessary to solve their own systems problems.

Which of the following is a key difference in controls when changing from a manual system to a computer system?

Methodologies for implementing controls change.

Which of the following lists comprise all of the components of the data processing cycle?

Collection, refinement, processing, maintenance, output

Which of the following tasks would be included in a document flowchart for processing cash receipts?

Compare control and remittance totals

The processing in knowledge-based systems is characterized by:

heuristics.

Document flowcharts, also called

horizontal flowcharts

Batch totals require

numerical control.

An exception report (such as an error listing) can be part

of processing as well as an input control.

A disk storage unit is preferred over a magnetic tape drive because the disk storage unit:

offers random access to data files.

Extensible business reporting language (XBRL) uses

tags to identify the contents of each data item. It was created to transmit financial information over the Internet.

An edit of individual transactions in a direct access file processing system usually:

takes place in an online mode as transactions are entered.

Invoice # Product Quantity Unit Price --------- ------- -------- ---------- 201 F10 150 $ 5.00 202 G15 200 10.00 203 H20 250 25.00 204 K35 300 30.00 Which of the following numbers represents the record count?

4

An entity has the following sales orders in a batch: Invoice No. Product Quantity Unit Price ----------- ------- -------- ---------- 101 K 10 50 $ 5.00 102 M 15 100 10.00 103 P 20 150 25.00 104 Q 25 200 30.00 105 T 30 250 35.00 Which of the following numbers represents the record count?

5 These records are in sequence (101, 102, 103, 104, 105) so the number of records is five.

Which of the following is not a violation of segregation of duties within the IT function? A computer operator must request needed files and programs from the data librarian to process transactions. A programmer is allowed to make a minor change in the current production version of the program that updates customer accounts. The information system librarian also fills in as a programmer when projects must be completed quickly. Systems analysts also work as computer operators when needed.

A computer operator must request needed files and programs from the data librarian to process transactions.

Controls in the information technology area are classified into the preventive, detective, and corrective categories. Which of the following is a preventive control? Contingency planning Hash total Echo check Access control software

Access control software

Which of the following database controls would be most effective in maintaining a segregation of duties appropriate to the users' reporting structure within an organization?

Access security features

Which control, when implemented, would best assist in meeting the control objective that a system have the capability to hold users accountable for functions performed?

Activity logging

The fixed assets and related depreciation of a company are currently tracked on a password-protected spreadsheet. The information technology governance committee is designing a new enterprise-wide system and needs to determine whether the current fixed asset process should be included because the current system seems to be working properly. What long-term solution should the committee recommend?

Adopting the fixed-asset module of the new system for integration

Which of the following procedures would enhance the control structure of a computer operations department? Periodic rotation of operators Mandatory vacations Controlled access to the facility All of the answer choices are correct.

All of the answer choices are correct.

Which of the following best describes what is contained in a data dictionary?

An organized description of the data items stored in a database and their meaning

Which of the following types of control plans is particular to a specific process or subsystem, rather than related to the timing of its occurrence?

Application

Which of the following computerized control procedures would be most effective in ensuring that data uploaded from personal computers to a mainframe are complete and that no additional data are added?

Batch control totals, including control totals and hash totals

Which of the following controls is a processing control designed to ensure the reliability and accuracy of data processing?

Both limit test and validity check test

Which of the following is a primary function of a database management system?

Capability to create and modify the database

Management of a company has a lack of segregation of duties within the application environment, with programmers having access to development and production. The programmers have the ability to implement application code changes into production without monitoring or a quality assurance function. This is considered a deficiency in which of the following areas?

Change control

What is the correct ascending hierarchy of data in a system?

Character, field, record, file

A bank wants to reject erroneous checking account numbers to avoid invalid input. The auditors recommended adding another number at the end of the account numbers. The computer would subject the other numbers to an algorithm and compare it to the extra number. What technique did the auditors recommend?

Check digit

A shipping department wants to reduce invoicing errors by using a technique to read the universal product codes (UPCs) directly from the merchandise that it receives. What technique should be used?

Check digit

Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission? Hash total Parity check Encryption Check digit

Check digit

A customer intended to order 100 units of product Z96014, but incorrectly ordered nonexistent product Z96015. Which of the following controls most likely would detect this error?

Check digit verification

A customer notified a company that the customer's account did not reflect the most recent monthly payment. The company investigated the issue and determined that a clerk had mistakenly applied the customer's payments to a different customer's account. Which of the following controls would help to prevent such an error? Checksum Field check Completeness test Closed-loop verification

Closed-loop verification

Source data controls assure input data is authorized, accurate, and complete. Which of the following is not a characteristic of source data control? Prenumber all documents Restrict source document preparation Require all source documents to be properly authorized Closed-loop verification to test input data accuracy

Closed-loop verification to test input data accuracy

To maintain effective segregation of duties within the information technology function, an application programmer should have which of the following responsibilities? Modify and adapt operating system software Correct detected data-entry errors for the cash disbursement system Code approved changes to a payroll program Maintain custody of the billing program code and its documentation

Code approved changes to a payroll program

Passenger 1 and passenger 2 are booking separately on an airline website for the last available seat on a flight. Passenger 1 presses the enter key a few seconds before passenger 2, thus locking out passenger 2 and obtaining the last seat. This locking is a form of which of the following types of control?

Concurrent update control

Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

Continuous monitoring and analysis of transaction processing with an embedded audit module

The "C" in "COBIT" stands for:

Control

Real-time processing is most appropriate for which of the following bank transactions?

Credit authorizations for consumer loan applicants

Which of the following is responsible for ensuring that transactions are processed correctly and that input and output are reconciled?

Data control group

Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals?

Data entry and application programming

What is the role of the systems analyst in an IT environment?

Designing systems, preparing specifications for programmers, and serving as intermediary between users and programmers

A retail store uses batch processing to process sales transactions. The store has batch control total and other control checks embedded in the information processing system of the sales subsystem. While comparing reports, an employee notices that information sent to the subsystem was not fully processed. Which of the following types of controls is being exercised by the employee?

Detective

Review of the audit log is an example of which of the following types of security control?

Detective

A systems analyst who is responsible for the development of an organization's information system is least likely to perform which of the following functions? Analyze the present system. Prepare computer program specifications. Design computer applications. Develop and code computer programs.

Develop and code computer programs.

Systems analysts are the personnel within an organization who are responsible for the development of the company's information system. Which one of the following functions is least likely to be performed by a systems analyst?

Developing, coding, and testing computer programs

Which of the following is not an attribute of a relational database? A primary key uniquely identifies a specific row in a table. A foreign key is an attribute in one table that is a primary key in another. Other non-key attributes in each table store important information about that entity. Each column contains information about a specific item.

Each column contains information about a specific item.

Which of the following is considered an application input control?

Edit check

There are four levers of control that resolve the conflict between controls and creativity. Which of the following best describes a boundary system?

Employees should be able to meet customer needs and solve problems using their own ingenuity within legal and ethical constraints.

A company's new time clock process requires hourly employees to select an identification number and then choose the clock-in or clock-out button. A video camera captures an image of the employee using the system. Which of the following exposures can the new system be expected to change the least? Fraudulent reporting of employees' own hours Errors in employees' overtime computation Inaccurate accounting of employees' hours Recording of other employees' hours

Errors in employees' overtime computation

These records are in sequence (101, 102, 103, 104, 105) so the number of records is five.

Establish physical library controls.

corrective control example

Establishing and practicing a disaster recovery plan

An input clerk enters a person's employee number. The computer responds with a message that reads: "Employee number that you entered is not assigned to an active employee. Please reenter." What technique is the computer using?

Existence check

Which of the following technologies is specifically designed to exchange financial information over the World Wide Web? Hypertext markup language (HTML) Extensible business reporting language (XBRL) Hypertext transfer protocol (HTTP) Transmission control program/internet protocol (TCP/IP)

Extensible business reporting language (XBRL)

Labels are used to protect data files from inadvertent misuse. Which of the following is not a protocol for labeling data files?

External labels require trailer labels that contain file control totals.

Employee numbers have all numeric characters. To prevent the input of alphabetic characters, what technique should be used?

Field check

Which of the following structures refers to the collection of data for all vendors in a relational database? Record Field File Byte

File

Which of the following is a tool that is useful in conducting a preliminary analysis of internal controls in an organization or organizational unit?

Flowcharting

Flowcharting is a useful internal audit tool for evaluating controls in operational units and operations. A problem relating to flowcharts is the time and cost of developing and maintaining them. One means for reducing this cost is through use of which of the following?

Flowcharting software

Cloud computing provides computer services and information without requiring a specific location or computing infrastructure. Which of the following is an example of a public cloud?

Google Public clouds are services offered over the internet. Customers pay through advertisements or the resources that they consume.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) studies internal controls. They have defined internal controls to be used by boards of directors, management, and those following their direction. Which of the following is not a control objective of COSO? Effectiveness and efficiency of operations Guidance for evaluating external review programs Reliability of financial reporting Compliance with applicable laws and regulations

Guidance for evaluating external review programs

detective control example

Having a second person check all important calculations

Creating a CERT (computer emergency response team) is considered a corrective control. Which of the following is not a responsibility for a CERT? Hire an outsider company with expertise in computer emergency issues Contain the problem as soon as possible Identify why the problem occurred Determine now to prevent the problem in the future

Hire an outsider company with expertise in computer emergency issues

Which of the following is the best example of a preventive control which eliminates problems before they occur?

Hiring high-quality personnel and training them appropriately

Which of the following describes infrastructure as a service (IaaS)?

IaaS provides the basic building blocks for cloud IT and typically provides access to IT assets from a cloud provider who charges on a pay-as-you-go basis

Which of the following tasks is least likely to be undertaken in the implementation phase of an accounting software application? Obtain and install hardware. Enter and verify test data. Identify inputs and outputs. Document user procedures.

Identify inputs and outputs.

Examples of information system (IS) external reports are

Income tax returns, SEC 10-K filings, and Operational Safety and Health Administration (OSHA) reports.

An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems? Modifications that can be made to each module without affecting other modules Increased responsiveness and flexibility while aiding in the decision-making process Increased amount of data redundancy since more than one module contains the same information Reduction in costs for implementation and training

Increased responsiveness and flexibility while aiding in the decision-making process

Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?

Independently verify the transaction

Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process? Integrated test facility Input controls matrix Parallel simulation Data entry monitor

Integrated test facility

In an accounting information system, which of the following types of computer files most likely would be a master file?

Inventory subsidiary

A distributed processing environment would be most beneficial in which of the following situations?

Large volumes of data are generated at many locations and fast access is required.

Examples of internal checks are as follows:

Limit check, which identifies if data have a value higher or lower than a predetermined amount Identification, which determines if the data is valid Sequence check, which checks sequencing Error log, which is simply an up-to-date log of all identified errors Transaction log, which provides the basic audit trail Arithmetic proof, which computes the calculation in order to validate the result

There are two types of "schema": conceptual-level schema and external-level schema. Which of the following refers to a conceptual-level schema?

Lists all data elements and the relationships between them

Online data entry controls ensure integrity and accuracy of transaction data and are entered from online devices. Which of the following is not an online data entry control? Using ID numbers and passwords to ensure employees are authorized Maintaining an audit trail to track access Automatic entry of transaction data Completeness checks to ensure all required input is entered

Maintaining an audit trail to track access Maintaining an audit trail is a data processing and storage control; it is not an audit trail to track access.

In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?

Managing remote access

Which of the following is not a standard procedure in reviewing and reconciling data when following output controls? Monitor the data communicator network to assess weaknesses that need improvement Have data control compare output control totals to input control totals Have data control review all output for accuracy Have all users review data control for accuracy

Monitor the data communicator network to assess weaknesses that need improvement

The "O" in "COBIT" stands for:

Objectives

hich of the following transaction processing modes provides the most accurate and complete information for decision making? Batch Distributed Online Application

Online

Credit Card International developed a management reporting software package that enables members interactively to query a data warehouse and drill down into transaction and trend information via various network set-ups. What type of management reporting system has Credit Card International developed?

Online analytical processing system

Batch processing is defined as updating master files periodically to reflect all transactions over a given period of time. Which of the following is not a step in batch processing? Online, real-time processing Manually updating file transaction records Creating a new master file Matching primary keys, which updates the old master file

Online, real-time processing

Most large-scale computer systems maintain at least three program libraries: production library (for running programs); source code library (maintains original source coding); and test library (for programs which are being changed). Which of the following statements is correct regarding the implementation of sound controls over computer program libraries?

Only the program librarian should be allowed to make changes to the production library.

Which of the following areas of responsibility are normally assigned to a systems programmer in a computer system environment?

Operating systems and compilers

An auditor has a paper memorandum that needs to be made into a computer file, so that text from the memorandum can be cut and pasted into an audit report. In addition to a scanner, what software is needed to accomplish this task?

Optical character recognition (OCR)

In a continuous improvement environment, automated monitoring of controls is:

Optional

Which of the following cycles does not have accounting information that is recorded into the general ledger system? Expenditure Production Planning Revenue

Planning

An organization relied heavily on e-commerce for its transactions. Evidence of the organization's security awareness manual would be an example of which of the following types of controls?

Preventive

corrective control second example

Procedures to ensure that errors are corrected properly

Which of the following represents a lack of internal control in a computer-based system?

Programmers have access to change programs and data files when an error is detected.

An employee mistakenly enters "April 31" in the date field. Which of the following programmed edit checks offers the best solution for detecting this error? Online prompting Mathematical accuracy Preformatted screen Reasonableness

Reasonableness

A systems engineer is developing the input routines for a payroll system. Which of the following methods validates the proper entry of hours worked for each employee?

Reasonableness check

Which of the following is not a database protection mechanism for data processing and storage controls? A data dictionary to make sure that data is defined and used consistently Procedures for assessing and updating the database Reconciling all system updates to control reports Concurrent update controls to prevent multiple-user issues

Reconciling all system updates to control reports

The "B" in "COBIT" stands for:

Related

Which of the following attributes of a management report has the greatest impact on management's ability to make effective decisions?

Relevance

The greatest financial threat to an organization that implemented the financial accounting module of an enterprise resource planning (ERP) system from a major vendor exists from errors detected during which of the following times?

Requirements determination

Which of the following activities would most likely detect computer-related fraud?

Reviewing the systems-access log

A value-added network (VAN) is a privately owned network that performs which of the following functions? Routes data transactions between trading partners Routes data within a company's multiple networks Provides additional accuracy for data transmissions Provides services to send marketing data to customers

Routes data transactions between trading partners

Which of the following is an example of a transaction file?

Sales journal

Which one of the following input validation routines is not likely to be appropriate in a real-time operation? Field check Sign check Sequence check Redundant data check

Sequence check

Compared to online, real-time processing, batch processing has which of the following disadvantages? A greater level of control is necessary. Additional computing resources are required. Additional personnel are required. Stored data are current only after the update process.

Stored data are current only after the update process.

A corrective control solves problems after they are discovered. Which of the following is the best example of a corrective control?

Storing backup copies of important files in a secure off-site location

Which of the following best depicts the path of data as it moves through an information system?

System flowcharts

Which of the following is responsible for making sure that the information system operates efficiently and effectively?

Systems administrator

A company planned a major change to its accounting system. The system analysts interviewed users and managers and designed the new system to meet their needs. The analysts then wrote the computer programs to implement the needed modifications. The programs were thoroughly tested by change management based on the criteria of the revised system design. Which of these actions violated segregation of duties?

Systems analysts should not act as programmers.

Which of the following functions should prevent a programmer from altering a program and then using that program in a production run? Computer operators should make sure that the correct version of the program is being used. The information system librarian secures production programs and data. Data control group approves data before it is used in processing. Users notify the librarian of the correct program to use in processing.

The information system librarian secures production programs and data.

Users in one department of a company developed a batch mainframe program to obtain financial information for their cost center. The program extracts data from the general ledger system master file backup tape. The program calls for the current generation of the tape backup. Which of the following error conditions are the users most likely to become aware of?

The job did not complete successfully.

A user noticed that the accounts receivable update program was not providing a listing of outstanding accounts. The user asked a programmer to modify the program so that the report would be generated with each run and had the request authorized by change management. The programmer obtained a copy of the program and made the required changes. She then tested the program in the test environment and was satisfied that it worked correctly. The programmer returned the program to the system librarian to return it to the production library. Which aspect of this process violated a proper segregation of duties?

The system librarian accepted the program into the production library after it had been tested by the programmer.

The systems librarian plays a key role in ensuring segregation of incompatible functions within the information systems function. Which of the following is an example of how the systems librarian maintains segregation of duties?

The system librarian accepts only properly tested and approved programs into the production library.

Compared to batch processing, real-time processing has which of the following advantages? Ease of auditing Ease of implementation Timeliness of information Efficiency of processing

Timeliness of information

What is the primary objective of data security controls?

To ensure that storage media are subject to authorization prior to access, change, or destruction

Many organizations have developed decision support system (DSS), a class of information systems that addresses the relationships between management decisions and information. Which of the following best describes the objective of a DSS?

To provide interactive assistance during the process of problem solving A DSS should support rather than automate a manager's judgment. A DSS provides interactive rather than predefined problem-solving assistance. A DSS supports rather than replaces a manager's judgment in problem solving.

Your firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automated system?

Traditional duties are less segregated.

An accounts payable clerk is accused of making unauthorized changes to previous payments to a vendor. Proof could be uncovered in which of the following places?

Transaction logs

Which of the following terms best describes a payroll system?

Transaction processing system (TPS)

Within an integrated financial system, which of the following is not a major risk consideration associated with the accounts receivable component of the system? Credits may be applied to improper accounts. Updates of credit ratings may be untimely. Financial or management reporting may be inaccurate. Transactions may occur with unauthorized vendors.

Transactions may occur with unauthorized vendors.

A database is a set of interrelated, centrally coordinated files. Which of the following does not describe a centralized database?

Unintegrated master files

Which of the following is responsible for authorizing and recording transactions and for correcting errors? Data control group Computer operators Security management Users

Users

It is important to maintain proper segregation of duties in a computer environment. Which of the following access setups is appropriate?

Users have update access for production data

The operational effectiveness of controls can be improved through the application of a methodology such as Six Sigma or total quality management (TQM). In general, in order to improve the operating effectiveness of processes and their associated controls, the following series of steps needs to be followed in what sequence? I. Implement monitoring and control capabilities II. Collecting information about the problem or issue III. Remediating causes of ineffectiveness or inefficiencies IV. Determine the root cause of the issue V. Define the problem, issue, and/or goal of the process

V, II, IV, III, I

A customer's order was never filled because an order entry clerk transposed the customer identification number while entering the sales transaction into the system. Which of the following controls would most likely have detected the transposition? Sequence test Completeness test Validity check Limit test

Validity check

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?

Validity check

A company's labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. Which of the following data processing input controls appears to be missing?

Validity test

Enterprise resource planning (ERP) systems integrate

all aspects of a company's operations in its information system. Such systems integrate financial and nonfinancial operating data, and collect data from external sources.

The conceptual-level schema lists

all data elements and the relationships between them.

A modem is a device that:

allows computer signals to be sent over a telephone line.

Cloud computing can best be defined as a model that:

allows organizations to use the Internet to access and use services and applications that run on remote third-party technology infrastructure.

A decision table indicates the:

alternative logic conditions and actions to be taken in a program.

A validation check used to determine if a quantity ordered field contains only numbers is an example of:

an input control.

An update program for bank account balances calculates check digits for account numbers. This is an example of

an input control.

Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of control policies and procedures. One of the techniques involved in this approach makes use of:

an integrated test facility.

An integrated group of programs that supervises and supports the operations of a computer system as it executes users' application programs is called:

an operating system.

Examples of centralized databases

are Microsoft Access, DBMS (database management systems), and integrated master files.

Simulations

are computer programs that prepare results as if a set of assumptions were true.

Relational databases

are flexible and useful for unplanned, ad hoc queries, do store data in table form, and are maintained on direct access devices.

Deterministic procedures

are procedures, implemented in computer programs, that permit no uncertainty in outcomes.

Call-back procedures

are used to ensure incoming calls are from authorized locations.

Output controls

are usually manual controls to review output for reasonableness.

All of the following are characteristic of computer machine language, except: internal binary code. hexadecimal code. assembly language. on/off electrical switches.

assembly language.

During the annual audit, it was learned from an interview with the controller that the accounting system was programmed to use a batch processing method and a detailed posting type. This would mean that individual transactions were:

assigned to groups before posting, and each transaction had its own line entry in the appropriate ledger.

In the organization of the information systems function, the most important segregation of duties is:

assuring that those responsible for programming the system do not have access to data processing operations.

Preventive controls

attempt to eliminate problems before they occur. Review of the audit log after the fact would not prevent the problem from occurring.

At a remote computer center, management installed an automated scheduling system to load data files and execute programs at specific times during the day. The best approach for verifying that the scheduling system performs as intended is to:

audit job accounting data for file accesses and job initiation/termination messages.

An online data entry technique that can be employed when inexperienced personnel input data is the use of:

checkpoints.

The purpose of a software monitor is to:

collect data on the use of various hardware components during a computer run.

Five brand managers in a consumer food products company met regularly to figure out what price points were being lowered by their competitors and how well coupon promotions did. The data they needed to analyze consisted of about 50 gigabytes of daily point-of-sale (POS) data from major grocery chains for each month. The brand managers are competent users of spreadsheet and database software on personal computers (PCs). They considered several alternative software options to access and manipulate data to answer their questions. Another brand manager suspected that several days of the POS data from one grocery chain were missing. The best approach for detecting missing rows in the data would be to:

compare product identification codes by store for consecutive periods.

Control total (batch total) validation

compares the total for the batch compiled manually from the input documents and the total computed after computer processing. Hash totals are a form of control totals.

An organization's computer help-desk function is usually a responsibility of the: applications development unit. systems programming unit. computer operations unit. user departments.

computer operations unit.

Authentication techniques

confirm that valid users have access to the system.

Optical character recognition (OCR) software

converts images of paper documents as read by a scanning device into text document computer files.

A transaction document

could be an internal, as well as external, document (e.g., deposit ticket, GL ticket).

To reduce security exposure when transmitting proprietary data over communication lines, a company should use:

cryptographic devices

Devices that are used only to perform sequential file processing will not permit: data to be edited on a separate computer run. data to be edited in an offline mode. batch processing to be initiated from a terminal. data to be edited on a real-time basis.

data to be edited on a real-time basis. Using a sequential file organization, data is placed in the file using a key or code for sequencing. Sequential data can only be accessed after all preceding data records have been passed. Hence, it is impossible to edit the data on a real-time basis.

The increased use of database processing systems makes managing data and information a major information service function. Because the databases of an organization are used for many different applications, they are coordinated and controlled by a database administrator. The functions of a database administrator are:

database design, database operation, and database security.

If a database has integrity, this means that the:

database has only consistent data. Integrity relates to the quality of a database. Among other considerations, data should be consistent and data inputs should conform to a predetermined standard of elements, size, and content.

The identification of users who have permission to access data elements in a database is found in the:

database schema. A database schema is "a view of the entire structure of the database." It is "the organizational chart showing how the database is structured." The database schema shows all elements of the database and areas of responsibility of individuals.

One of the first steps in the creation of a database is to:

define common variables and their attributes used throughout the firm.

Algorithms are

defined procedures, characteristic of typical computer programs.

Systems programmers use the design

developed by the analysts to develop an information system and write the computer programs. It follows, therefore, that the programmers would be concerned with the operating system and how it will handle various applications, as well as with compilers (computer programs that convert a source program into an object program, reducing the programming effort).

A system where several minicomputers are connected for communication and data transmission purposes, but where each computer can also process its own data, is known as a:

distributed data processing network.

A type of flowchart representing areas of responsibility (such as departments) as columns is called horizontal or ________ flowcharts.

document

The batch processing of business transactions can be the appropriate mode when:

economy of scale can be gained because of high volumes of transactions.

Routines that utilize the computer to check the validity and accuracy of transaction data during input are called:

edit programs.

To obtain evidence that online access controls are properly functioning, an auditor most likely would:

enter invalid identification numbers or passwords to ascertain whether the system rejects them.

Applications development is responsible

for developing systems. After formal acceptance by users, developers typically cease having day-to-day contact with a system's users.

Use of internal labels for all programs is a control intended

for program identification to preclude the use of the wrong program.

Asynchronous modems

handle data streams from peripheral devices to a central processor.

In a large database system maintained on a mainframe computer, the most common medium for data files for the database is:

hard disk.

Data input validation routines include:

hash totals.

Ratio and statistical analysis would be useful

in a more detailed analysis of potential accounting or operational problems.

Flowcharts are useful

in evaluating processes and controls in an organization or unit. They present a pictorial overview of the processes and controls.

Gantt charts are used

in production scheduling.

Private clouds

include public universities, local municipalities, and private businesses.

COBIT is an integrated framework for internal control for

information technology systems.

COBIT applies to:

information technology.

The "I" in "COBIT" stands for:

information.

Data processed by a computer system are usually transferred to some form of output medium for storage. However, the presence of computerized output does not, in and of itself, assure the output's accuracy, completeness, or authenticity. For this assurance, various controls are needed. The major types of controls for this area include:

input controls, processing/storage controls, and output controls.

Some of the more important controls that relate to automated accounting information systems are validity checks, limit checks, field checks, and sign tests. These are classified as:

input validation routines.

An enterprise resource planning system is designed to:

integrate data from all aspects of an organization's activities.

Image processing systems have the potential to reduce the volume of paper circulated throughout an organization. To reduce the likelihood of users relying on the wrong images, management should ensure that appropriate controls exist to maintain the:

integrity of index data.

A detective control

is a control that provides an alert after an unwanted event. A detective control is designed to catch an error and provide the feedback necessary so corrective action may be taken.

A master file

is a list of all accounts and required information (records) for an application. This is similar to a ledger in a manual system.

Maintaining a duplicate set of programs

is a procedure to insure against loss or destruction of original programs.

assembly language.

is a programming language in which each machine language instruction is represented by mnemonic characters; it is a symbolic language, an English-like and understandable alternative to basic machine language.

An accounts payable document

is a transaction document used in the accounts payable system (e.g., invoices, GL tickets).

A year-to-date file

is an accumulated transaction file from the beginning of a fiscal year.

Closed-loop verification

is an online data entry control, not a source data control.

A run control total

is part of processing, not a control over input

Security management

is responsible for preventing unauthorized physical and logical access to the system.

A hash total

is the total of a nonquantitative field such as account number to be sure all records are processed.

The responsibility of systems programming

is to implement and maintain system-level software such as operating systems, access control software, and database systems software.

COBIT

is unique in that it consolidates standards from 36 different sources into a single framework that is applicable to IT and security control practices. COBIT helps balance risk and controls information systems, provides assurance that security and IT controls are adequate, and guides auditors and internal controls. COBIT was not designed to physically safeguard assets.

In distributed data processing, a ring network:

links all communication channels to form a loop and each link passes communication through its neighbor to the appropriate location.

General controls in an information system include each of the following, except: information technology infrastructure. security management. software acquisition. logic tests.

logic tests.

Decision tables differ from program flowcharts in that decision tables emphasize:

logical relationships among conditions and actions.

Data control group

logs data inputs, processing, and outputs, and makes sure that transactions have been authorized. They do not authorize or record transactions themselves.

Computer operators

maintain and run daily computer operations.

EDP accounting control procedures are referred to as general controls or application controls. The primary objective of application controls in a computer environment is to:

maintain the accuracy of the inputs, files, and outputs for specific applications.

Which of the following would best be considered an example of the use of decision support system (DSS)?

manager uses a PC-based simulation model to determine whether one of the company's ships would be able to satisfy a particular delivery schedule.

A systems program:

manipulates application programs.

Point-of-sale document

may only be electronic in that the transaction is sent from a terminal without the use of a portion of a form.

To ensure the completeness of a file update, the user department retains copies of all unnumbered documents submitted for processing and checks these off individually against a report of transactions processed. This is an example of the use of:

one-for-one checking.

A partial set of standard characteristics of a real-time system is:

online files, prompt input from users, and an extensive communication network.

Governance

operates at a higher level to administer controls.

A distribution log is a control

over output, not input.

In the systems development cycle, coding is:

part of the detailed design phase.

Control Objectives for Information and Related Technology (COBIT) consolidates standards of different IT and security practices. Which of the following is a false statement relating to COBIT? Helps balance risk and controls information systems Provides assurance that security and IT controls are adequate Guides auditors on internal controls physically safeguard assets

physically safeguard assets

All of the following are computer input devices, except a: plotter. mouse. magnetic ink character recognition device. light pen.

plotter.

Program documentation is a control designed primarily to ensure that:

programs are kept up to date and perform as intended.

The system librarian should allow only

properly tested and approved programs into the production library.

Cryptographic devices

protect data in transmission over communication lines.

A 15,000-employee multinational company that produces and distributes retail products for home use has moved financial consolidation and reporting off its large mainframe computer system at headquarters to local area networks (LANs) with file servers. The mainframe system was doing the job of processing 200,000 transactions a month, but its batch processing was cumbersome and time consuming. It also did not have automatic interfaces to all the subsidiaries, especially those in other countries, due to software and hardware incompatibilities. The risk of some or all of one month's general ledger transaction being processed again the following month is less if there is: separate subsidiary balancing. inadequate testing. floppy booting. range checking.

range checking.

In a microcomputer system, the place where parts of the operating system program and language translator program are permanently stored is:

read only memory (ROM).

An example of an internal check is:

recalculating an amount to assure its accuracy.

A fundamental purpose of a database management system is to:

reduce data redundancy.

A characteristic common to companies that have converted to a database system is that before conversion the companies had:

redundant data fields.

Management reporting systems:

rely on both internally generated and externally generated data.

A Corrective controls is

remedy problems discovered through detective controls. They include procedures to identify the cause of a problem, correct errors arising from the problem, and modify the system so that future errors may be minimized or eliminated

A data dictionary is a

repository of definitions of data contained in a database. A source code application file definition describes the record layouts used by an application program. The data control language describes the privileges and security rules governing database users. A database recovery log file records the before and after images of updated records in a database. error_outline First Time Score

Access time in relation to computer processing is the amount of time it takes to:

retrieve data from memory.

A key component of database processing is a database management system (DBMS). A function that is not performed by the DBMS is to:

run application programs.

A control procedure that could be used in an online system to provide an immediate check on whether an account number has been entered on a terminal accurately is a:

self-checking digit.

Specialized programs that are made available to users of computer systems to perform routine and repetitive functions are referred to as:

service programs. Service programs are applications programs that can be called in by the user's programs to perform some common, subordinate function. They are sometimes referred to as "canned" programs.

Limit checks

set parameters for the numeric records which cannot be exceeded (e.g., total amount of credit limit or number of digits in account number).

The information provided by IS for external reports exists to comply with legal requirements for all of the following except: income tax returns. 10-K filings. shareholder reports. OSHA reports.

shareholder reports. Shareholder reports are internal reports and are not legally required as an external report to outside entities to fulfill legal requirements.

Edit checks in a computerized accounting system:

should be performed on transactions prior to updating a master file.

A current balance file

shows some account information including and focusing on the current balance.

Corrective controls

solve problems after they are discovered.

A plotter is a

specialized printing device used for graphs and large-scale graphic output. Printers are examples of output devices.

A record count

summarizes the number of records processed.

relational databases use

tables.

Validity checks

test key fields to see if data is authorized (e.g., comparison of input account number to master file).

Control totals are used to assure

that all transactions are processed.

Computer sequence checks require

that transactions be numbered.

The online data entry control called preformatting is:

the display of a document with blanks for data items to be entered by the terminal operator.

A manufacturer is considering using barcode identification for recording information on parts used by the manufacturer. A reason to use barcodes, rather than other means of identification, is to ensure that:

the movement of parts is easily and quickly recorded.

Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because:

there are time delays in processing transactions in a batch system.

(HTML, HTTP, and TCP/IP)

they are each protocols used on the Internet but are not limited to the exchange of financial information.

Cash disbursements, cash receipts, and payroll transactions

they are temporary transaction files that are combined with other transactions to appear in income statement accounts. Temporary accounts are closed to zero at the end of the period, unlike balance sheet accounts that are carried over to the next period.

The operating system, sometimes referred

to as the internal operations interface, drives the computer in the most efficient manner. The system supervises the operations of the CPU, I/O functions, translation of assembler and compiler languages into machine language, and other support services.

Computer operations are assigned

to computer operators. Programmers should never have access to computer operations so that a proper segregation of duties for internal control can be maintained.

Edit programs may be used

to examine selected fields of input data and to reject those transactions (or other types of data input) whose data fields do not meet preestablished standards of data quality.

Systems analysis is assigned

to systems analysts, who help users analyze their information needs and design information systems that meet those needs.

All activity related to a particular application in a manual system is recorded in a journal. The name of the corresponding item in a computerized system is a:

transaction file. A transaction file is the file of original entry and hence, corresponds to manual journal.

A department store company with stores in 11 cities is planning to install a network so that stores can transmit daily sales by item to headquarters and store salespeople can fill customer orders from merchandise held at the nearest store. Management believes that having daily sales statistics will permit better inventory management than is the case now with weekly deliveries of sales reports on paper. Salespeople have been asking about online inventory availability as a way to retain the customers that now go to another company's stores when merchandise is not available. The planning committee anticipates many more applications so that in a short time the network would be used at or near its capacity. The planning committee was concerned that unauthorized people might attempt to gain access to the network. If the company installs a network using leased lines, then it should ensure that: phone numbers for the network are kept confidential. tone suppression devices are installed on all ports. transmission facilities on its premises are secure. network availability is limited to certain times of the day.

transmission facilities on its premises are secure.

Hierarchical databases use

tree structures to organize data;

Computer matching is performed

under program control and not by the user.

Which of the following is not true? Relational databases: are flexible and useful for unplanned, ad hoc queries. store data in table form. use trees to store data in a hierarchical structure. are maintained on direct access devices.

use trees to store data in a hierarchical structure.

Systems analysts are typically involved with

user information requirements, design of computer applications, and preparation of specifications for computer programming

Erroneous management decisions might be the result of incomplete information. The best control to detect a failure to process all valid transactions is:

user review of selected output and transactions rejected by edit checks.

examples of online data entry control include

using ID numbers and passwords to ensure employees are authorized, automatic entry of transactional data, and completeness checks to ensure all required input is entered.

In an effort to recognize improvement opportunities, a company is reviewing its in-house systems. The best reason for the company to consider switching to cloud computing as a solution is that it:

usually has lower upfront costs for equipment and maintenance.

A compatibility test

validates the data within the field.

Sign tests

verify that the data in a numeric field are of the proper arithmetic sign.

Which of the following is an advantage of a computer-based system for transaction processing over a manual system? A computer-based system:

will be more efficient at producing financial statements.

Data communications hardware and software

would be outside the duties of the programmer, since these items control how the system transmits data and communicates with other systems.


संबंधित स्टडी सेट्स

Patho/Pharm 3 Week 5 & 6 combined

View Set

5 processes of the digestive system

View Set

Julius Caesar Act 3 Scene 2 Vocabulary

View Set

SAT #21, Mmmm Delicious- Abstemious-Voracious

View Set

LabSim Linux+ Chapters 1-12 Quiz Questions

View Set