ACC 3510 Ch 7 - 17
The goal of information security management is to protect the confidentiality, integrity, and availability (CIA) of a firm's information. What does CIA mean?
Confidentiality ----- Information is not accessible to unauthorized individuals or processes. Integrity ----- Information is accurate and complete. Availability ----- Information and systems are accessible on demand.
Select all that apply What is continuous auditing?
Continuous auditing is to perform audit-related activities on a continuous basis. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance.
Select all that apply Select the benefits of using wireless technology.
Convenient online access without a physical network using cables for connections Freely setting up or removing wireless networks at different locations
True or false: Given the popularity of the Internet, mobile devices, and the complexity of computer technologies, important business information and IT assets are exposed to risks and attacks from external parties such as hackers, foreigners, competitors, etc. Today's employees are well trained and always support the firm to prevent the attacks.
False
True or false: IT projects generally deliver the intended results.
False
True or false: In Power BI, you can add a simple table to the report view page by clicking on the pie chart icon in the visualizations area and then selecting the fields to include.
False
True or false: In Tableau, there is one best type of visualization for each combination of dimensions and measures.
False
True or false: Information security is a critical concern to the chief information officer (CIO) and maybe also to the internal auditors. In general, practicing certified public accountants (CPAs) do not need to know much about information security management.
False
True or false: Most companies prefer to use the symmetric-key encryption method than the asymmetric-key encryption method in conducting e-business.
False
True or false: Raw data must have blank rows or columns to be easily turned into an Excel table.
False
True or false: Unlike Microsoft Access, you can't create relationships among tables in Excel.
False
True or false: Vulnerability assessment and management are often required by laws. Hence, management's commitment and support are not as critical as in enterprise risk assessment and management.
False
True or false: when setting up the relationships between tables in Access, you don't need to worry about enforcing referential integrity if you set the correct foreign keys.
False
True or false: you can't develop financial information in Access, you need to use Excel instead.
False
In the typical conversion process accounting, completion of work is recorded with a credit to Work-in-Process inventory and a debit to _____ _____ inventory.
Finished Goods
Match the actions that take place with the name of the balanced scorecard management process step.
Formulate ----- Identify ways the company can compete Translate ----- Establish long-term budgets Link ----- Prepare operating budgets and operate processes Monitor ----- Track performance and provide feedback to managers Adapt ----- Reconsider assumptions and develop alternatives
Select all that apply What is fraud?
Frauds are perpetrated by parties to obtain money, property, or services. Frauds are perpetrated by organizations to avoid payment or loss of services. Frauds are perpetrated by parties to secure personal or business advantage.
_____ IT are those that perform a single function, such as enhancing productivity for standalone tasks.
Function
Select all that apply Which of the following are potential impacts of IT on the elements of a business model canvas (select all that apply)?
Gather data about customer segments Support key activities Coordination with key partners Track key resources
Select all that apply What are the success factors for vulnerability management?
A firm should determine the main objectives of its vulnerability management after considering the firm's resource constraints. A firm should assign roles and responsibility for vulnerability management. Management's commitment and support
Select all that apply Which of the following are reasons that companies develop business cases for major IT investments?
Justification of anticipated value Thorough consideration of alternatives
Match the devices used in each type of networks.
LAN ----- Hubs LAN ----- Switches VPN ----- Stations VPN ----- Access points WAN ----- firewalls WAN ----- Routers
Which phase of the SDLC involves making changes, corrections, and upgrades to the system?
Maintenance Phase
Which of the following is NOT a well-known visualization tool?
Microsoft Access
Select all that apply Common computer frauds include the following:
Misuse of computer hardware Altering the logic of computer software Altering computer-readable records and files
Select all that apply What is cloud computing? Select correct statements in describing cloud computing.
Most cloud computing service providers charge on a per-user basis. A third-party service provider offers computing resources including hardware and software applications to users over the Internet cloud. A cloud user company often shares the computing resources with other user companies, and a cloud provider is responsible for managing the resources.
_____ _____ _____ is calculated as the sum of the present value of cash inflows minus the sum of the present value of cash outflows.
Net Present Value
_____ IT are those that allow people to communicate with one another.
Network
Refer to the UML class diagram of Sunset's conversion process; match the class to the number of foreign keys placed in the corresponding table when the class diagram is implemented in a relational database.
Products ----- 1 Material issues ----- 2 Materials ----- 0
What does the acronym PERT stand for?
Program Evaluation Review Technique
Companies that employ a conversion process convert _____ materials into _____ goods.
Raw Finished
Select all that apply The four steps to implementing Val IT include all of the following:
Recognize problems with prior IT investments. Define characteristics of the ideal future state. Take action.
What is the name of one of the 10 core principles of effective information technology planning that makes sure the project is of appropriate size to effectively address the business needs?
Relevant scope
Match the REA element (resource, event, agent, or type image) to the purpose of that element in a UML class model of the conversion process.
Resource ----- Permanent information about things available for use in the process Event ----- Information about costs added to work-in-process Agent ----- Information about employees available to work on the process Type image ------ Management planning information about the process
Select all that apply The benefits of an IT investment should be measured in which of the following terms?
Revenue enhancement Cost avoidance Revenue protection
Select all that apply Select all of the following that are elements of the business model canvas.
Revenue streams Channels Key activities Key resources Value proposition Customer segments Cost structure Customer relationships Key partners
Vulnerability management and risk management have the same objective: to reduce the probability of the occurrence of detrimental events. What are the differences between them?
Risk management is often a more complex and strategic process that should be a long-term process.
Select all that apply Which of the following are examples of enterprise IT?
Supply chain management software Customer relationship management software
Encryption algorithms are grouped into two categories: symmetric-key and asymmetric-key encryption methods. Select the correct statement regarding these two methods.
Symmetric-key encryption is fast and suitable for encrypting large data sets or messages.
Which of the following are application controls for Sunset Graphic's conversion process?
System must default to current date. System must provide range and limit checks for labor costs.
What model predicts whether users will adopt a new or modified system?
Technology Acceptance Model
True or false: If Sunset Graphic's includes direct equipment costs in work-in-process, the UML class model should include an equipment resource and an event to capture equipment use information.
True
True or false: In data view in Power BI, you can set formatting for a field by selecting Modeling > Formatting and then selecting the appropriate format.
True
True or false: Managing, supporting and carrying out the systems development life cycle to achieve an intended outcome is called project management.
True
True or false: Most threats with regard to wireless networks typically involve an attacker with access to the radio link between a station and an access point, or between two stations.
True
True or false: The firm's senior executives need to understand the financial implications of the IT initiative so they can decide whether to allocate resources to it.
True
True or false: The reason why a digital signature can be used to ensure data integrity is because of the hashing process is not reversible.
True
True or false: a data visualization is a graphical means of presenting information to decision makers.
True
True or false: both vertical column and horizontal bar charts can be used to compare information among categories.
True
True or false: in Excel, a slicer can be used to filter pivot table and pivot chart output.
True
True or false: one important part of gathering requirements is to identify message flows between the focal organization and external organizations.
True
True or false: standard patterns for sales, purchases, and conversion processes shown in chapters 5, 6, and 7 should provide a basis for your integrated UML class diagram for the project.
True
True or false: to limit transactions to the first quarter in a query, enter the appropriate date range in the criteria row in the query by example grid.
True
True or false: when you cannot identify a unique primary key, consider splitting the table to form two well-formed relational tables.
True
The term "computer-assisted audit techniques (CAATs)" refers to any _____ audit techniques that can be used by an auditor to perform audits or achieve audit objectives.
automated
A type of attack called _____ could be described as the attacker passively monitors wireless networks for data, including authentication credentials.
eavesdropping
The process perspective describes that firm's objectives for its business processes so that firm operates _______ while also delivering products and services that meet its customers' requirements.
efficiently
The _____ _____ module is a programmed audit module that is added to the system under review. Hence, the auditors can monitor and collect data over online transactions. The collected data are analyzed by auditors in evaluating control risks and effectiveness.
embedded audit
The operating system performs the tasks that enable a computer to operate. It is comprised of system utilities and programs that:
ensure the integrity of the system. control the flow of multiprogramming. allocate computer resources to users and applications.
Given the popularity of the Internet, mobile devices, and the complexity of computer technologies, business information and IT assets are exposed to risks and attacks from _____ parties such as hackers and _____ parties such as disgruntled employees.
external Internal
To use the Tableau Show Me tool, select one or more of the _____ of interest while holding down the control (CTRL) key.
fields
The balanced scorecard framework uses accounting-based measures of performance in the _____ perspective.
financial
The benefits of an IT investment should be measurable in _____ terms.
financial
In the planning phase, it is critical to recognize that the IT plan supports the overall ______________.
firm strategy
In the Power BI report view, the Visualizations area allows you to click on an _____ to select specific types of charts or visualizations.
icon
Authentication is a process that establishes the origin of information or determines the _____ of a user, process, or device. It is critical in e-business because it can prevent _____ while conducting transactions online.
identity repudiation
Total acquisition costs include all direct and indirect costs to acquire and ____________ the IT initiative.
implement
In the learning and growth perspective, the organization sets goals to ensure that it is strategically ready to continuously _____ its process performance.
improve
In the learning and growth perspective, the firm addresses goals for investments in human capital, organizational capital, and _____ capital.
information
IT vulnerabilities can be categorized depending on whether they exist in the physical IT environment, within an _____ _____, or within the processes of IT operations.
information systems
The payback period equals the _____ investment divided by the increased cash flow per period.
initial
The _____ _____ _____ (ITF) approach is an automated technique that enables test data to be continually evaluated during the normal operation of a system. The auditor creates fictitious situations and performs a wide variety of tests over the system.
integrated test facility
In a recent survey, more than 40% of executives reported that their company's investments in IT are providing little or no return on _____
investment
Under the _____ simulation approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results to audit the system.
parallel
A strategy map allows firms to assess and prioritize gaps between their current and desired _____ levels.
performance
The first step in the project is to prepare a detailed project _____
plan
The first phase of the SDLC is called the _____ phase.
planning
In preparing an activity model of Sunset Graphic's conversion process, a collaboration model would not be useful, since there is only one _____.
pool
After importing each table from EXCEL data into Access, you need to set the _____ key for the table.
primary
To create relationships among Excel tables, you link foreign keys to _____ keys.
primary
To authenticate the receiver (B), the sender (A) e-mails a challenge message to B. B will use her _____ key to encrypt the challenge message and send it to A. If A is able to use B's _____ key to decrypt and get the plaintext of the challenge message, A has authenticated B successfully.
private public
The _____ perspective describes that firm's objectives for its business processes so that firm operates efficiently while also delivering products and services that meet its customers' requirements.
process
The term "benefit dependency" indicates that IT functionality must be combined with complementary changes to deliver business _____ change that results in improved performance.
process
For Sunset Graphics, finished goods increases when they complete _____ in their basic BPMN activity model of the conversion process.
products
The ____________ is the lead member of the project team and is responsible for the project.
project manager
In the BPMN activity model of Sunset Graphic's conversion process that includes swimlanes, the intermediate error event redirects process flow if the work does not meet _____ standards.
quality
Select all that apply Which of the following are attributes of a firm product relevant to the firm's value proposition.
quality price
It will require multiple _____ to develop financial statement information in Access, Listen to the complete question
queries
The final step in the process is to assemble the analyses for alternative IT initiatives and _____ the preferred alternative.
recommend
After connect to data sources in Tableau, the next step is to create _____ among the tables.
relationships
In Power BI, the _____ view allows you to set connections among tables.
relationships
The second step in preparing the data and developing visualizations is to set _____ among tables to exploit any database structure.
relationships
In considering alternative IT investments, _____ costs include incremental expenses of developing, implementing, and operating proposed IT initiatives.
relevant
The main components of vulnerability assessment include vulnerability identification and risk assessment. The main components of vulnerability management include vulnerability _____ and maintenance.
remediation
To create a table visualization in _____ view in Power BI, click on the Table icon in the visualizations area and then select the appropriate fields.
report
The second step in the project is to define the business _____
requirements or needs
Cloud computing refers to a service model where third-party service providers offers computing _____ including hardware and software applications to cloud users over the Internet, and the service provider charges on a per-user basis.
resource
The value proposition defines what the organization does to attract and _____ customers.
retain
Disaster recovery planning (DRP) is a process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations when the events occur. A DRP should be _____ and _____ periodically to analyze weaknesses and explore possible improvements.
reviewed tested
Match the correct descriptions with regard to risk management and vulnerability management.
risk management ----- a complex and strategic process risk management ----- a long-term process vulnerability management ----- a tactical process vulnerability management ----- a short-term process risk management ----- using a top-down, risk-based approach vulnerability management ----- using an IT asset-based approach
The business case should consider the _____ of not doing the project.
risks
The attacker of a wireless network sometimes uses a _____ access point to set up an unsecured wireless network near the enterprise with an identical name and to intercepts any messages sent by unsuspecting users that who log onto it.
rogue
Similar to an enterprise risk assessment, a computer fraud risk assessment focuses on fraud _____ and _____ to determine whether the controls exist and how the controls can be circumvented.
scheme scenario
A revenue stream is the result of selling products and services to each customer _____
segment
Because each financial metric has both strengths and weaknesses, IT initiatives should be evaluated using _____ metrics.
several
In auditing information systems, auditors use parallel _____ to verify the firm's key features or processes. Under this approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results.
simulation
Scope creep generally comes about due to _____________ changes.
small, relatively insignificant
The theft, misuse, or misappropriation of computer hardware is a common computer fraud. The illegal copying of computer _____ is another commonly observed computer fraud.
software or applications
Where sales information in Excel contains information about the sale and the sales items, you would need to _____ the table to form two tables.
split or divide
A _____ map allows firms to assess and prioritize gaps between their current and desired performance levels.
strategy
The business case should define how the _____ of the project will be measured.
success
Encryption algorithms are grouped into two categories: _____-_____ and asymmetric-key encryption methods.
symmetric key
The bill of material association between raw materials and finished goods is usually a many-to-many relationship that would be implemented by creating a _____ in the relational database.
table
Security controls for wireless networks can be categorized into three groups: management, operational, and _____ controls.
technical
The _____ _____ technique uses a set of input data to validate system integrity in auditing a system. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.
test data
Find proper definitions of techniques for white-box approach in auditing systems.
test data technique ----- uses a set of input data to validate system integrity parallel simulation ----- attempts to simulate the firm's key features or processes integrated test facility ----- enables test data to be continually evaluated during the normal operation of a system
IT projects are frequently canceled, late, over budget or don't deliver ________?
the intended consequences
Line charts typically are used to show values over _____
time
The first step in the economic justification process is _____.
to assess business requirements
Firms continue to monitor system availability. Fault _____ uses redundant units to provide a system with the ability to continue functioning when part of the system fails. Many firms implement a redundant array of independent drives (RAID) so that if one disk drive fails, important data can still be accessed from another disk.
tolerance
Firms use two encryption methods, _____ encryption and _____ encryption, in data transmission and electronic communication in e-business.
two-key one-key
In the UML class diagram of the conversion process, _____ images can be used to specify the plan for how the resources are to be used.
type
When the business relationship between raw materials and finished goods is complex, the UML class model of the conversion process can promote the bill of materials association to a _____ image.
type
Firms continue to monitor system availability. Backups are used to alleviate problems of file or database corruptions. An _____ power supply is a device using battery power to enable a system to operate long enough to back up critical data and shut down properly during the loss of power. Both are corrective controls.
uninterruptible
To audit a system, auditors use the test data technique to _____ system integrity. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.
validate
The last step in the economic justification process is to describe the _____ proposition for the preferred alternative.
value
We often define _____ as weaknesses or exposures in IT assets or processes that may lead to a business risk, compliance risk, or security risk
vulnerability
A data _____ is a centralized collection of firm-wide data for a relatively long period of time.
warehouse
The data in a data _____ are pulled periodically from each of the operational databases (ranging from a couple of times a day to once a year) and often maintained for 5 to 10 years.
warehouse
To use the _____-box approach to audit systems, auditors need to understand the internal logic of the system/application being tested.
white
The development of a business model canvas starts with the _____ proposition.
value
The firm's _____ proposition includes attributes of its products, such as price, quality, and selection, as well as attributes of its relationship with its customers and its brand image.
value
Pie charts are typically used to show the composition of a _____
whole
The business case should determine _____ the company is doing the project.
why
A _____ _____ network (WAN) links different sites together; transmits information across geographically dispersed networks; and covers a broad geographic area such as a city, region, nation, or an international link.
wide area
To prepare a PERT chart, all project tasks to complete a project must be broken down in a process known as the ______________.
work breakdown structure
Which of the statements below best defines an embedded audit module?
A programmed module added to the system so that the auditors can monitor and collect data over online transactions.
Select the best answer in describing virtualization and cloud computing.
A virtual machine containing system applications and data backups is often resides in the cloud off-site or at various locations.
Which of the following is not an example of direct acquisition costs?
Business disruption costs
Which of the following is true about approaching ill-structured problems?
Careful planning is required
To conduct business to business e-commerce, companies often need to involve which of the following items in operations?
Certificate authority PKI Authentication Encryption
Which of the following is NOT part of selecting and modifying the visualization?
Set relationships among tables
A type of information security attack, called _____ _____, is to manipulate someone to take certain action that is not in that person's best interest, such as revealing confidential information or granting access to an office building.
Social Engineering
Select all that apply Which of the following are examples of direct costs of acquiring information technology?
Software costs Training costs Hardware costs
Select all that apply Which of the following are categories of IT initiative risks that should be addressed?
Solution risk Change risk Alignment risk
Which of the following is not part of the second step: defining the business requirements.
Specify how new technology can be applied
Select all that apply Select the correct definition(s) of examples of security risks and attacks.
Spyware is secretly installed into an information system to gather information on individuals or organizations without their knowledge. Spoofing is sending a network message that appears to come from a source other than its actual source.
Models of the conversion process must be able to describe information about which of the following things?
Standard costs of material Material costs Cost of goods manufactured Overhead allocations Labor costs
Which of the following is NOT usually listed under the revenue streams element of a business model canvas?
Personnel expense
Treemaps are similar in purpose to which of the following charts?
Pie charts
Ill-structured problems require careful _____ and attention to detail.
Planning
Which phase of the SDLC begins with a business need for a new or improved information system?
Planning Phase
Which phase of the SDLC includes a feasibility study for a new or improved information system?
Planning Phase
Which phase of the SDLC is used as a basis to get buy-in and funding from upper management?
Planning Phase
True or false: Common benefits of using wireless technology include mobility, rapid deployment, and flexibility and scalability of a network.
True
Management of IT benefits over an investment's life cycle is called the _____ IT framework.
Val
A framework intended to help managers create business value from IT investments is called:
Val IT
Select all that apply Define vulnerability.
Weaknesses or exposures in IT processes that may lead to a business risk, compliance risk, or security risk Characteristics of IT resources that can be exploited by a threat to cause harm to a firm
Consider the tblProductCategory table in Table 7.2; the foreign key (Product category manager) implements the _____ relationship between this type image and the tblPartners agent table.
assignment
Using the asymmetric-key encryption method, _____ can be achieved for electronic transactions.
authentication
In the BPMN activity model of Sunset Graphic's conversion process that includes swimlanes, the first gateway redirects process flow if the _____ is not finished.
batch
In the BPMN activity model of Sunset Graphic's conversion process that includes swimlanes, the second gateway redirects process flow if all _____ are not finished.
batch
In Sunset Graphic's conversion process raw materials are issued into work-in-process based on a _____ of material.
bill
Organizations need to create a business _____ for an IT investment.
case
Dimensions in Tableau are _____ fields.
categorical
Treemaps show relationships among nested
categories
Vertical column charts typically show fewer _____ than horizontal bar charts.
categories
The Sarbanes-Oxley Act of 2002 (SOX) requires management and auditors to report on the ____________ of internal controls over the company's accounting information system.
effectiveness
In the UML class diagram of the conversion process, _____ record costs applied to Work-in-Process.
event
Computer-assisted audit techniques enable auditors to gather and analyze audit _____ to test the adequacy and reliability of financial information and internal controls in a computerized environment.
evidence
True or false: The business model canvas is completely different from a strategy map.
false
The three categories of information technology are _____, network and enterprise.
function
Pert and _____ charts are specific project management tools which help address the time constraint.
gantt
The first step in preparing the data and developing visualizations is to _____ data.
get
An important part of understanding the data involves questioning how the data supports the overall ______ of the visualizations.
goal
The total acquisition cost includes direct and _____ costs required to acquire and deploy technology.
indirect
The discount rate that makes the project's net present value equal to zero is called the _____.
internal rate of return
In the BPMN activity model of Sunset Graphic's conversion process that includes swimlanes, the process finishes when conversion partners place the finished items in inventory and the inventory manager updates the _____ records.
inventory
The _____________ is generally a senior executive who takes responsibility for the success of the project.
project sponsor
Each of the following are implementation steps for Val IT except:
providing oversight of all organization's IT investments programs.
In using asymmetric-key encryption, each user has a pair of two keys, the _____ key and the _____ key.
public private
The general rule associated with the segregation of duties is that accounting controls should be set up to separate (1) custody of assets, (2) authorization of transactions, and (3)______________.
record-keeping responsibilities
The conversion process is inherently more complicated that either the sales and collection or purchase and payment processes because of the increased _____ requirements.
recordkeeping
Disaster _____ planning (DRP) is a process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations when the events occur.
recovery
Part of understanding the data is to find relevant _____ for the data.
sources
Part of getting the Excel data is to convert the raw data into _____
tables
In the relationships view in Power BI, inactive relationships are shown with a _____ line.
dashed
On the left, the Power BI report view screen shows icons representing the three different views: report, _____, and relationships.
data
The _____ view in Power BI lets you calculate new fields and set formatting for fields, such as currency fields.
data
In today's electronic world, most accounting records are stored in a _____
database
The triple constraints of project management are also called ____________.
dempster's triangle
Internal rate of return is the _____ rate that makes the project's net present value equal to zero.
discount
Present value equals the cash flow for each period divided by one plus the _____ rate to the power "t."
discount
How many core principles of effective information technology planning are advocated by the International Federation of Accountants?
10
Which of the following is NOT something the project plan would include?
Current processes documentation
Which of the following is NOT true about data visualizations.
Data visualizations are the only way to present data
True or false: A BPMN activity model of Sunset Graphic's conversion process would not need swimlanes because there is only one function involved.
False
Rank the steps in the balanced scorecard management process in the sequence that they should occur.
Formulate Translate Link Monitor Adapt
All but the following are examples of direct operating costs incurred after implementing an IT project.
IT implementation costs
Which of the following is NOT an element of the business model canvas?
Key technologies
Match each situation below with the correct type of vulnerability.
No regular review of a policy that identifies how IT equipments are protected against environmental threats ----- Vulnerabilities within a physical IT environment Software not patched immediately ----- Vulnerabilities within an information system Poor user access management allows some users to retrieve sensitive information not pertaining to their roles and responsibilities ----- Vulnerabilities within the processes of IT operations Failure to terminate unused accounts in a timely manner ----- Vulnerabilities within an information system
Why do we need to use digital signatures in conducting e-business?
Obtain data integrity
Using the two-key encryption method for authentication, we need to be careful about how the keys are used. Select all correct answers regarding key usage in authentication from the list below.
Only the pair of one user's two keys is used for encryption and decryption. Public key management is very important because we use public keys to authenticate others in conducting e-business.
Virtualization and ______ computing are considered good alternatives to back up data and applications.
cloud
For horizontal bar charts, the purpose is to _____ information among categories.
compare
When considering "benefit dependency", IT functionality and _____ are precursors to business process change.
complementary changes
Good information security ensures that systems and their contents remain the same for integrity. In general, the goal of information security management is to protect the _____, integrity, and availability (CIA) of a firm's information.
confidentiality
General security objectives for both wired LANs and wireless LANs include: _____, _____, _____, and access control.
confidentiality integrity availability
A weakness of the payback period is _____.
it ignores the time value of money
Measures are ______ fields
numeric
True or false: Cybersecurity is highly technical and not relevant to CPA.
False
True or false: Excel is always the best visualization tool.
False
True or false: Bar charts compare information among categories.
True
Select the correct definition of a digital signature.
A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's private key.
Similar to an enterprise risk assessment, a computer fraud risk assessment focuses on fraud schemes and scenarios to determine whether the controls exist and how the controls can be circumvented. List computer fraud risk assessments in sequence.
1. Identifying relevant IT fraud risk factors 2. Identifying and prioritizing potential IT fraud schemes 3. Mapping existing controls to potential fraud schemes and identifying gaps 4. Testing operating effectiveness of fraud prevention and detection controls 5. Assessing the likelihood and impact of a control failure and/or a fraud incident
Rank the following elements of Sunset's conversion process in sequence.
1. Manger authorizes production 2. Issues material into WIP 3. Construct the items 4. Place completed items in inventory
Match the numbers on the generic conversion process diagram with the business purpose of the association.
1. R/M that are issued to Work-in-Process 2. Finished Goods that increase when Work-in-Process completes 3. Employee that issues the raw materials 4. Employee that authorizes production 5. Employees that work in the process
Match individual computer fraud schemes with the oversights.
195 illegitimate drivers' licenses are created and sold by a police communications officer ----- Lack of authentication and role-based access control requirements An employee entered fake health insurance claims into the system, and profited $20 million ----- Lack of consideration for security vulnerabilities posed by authorized system access A computer technician uses his unrestricted access to customers' systems to plant a virus on their networks that brings the customers' systems to a halt. ----- Lack of access control to all customers' systems A foreign currency trader covers up losses of millions over a 5-year period by making unauthorized changes to the source code. ----- Lack of code reviews; improper change management
The relevant time frame for most IT initiatives is _____ years or less, since technology changes rapidly.
3
Information technology can affect all _____ elements of the business model canvas.
9
Who plays a major role in telling systems developers the specific information needs in an accounting information system?
Accountants
Select all that apply Which of the following are relevant costs of IT investments?
Acquisition costs Maintenance costs
Match the description with the name of the IT project risk category.
Alignment ----- solution is not aligned with firm strategy Solution ----- solution will not deliver projected benefits Financial ----- solution will not deliver expected financial performance Technological ----- technology will not deliver expected benefits Change ----- part of firm will not be able to change
Select all that apply Which of the following are true about IT investments?
As much as 20% of IT spending is wasted. They involve substantial costs. They offer opportunities to create value.
List the sequence of steps in the economic justification process in order of occurrence.
Assess business requirements Identify potential solutions Estimate costs, benefits, and risks Assess value propsition
Select all that apply Select correct statements regarding asymmetric-key encryption methods.
Asymmetric-key encryption is also called public-key encryption. Asymmetric-key encryption is also called two-key encryption. Asymmetric-key encryption is slow and is not appropriate for encrypting large data sets.
Select all that apply What is the white-box approach in auditing systems? Select all statements that apply.
Auditors need to create test cases to verify specific logic and controls in a system. It requires auditors to understand the internal logic of the system/application being tested.
Select the best answer in describing the authentication process.
Authentication can prevent repudiation while conducting transactions online.
In Sunset Graphic's conversion process when the quantity on hand of a product drops below the minimum level, the item manager production _____ to increase the quantity on hand.
Authorizes
What is the common practice in using symmetric-key encryption and asymmetric-key encryption methods in conducting e-business?
Both parties use the asymmetric-key encryption method to distribute the symmetric key securely. Both parties use the asymmetric-key encryption method to authenticate each other.
To authenticate the receiver (B), the sender (A) e-mails a challenge message to B. B will use _____ (tip: A's or B's) private key to encrypt the challenge message and send it to A. If A is able to use _____ (tip: A's or B's) public key to decrypt and get the plain text of the challenge message, A has authenticated B successfully.
B's B's
Your UML class diagram should link with the _____ diagrams and capture information about each data object in the BPMN activity diagrams.
BPMN or activity
_____ prioritizing the alternative IT initiatives based on the financial metrics, the project team should test the impact of changes in assumptions on the various financial metrics of the project.
Before
Which of the following are included in the typical accounting transactions for the conversion process?
Debit Finished Goods Inventory; credit Work-in-Process Inventory Debit Work-in-Process Inventory; credit Manufacturing Wages Debit Work-in-Process Inventory; credit Raw Material Inventory
Which of the following businesses are likely to use a conversion process?
Dell Computer Company Molson Coors Brewing Company Jelly Belly Candy Company
What does the design phase of the SDLC do?
Describes in detail the desired features of the system.
Which phase of the SDLC describes in detail the desired features of the system?
Design Phase
Which of the following are objectives for process steps in Sunset Graphic's conversion process?
Direct labor costs are recorded promptly and accurately. Appropriate partner authorizes production to meet expected demand.
Select all that apply Which of the following are examples of direct operating costs after implementing an IT project?
Disposal costs Maintenance contracts Software upgrades
True or false: A local area network is a group of computers, printers, and other devices connected to the same network and covers a large geographic range such as a city, a county, or a state.
False
Which of the following can help companies achieve a positive return on investment for their IT investments according to IndustryWeek magazine?
Employ a formal, structured approach
Which of the following are elements of the generic conversion process UML class model?
Employees Raw Materials Issue Raw Materials Bill of material Finished Goods
Select all that apply Select the correct concepts regarding encryption.
Encryption is a preventive control. Encryption provides confidentiality and privacy for data transmission and storage.
_____ IT are those that restructure interactions within the organization as well as with external partners.
Enterprise
Which of the following types of businesses are likely to use a conversion process?
Equipment manufacturing Restaurants Automobile repair
Select all that apply Which of the following must be determined to use capital budgeting techniques for each IT alternative?
Establish relevant time frame Select appropriate discount rate Assess sensitivity to assumptions
The main factors in encryption are key length, encryption algorithm, and key management. Select the correct statement regarding encryption.
Establishing a policy on key management is essential for information security.
Select all that apply What are the main purposes of AICPA cybersecurity risk management framework?
Evaluate a company's cybersecurity controls . Describe a company's cybersecurity risk management system.
To record equipment use in Work-in-Process, the UML class diagram would include an Equipment Operations _____ to record the costs.
Events
True or false: Budget planning is one of the 10 core principles of effective information technology planning.
False
Match the processes for vulnerability assessment and vulnerability management.
Identification ----- Vulnerability assessment Risk assessment ----- Vulnerability assessment Remediation ----- Vulnerability management Maintenance ----- Vulnerability management
Which of the following would NOT be part of creating BPMN diagrams to describe a process?
Identify the resources, agents, and events
Which phase of the SDLC involves development and testing of the system?
Implementation Phase
Which phase of the SDLC involves placing the system into production such that users can actually use the system that has been designed for them?
Implementation Phase
Select all that apply Which of the following are examples of network IT?
Instant messaging Email software
Good information security ensures that systems and their contents remain the same for integrity. In general, the goal of information security management is to protect the confidentiality, _____, and _____ (CIA) of a firm's information.
Integrity Availability
Select all that apply Which of the following financial metrics consider the time value of money?
Internal rate of return Net present value
Match the accounting transaction with the step in the BPMN activity diagram for Sunset Graphics.
Issue Raw material ----- Debit work-in-Process; Credit Raw Material Inventory Perform work ----- Debit Work-in-Process; Credit Manufacturing Wages and Overhead Complete Product- ion ----- Debit finished Goods Inventory; credit Work-in-Process Authorize production ----- No accounting transaction required
Identify the major steps in the conversion process shown in the generic UML class diagram.
Issue raw material Authorize production
Which of the following is NOT a feature of the business model canvas?
It does not show the impact of IT
What is a message digest?
It is a result of a hashing process such as using the SHA-256 algorithm.
Select all that apply What is the black-box approach in auditing systems? Select all statements that apply.
It is adequate when automated systems applications are relatively simple. It is to audit around the computer. The advantage of this approach is that the systems will not be interrupted for auditing purposes.
Select the correct statement regarding the black-box approach in auditing systems.
It is also called auditing around the computer.
Select all that apply What is a digital signature?
It is encrypted using the private key of the creator of document or data file. It is a message digest (MD) of a document or a data file. The process of getting a message digest (MD) is called hashing.
In the typical conversion process, Work-in-Process inventory is the sum of raw material issued, labor used, and manufacturing _____ allocated.
Overhead
Select all that apply Which of the following are project management tools to help address time constraints?
PERT charts Gantt charts
Which of the following are access controls over Sunset Graphic's conversion process?
Partner authorizing production can't modify inventory records. Partner issuing material can't modify bill of material.
What term in the Technology Acceptance Model (TAM) defines the extent to which a person believes that the use of a particular system would be free of effort?
Perceived Ease of Use
Since 2003, information security management has been ranked as the top one technology issue for CPAs. According to AICPA, information security management is "an integrated, systematic approach that coordinates people, policies, standards, _____, _____ used to safeguard critical systems and information from internal and external security threats."
Process Control
Select all that apply Which of the following correctly describe relationships among the four balanced scorecard perspectives?
Process affects Customer Process affects Financial Learning and Growth affects Process
Which of the following are indicated by this BPMN diagram of Sunset Graphic's conversion process?
Process loops until the batch is complete Process loops until all batches are complete Intermediate error indicates quality failures
Refer to the UML class diagram of Sunset's conversion process; which of the following tables would pick up foreign keys when the diagram is implemented in relational tables?
Products Material Issue Bill of Material Production Authorization Labor Operations
Select all that apply A fraud prevention and detection program starts with a fraud risk assessment across the entire firm. Select correct statements on the role(s) of the audit committee on fraud risk assessment, prevention and detection.
The audit committee has an oversight role in the fraud risk assessment process. The audit committee interacts with external auditor to ensure that fraud assessment results are properly communicated. The audit committee works with the internal audit group to ensure that the fraud prevention/detection program remains an ongoing effort.
Select all that apply The business case should focus on which of the following?
The change and proposed technology The likelihood of achieving the benefits The anticipated benefits
Select all that apply What are the main concerns of cloud user companies on the cloud service providers?
The cloud service provider's financial viability The security of the cloud computing systems and networks Whether the cloud service provider's internal controls are properly designed and effective
Who is responsible to prevent and catch fraud?
The management
Select all that apply Because research indicates that more than half of the malicious incidents in IT security are caused by insider abuse and misuse, firms should implement a sound system of internal controls to prevent and detect frauds perpetrated by insiders. Which of the following conditions often exist for a fraud to be perpetrated?
The perpetrator is pressured with a reason to commit fraud. There is an opportunity for fraud to be perpetrated. The perpetrator has an attitude to rationalize the fraud.
Consider the tblBill_of_Material table shown in Table 7.2. Which of the following would best describe the structure of that table if it was a linking table instead of a type image?
The primary key would change
Which of the following is not a product characteristic that affects customers' willingness to buy?
The product supplier
Which of the following best describes why there is no work-in-process inventory resource in a UML class model of the conversion process?
The value of work-in-process can be calculated.
Which of the following is NOT true of pie charts?
They compare values across time
Which of the following is NOT true about line charts?
They show distribution of a single variable
Select all that apply Identify the main purposes for a wide area network (WAN).
To provide remote access to employees or customers To link various sites within the firm To provide corporate access to the Internet
True or false: According to IndustryWeek magazine, a formal, structured approach that links IT investment to business performance can help avoid return on IT investment problems by providing a focus that is often missing.
True
Select all that apply Which of the following is an example of function IT?
Word processing software Spreadsheet software Map applications
In our electronic world, all or most accounting records are stored in a database. A database is:
a shared collection of logically related data that meets the information needs of a firm
A wireless network is comprised of two fundamental architectural components: _____ and _____
access stations
Scope creep is the broadening of a project's scope that occurs ______ the project has started.
after
Management is responsible for fraud risk assessments, while the _____ _____ typically has an oversight role in this process.
audit committee
The Sarbanes-Oxley Act of 2002 (SOX) requires management and _________ to report on the effectiveness of internal controls over the company's accounting information system.
auditors
The general rule associated with the segregation of duties is that accounting controls should be set up to separate (1) custody of assets, (2) ______________, and (3) record-keeping responsibilities.
authorization of transactions
Both payback period and _____ analysis both compare the costs with benefits of an IT project with considering the time value of money.
breakeven
The UML class diagram of the conversion process does not show a Work-in-Process resource, since the the value of the Work-in-Process inventory can be _____ at any time.
calculated
When using asymmetric-key encryption method in e-business, a _____ authority (CA) is a trusted entity that issues and revokes digital certificates. A digital certificate indicates the subscriber identified in the certificate with sole control and access to the private key, and binds the name of a subscriber to a public key.
certificate or certification
When joining two tables in Tableau, the overlapping _____ indicate the type of join.
circles
Common security objectives for both wired and wireless networks include: confidentiality, integrity, availability, and access control. Select the correct explanation for each term.
confidentiality ----- Communication cannot be read by unauthorized parties. integrity ----- Detect any intentional or unintentional changes to the data during transmission. availability ----- Devices and individuals can access a network and its resources whenever needed. access control ----- Restrict the rights of devices or individuals to access a network or resources within a network.
Accounting-based measures _____ the success of the firm's investments in learning and growth, process performance, and ability to deliver value to customers.
confirm
Disaster recovery planning is the process of rebuilding the operations and infrastructure after a disaster has occurred. Business _____ management (BCM) refers to the activities required to keep a firm running during a period of displacement or interruption of normal operations.
continuity
With _____ auditing, theoretically, an audit report/opinion can be issued simultaneously with, or shortly after, the occurrence of the events under review.
continuous
A _____ _____ occurs when audit-related activities are performed on a continuous basis.
continuous audit
It is important that a cloud user company obtains and reviews a service organization control (SOC) report from the cloud provider prior to signing an agreement for the service. Such a report provides stringent audit requirements, with a stronger set of _____ on the cloud computing service provider.
control
The __________ process is inherently more complicated than either the sales and collection process or the purchases and payments process.
conversion
Both disaster recovery planning (DRP) and business continuity management (BCM) are the most critical ____ controls, and DRP is a key component of BCM.
corrective
The three constraints of project management include scope, time, and ________.
cost
IT projects offer important benefits to organizations but also involve substantial _____
costs
In the queries, you need to set _____ to constrain transactions to the first quarter or other appropriate date range.
criteria
The _____ path is the longest path for a project and represents the minimum amount of time needed for the completion of the project when sufficient resources are allocated.
critical
Creating accurate BPMN diagrams is often an _____ process.
iterative
Public ____ infrastructure (PKI) is an arrangement that issues digital certificates to users and servers, manages the key issuance, and verifies and revokes certificates by means of a certificate authority.
key
The _____ and _____ perspective describes the firm's objectives for improvements in tangible and intangible infrastructure.
learning growth
Computer frauds also happen during the systems development ______ cycle (SDLC).
life
A _____ _____ _____ (LAN) is a group of computers, printers, and other devices connected to the same network and covers a limited geographic range such as a home, small office, or a campus building.
local area network
The business case should specify how _____ the project is expected to take.
long
The critical path is the _____ path for a project and represents the minimum amount of time needed for the completion of the project when sufficient resources are allocated.
longest
The maintenance phase of the SDLC involves ___________________
making changes, corrections, and upgrades to the system
After developing a strategy map, companies then plan, implement, and monitor performance using the balanced scorecard _____ process.
management
The processes and systems within the focal organization must be able to respond to incoming _____ flows.
message
To create a digital signature, the document creator must use his or her own private key to encrypt the _____ _____(MD), so the digital signature also authenticates the document creator.
message digest
Understanding the data also includes selection of appropriate _____
metrics
A common security threat, _____, is that the attacker steals or makes unauthorized use of a service.
misappropriation
Select all that apply The balanced scorecard management process allows companies to:
monitor their performance describe their implementation strategy
You can use Value Field Settings to specify a Custom _____ for a field.
name
The three categories of information technology are function, _____, and enterprise.
network
Benefits should be measured in comparison to the revenues and costs that will occur if the IT initiative is _____ implemented.
not
The 15-15 rule of project management suggests that if the project is 15% over budget or 15% _______________, it will likely never recoup the time or cost necessary to be considered successful.
off the desired schedule
The _____ system is the most important system software because it performs the tasks that enable a computer to operate.
operating
According to the fraud triangle, three conditions exist for a fraud to be perpetrated: incentive or pressure, _____, and rationalization.
opportunity
The 15-15 rule of project management suggests that if the project is 15% ___________ or 15% off the desired schedule, it will likely never recoup the time or cost necessary to be considered successful.
over budget
